ansible-role-cis-amazon-linux icon indicating copy to clipboard operation
ansible-role-cis-amazon-linux copied to clipboard

Published 20 hours ago verified publisher icon anthcourtney

unix socker connection error

Open ghost opened this issue 5 years ago • 4 comments

Hello, general question. we are having issues when one of our tools is trying to connect to the socket /var/run/docker.sock when we have applied the playbook. not 100% sure why its not working right. it can be cURL fine. the file has very liberal access so its not that. the issues only happens after the role has been applied.

any idea what part of the role could have this impact ?


2019-03-20 09:46:13,480 +0000 [MTP-ResponseMessages-2] WARN  com.sumologic.scala.collector.blade.docker.DockerDelegate - Failed rebuilding client

2019-03-20 09:46:13,481 +0000 [MTP-ResponseMessages-2] ERROR com.sumologic.scala.collector.blade.LocalBladeManager - Error while configuring blade: com.sumologic.scala.collector.blade.docker.DockerLogBlade@7e3eb61

javax.ws.rs.ProcessingException: Could not initialize class org.newsclub.net.unix.NativeUnixSocket

        at org.glassfish.jersey.client.ClientRuntime.invoke(ClientRuntime.java:261)

        at org.glassfish.jersey.client.JerseyInvocation$1.call(JerseyInvocation.java:684)```

ghost avatar Apr 03 '19 13:04 ghost

I can't find any reference to /var/run other than 4.1.8 and 4.1.9 (used for login auditing), so file-system permission issue is very unlikely, unless something else overrode the permission and as the network access is via socket file, not sure if firewall rules can cause it.

I would suggest first apply the roles one section at a time to pin point the section and then narrow down from there.

chandanchowdhury avatar Apr 05 '19 14:04 chandanchowdhury

Hi @steven-cuthill-otm, could you please try running the playbook excluding 3.4.2 and let us know what you find?

chandanchowdhury avatar Apr 29 '19 19:04 chandanchowdhury

Sure, will give that a try tomorrow and report back.

Steve

On Mon, 29 Apr 2019 at 20:21, i_virus [email protected] wrote:

Hi @steven-cuthill-otm https://github.com/steven-cuthill-otm, could you please try running the playbook excluding 3.4.2 and let us know what you find?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/anthcourtney/ansible-role-cis-amazon-linux/issues/55#issuecomment-487709591, or mute the thread https://github.com/notifications/unsubscribe-auth/AKBPQZS66ZSY4HBHSWFX2ALPS5DE7ANCNFSM4HDKLNZA .

--

Steven Cuthill DevOps Manager

[email protected] www.onthemarket.com

Download the OnTheMarket.com app...

https://itunes.apple.com/gb/app/onthemarket.com-property-search/id960416200?mt=8 https://play.google.com/store/apps/details?id=com.onthemarket.mobile&hl=en_GB

Follow us on...

https://www.facebook.com/Onthemarketcom-1500133890261960/ https://twitter.com/OnTheMarketCom https://www.linkedin.com/company/onthemarket

ghost avatar Apr 29 '19 19:04 ghost

Hi @chandanchowdhury , yup so already had this excluded, here are the list we already set.

vars: cis_level_1_exclusions: - 1.3.1 #Don't install AIDE - 5.4.4 #Don't set umask to 027 - 3.6.1 #Don't install iptables - 3.6.2 #Don't set default firewall policy to "DROP" - 3.6.3 #Don't configure loopback traffic in firewall policy - 3.6.4 #Don't set iptables outbound configuration - 3.6.5 #Don't set iptables rules for open ports - 3.4.2 #Don't set hosts.allow - 3.4.3 #Don't set hosts.deny

ghost avatar May 13 '19 12:05 ghost