Replace debug with fail
Closes-bug: 1506185 Change-Id: I7d7c18d00eae1dac1a88e17c719d8603564bcc9a
This commit is contained in:
Major Hayden
parent
90b6e48f21
commit
1775dab3c9
@ -24,7 +24,7 @@
|
|||||||
changed_when: "v38476_result.rc != 0"
|
changed_when: "v38476_result.rc != 0"
|
||||||
|
|
||||||
- name: V-38476 - Vendor-provided cryptographic certificates must be installed to verify the integrity of system software.
|
- name: V-38476 - Vendor-provided cryptographic certificates must be installed to verify the integrity of system software.
|
||||||
debug:
|
fail:
|
||||||
msg: "FAILED: Missing Ubuntu 14.04 Archive signing keys"
|
msg: "FAILED: Missing Ubuntu 14.04 Archive signing keys"
|
||||||
when: "'437D05B5' not in v38476_result.stdout or 'C0B21F32' not in v38476_result.stdout"
|
when: "'437D05B5' not in v38476_result.stdout or 'C0B21F32' not in v38476_result.stdout"
|
||||||
tags:
|
tags:
|
||||||
@ -43,15 +43,14 @@
|
|||||||
- name: Search for AllowUnauthenticated in /etc/apt/apt.conf.d/ (for V-38462)
|
- name: Search for AllowUnauthenticated in /etc/apt/apt.conf.d/ (for V-38462)
|
||||||
command: grep -r AllowUnauthenticated /etc/apt/apt.conf.d/
|
command: grep -r AllowUnauthenticated /etc/apt/apt.conf.d/
|
||||||
register: v38462_result
|
register: v38462_result
|
||||||
failed_when: "'No such file' in v38462_result.stderr"
|
changed_when: False
|
||||||
changed_when: "v38462_result.rc == 0"
|
|
||||||
tags:
|
tags:
|
||||||
- auth
|
- auth
|
||||||
- cat1
|
- cat1
|
||||||
- V-38462
|
- V-38462
|
||||||
|
|
||||||
- name: V-38462 - Package management tool must verify authenticity of packages
|
- name: V-38462 - Package management tool must verify authenticity of packages
|
||||||
debug:
|
fail:
|
||||||
msg: "FAILED: Remove AllowUnauthenticated from files in /etc/apt/apt.conf.d/ to ensure packages are verified."
|
msg: "FAILED: Remove AllowUnauthenticated from files in /etc/apt/apt.conf.d/ to ensure packages are verified."
|
||||||
when: "v38462_result.rc == 0"
|
when: "v38462_result.rc == 0"
|
||||||
tags:
|
tags:
|
||||||
|
|||||||
@ -62,8 +62,7 @@
|
|||||||
- name: V-38497 - The system must not have accounts configured with blank or null passwords.
|
- name: V-38497 - The system must not have accounts configured with blank or null passwords.
|
||||||
command: grep nullok /etc/pam.d/common-auth
|
command: grep nullok /etc/pam.d/common-auth
|
||||||
register: v38497_result
|
register: v38497_result
|
||||||
changed_when: v38497_result.rc != 0
|
changed_when: False
|
||||||
failed_when: "'No such file' in v38497_result.stderr"
|
|
||||||
tags:
|
tags:
|
||||||
- auth
|
- auth
|
||||||
- cat1
|
- cat1
|
||||||
@ -72,7 +71,7 @@
|
|||||||
# Print a warning about making a change. We ought to figure out a better way
|
# Print a warning about making a change. We ought to figure out a better way
|
||||||
# to capture this later.
|
# to capture this later.
|
||||||
- name: V-38497 - The system must not have accounts configured with blank or null passwords.
|
- name: V-38497 - The system must not have accounts configured with blank or null passwords.
|
||||||
debug:
|
fail:
|
||||||
msg: "FAILED: Remove 'nullok' from /etc/pam.d/system-auth for better security."
|
msg: "FAILED: Remove 'nullok' from /etc/pam.d/system-auth for better security."
