ansible-collection-hardening icon indicating copy to clipboard operation
ansible-collection-hardening copied to clipboard

Published 20 hours ago verified publisher icon dev-sec

After os_hardening [email protected] fails on Debian

Open graudeejs opened this issue 2 years ago • 1 comments

Description

After executing os_hardening role on Debian servers [email protected] fails after server reboot. In my case my user has UID 1000, so [email protected] fails.

-- Boot af0d58da83704a77894a9f5655c15372 --
Dec 28 17:11:48 upc-pl-pg-01 systemd[1]: Starting User Manager for UID 1000...
Dec 28 17:11:48 upc-pl-pg-01 systemd[659]: pam_unix(systemd-user:session): session opened for user graudeejs(uid=1000) by (uid=0)
Dec 28 17:11:48 upc-pl-pg-01 systemd[659]: Failed to determine supported controllers: No such process
Dec 28 17:11:48 upc-pl-pg-01 systemd[659]: Failed to allocate manager object: No such process
Dec 28 17:11:48 upc-pl-pg-01 systemd[1]: [email protected]: Main process exited, code=exited, status=1/FAILURE
Dec 28 17:11:48 upc-pl-pg-01 systemd[1]: [email protected]: Failed with result 'exit-code'.
Dec 28 17:11:48 upc-pl-pg-01 systemd[1]: Failed to start User Manager for UID 1000.

Reproduction steps

1. Create new Debian server (Debian 10 or 11).
2. Deploy os_hardening role
3. reboot server
4. SSH into server and run `systemctl list-units --failed` to see, which services failed

Current Behavior

[email protected] service fails after server reboot post os_hardening

Expected Behavior

[email protected] service keeps working after server reboot post os_hardening

OS / Environment

Debian 10, Debian 11

Ansible Version

ansible [core 2.14.0]
  config file = /home/graudeejs/src/graudeejs-infra/ansible.cfg
  configured module search path = ['/home/graudeejs/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /nix/store/658lm2cpsm085jpql2y4583gl7nddggw-python3.10-ansible-core-2.14.0/lib/python3.10/site-packages/ansible
  ansible collection location = /home/graudeejs/src/graudeejs-infra/collections
  executable location = /nix/store/658lm2cpsm085jpql2y4583gl7nddggw-python3.10-ansible-core-2.14.0/bin/ansible
  python version = 3.10.8 (main, Oct 11 2022, 11:35:05) [GCC 11.3.0] (/nix/store/lbn7f0d2k36i4bgfdrjdwj7npy3r3h5d-python3-3.10.8/bin/python3.10)
  jinja version = 3.1.2
  libyaml = True

Collection Version

8.4.0

Additional information

The issue is not specific to Ansible version. The issue has been around for a long time (first noticed in 7.14.1, but possibly was present before that).

graudeejs avatar Dec 28 '22 17:12 graudeejs