RHEL9-CIS icon indicating copy to clipboard operation
RHEL9-CIS copied to clipboard

Published 20 hours ago verified publisher icon ansible-lockdown

Audit fails with syntax error on ARM64

Open lucab85 opened this issue 1 year ago • 3 comments

Describe the Issue The CIS audit fails with a syntax error on a fresh RHEL 9.2 machine on ARM64 architecture.

Expected Behavior I expect the audit result of the CIS benchmark.

Actual Behavior

TASK [RHEL9-CIS : Pre Audit | Capture pre-audit result] *********************************
fatal: [rhel.example.com]: FAILED! => {"msg": "the field 'args' has an invalid value ({'pre_audit_summary': '{{ pre_audit.stdout | from_json | json_query(summary) }}'}), and could not be converted to an dict.The error was: Expecting value: line 1 column 1 (char 0)\n\nThe error appears to be in '/Users/lberton/.ansible/roles/RHEL9-CIS/tasks/pre_remediation_audit.yml': line 90, column 5, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n  - name: Pre Audit | Capture pre-audit result\n    ^ here\n"}

Control(s) Affected What controls are being affected by the issue

Environment (please complete the following information):

  • branch being used: main
  • Ansible Version: ansible [core 2.15.2]
  • Host Python Version: Python 3.9.16
  • Ansible Server Python Version: python version = 3.11.4
  • Additional Details:

Additional Notes

audit.yml Playbook

---
- name: RHEL9 CIS Audit
  hosts: all
  become: true
  roles:
    - name: "RHEL9-CIS"
      vars:
        setup_audit: true
        run_audit: true

host:

$ cat /etc/os-release 
NAME="Red Hat Enterprise Linux"
VERSION="9.2 (Plow)"

Possible Solution Fix the syntax error in pre_remediation_audit.yml

lucab85 avatar Jul 28 '23 10:07 lucab85

Workaround Playbook:

---
- name: RHEL9 CIS Audit
  hosts: all
  become: true
  roles:
    - name: "RHEL9-CIS"
      vars:
        setup_audit: true
        run_audit: true
        goss_url: https://github.com/goss-org/goss/releases/download/v0.3.23/goss-linux-arm64
        goss_version:
          release: v0.3.23
          checksum: 'sha256:7b0794fa590857e7d64ef436e1a100ca26f6039f269a6138009aa837d27d7f9e'

lucab85 avatar Jul 28 '23 11:07 lucab85

hi @lucab85

Thank you for taking the time raise this issue and highlight the problem you are having. That is indeed a great catch as these benchmarks are only written in they way they are provided against an x86 system. This is a definite improvement with more users moving to arm based chips with both MAC and pi systems. I will add this to make the goss binary work although i feel there could be other inconsistencies especially with the auditd.

One to be added to roadmap for enhancements

many thanks

uk-bolly

uk-bolly avatar Jul 28 '23 14:07 uk-bolly

We're getting the same error in a x86_64 Rocky Linux 9.2 build. So far we've not figured out what changed since it was last successful in early Sept 2023.

Versions: python version = 3.11.2 ansible [core 2.14.2] (ansible-7.2.0-1 package) goss version v0.3.21 (also tried with 0.3.23: "OK - Goss is installed and version is ok (0.3.23 >= 0.3.21)")

lopf avatar Nov 10 '23 08:11 lopf

hi @lucab85 and @lopf

Apologies its taken so long to get this resolved, You should find that this is now resolved and audits now work on arm64 (currently devel, movng to main in the next 10-14days). However you may find some items within the controls are not relevant for ARM and there maybe changes required in the remediation so not to run certain controls if architecture is ARM. Note that the benchmarks are based on x86 machines but we are keen to try and cover alternate archs if we can, so keen to take any PRs regarding this.

Many thanks

uk-bolly

uk-bolly avatar Aug 16 '24 07:08 uk-bolly