|
||||||
when: "v38497_result.rc == 0"
|
when: "v38497_result.rc == 0"
|
||||||
tags:
|
tags:
|
||||||
@ -101,7 +100,7 @@
|
|||||||
- V-38491
|
- V-38491
|
||||||
|
|
||||||
- name: V-38491 - No .rhosts or hosts.equiv present on system
|
- name: V-38491 - No .rhosts or hosts.equiv present on system
|
||||||
debug:
|
fail:
|
||||||
msg: "FAILED: Remove all .rhosts and hosts.equiv files"
|
msg: "FAILED: Remove all .rhosts and hosts.equiv files"
|
||||||
when: v38491_equiv_check.stat.exists == True or v38491_rhosts_check.stat.exists == True
|
when: v38491_equiv_check.stat.exists == True or v38491_rhosts_check.stat.exists == True
|
||||||
tags:
|
tags:
|
||||||
@ -132,15 +131,14 @@
|
|||||||
- name: Search /etc/passwd for password hashes (for V-38499)
|
- name: Search /etc/passwd for password hashes (for V-38499)
|
||||||
shell: "awk -F: '($2 != \"x\") {print}' /etc/passwd | wc -l"
|
shell: "awk -F: '($2 != \"x\") {print}' /etc/passwd | wc -l"
|
||||||
register: v38499_result
|
register: v38499_result
|
||||||
changed_when: "v38499_result.stdout != '0'"
|
changed_when: False
|
||||||
failed_when: "'No such file' in v38499_result.stderr"
|
|
||||||
tags:
|
tags:
|
||||||
- auth
|
- auth
|
||||||
- cat2
|
- cat2
|
||||||
- V-38499
|
- V-38499
|
||||||
|
|
||||||
- name: V-38499 - The /etc/passwd file must not contain password hashes
|
- name: V-38499 - The /etc/passwd file must not contain password hashes
|
||||||
debug:
|
fail:
|
||||||
msg: "FAILED: Remove password hashes from /etc/password to remediate"
|
msg: "FAILED: Remove password hashes from /etc/password to remediate"
|
||||||
when: "v38499_result.stdout != '0'"
|
when: "v38499_result.stdout != '0'"
|
||||||
tags:
|
tags:
|
||||||
@ -178,8 +176,7 @@
|
|||||||
- name: Check if vsftpd installed (for V-38599)
|
- name: Check if vsftpd installed (for V-38599)
|
||||||
shell: dpkg --status vsftpd
|
shell: dpkg --status vsftpd
|
||||||
register: v38599_result
|
register: v38599_result
|
||||||
changed_when: v38599_result.rc == 0
|
changed_when: False
|
||||||
failed_when: v38599_result.rc > 1
|
|
||||||
tags:
|
tags:
|
||||||
- auth
|
- auth
|
||||||
- cat2
|
- cat2
|
||||||
|
|||||||
@ -24,14 +24,13 @@
|
|||||||
- name: Search for .netrc files (for V-38619)
|
- name: Search for .netrc files (for V-38619)
|
||||||
shell: find /root /home -xdev -name .netrc | wc -l
|
shell: find /root /home -xdev -name .netrc | wc -l
|
||||||
register: v38619_result
|
register: v38619_result
|
||||||
changed_when: v38619_result.rc != 0
|
changed_when: False
|
||||||
failed_when: "'No such file' in v38619_result.stdout"
|
|
||||||
tags:
|
tags:
|
||||||
- cat2
|
- cat2
|
||||||
- V-38619
|
- V-38619
|
||||||
|
|
||||||
- name: V-38619 - There must be no .netrc files on the system
|
- name: V-38619 - There must be no .netrc files on the system
|
||||||
debug:
|
fail:
|
||||||
msg: "FAILED: .netrc files found -- they must be removed"
|
msg: "FAILED: .netrc files found -- they must be removed"
|
||||||
when: v38619_result.stdout != '0'
|
when: v38619_result.stdout != '0'
|
||||||
tags:
|
tags:
|
||||||
@ -86,7 +85,7 @@
|
|||||||
- V-38624
|
- V-38624
|
||||||
|
|
||||||
- name: V-38624 - System logs must be rotated daily (verify cron job)
|
- name: V-38624 - System logs must be rotated daily (verify cron job)
|
||||||
debug:
|
fail:
|
||||||
msg: "FAILED: Cron job for logrotate is missing"
|
msg: "FAILED: Cron job for logrotate is missing"
|
||||||
when: v38624_result.stat.exists == False
|
when: v38624_result.stat.exists == False
|
||||||
tags:
|
tags:
|
||||||
|
|||||||
@ -36,7 +36,7 @@
|
|||||||
- V-38460
|
- V-38460
|
||||||
|
|
||||||
- name: V-38460 - The NFS server must not have the all_squash option enabled
|
- name: V-38460 - The NFS server must not have the all_squash option enabled
|
||||||
debug:
|
fail:
|
||||||
msg: "FAILED: Remove all_squash from /etc/exports"
|
msg: "FAILED: Remove all_squash from /etc/exports"
|
||||||
changed_when: v38460_result.rc == 0
|
changed_when: v38460_result.rc == 0
|
||||||
when: exports.stat.exists and v38460_result.rc == 0
|
when: exports.stat.exists and v38460_result.rc == 0
|
||||||
@ -56,7 +56,7 @@
|
|||||||
- V-38677
|
- V-38677
|
||||||
|
|
||||||
- name: V-38677 - The NFS server must not have the insecure_locks option enabled
|
- name: V-38677 - The NFS server must not have the insecure_locks option enabled
|
||||||
debug:
|
fail:
|
||||||
msg: "FAILED: Remove insecure_locks from /etc/exports"
|
msg: "FAILED: Remove insecure_locks from /etc/exports"
|
||||||
changed_when: v38677_result.rc == 0
|
changed_when: v38677_result.rc == 0
|
||||||
when: exports.stat.exists and v38677_result.rc == 0
|
when: exports.stat.exists and v38677_result.rc == 0
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user