Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Test suite: set bash and ansible remediation to verbose mode. #4652

Merged
merged 1 commit into from
Jul 25, 2019
Merged

Test suite: set bash and ansible remediation to verbose mode. #4652

merged 1 commit into from
Jul 25, 2019

Conversation

ggbecker
Copy link
Member

Description:

  • SSG Test Suite: Set verbose mode when applying ansible or bash remediation.

Rationale:

  • It is hard to debug Bash or Ansible remediation if they are not set to verbose mode.

Note: oscap already runs in --verbose DEVEL

@ggbecker ggbecker added Ansible Ansible remediation update. Test Suite Update in Test Suite. Bash Bash remediation update. Python labels Jul 25, 2019
@ggbecker ggbecker added this to the 0.1.46 milestone Jul 25, 2019
@yuumasato
Copy link
Member

@ggbecker Do you have example output of remediation with these verbose parameters?

@ggbecker
Copy link
Member Author

Yes I have. This is the bash remediation output for accounts_umask_etc_bashrc:

Warning: Permanently added '192.168.122.208' (ECDSA) to the list of known hosts.
+ echo 'Remediating rule 1/1: '\''xccdf_org.ssgproject.content_rule_accounts_umask_etc_bashrc'\'''
Remediating rule 1/1: 'xccdf_org.ssgproject.content_rule_accounts_umask_etc_bashrc'
+ var_accounts_user_umask=027
+ grep -q umask /etc/bashrc
+ sed -i 's/umask.*/umask 027/g' /etc/bashrc
+ '[' 0 -eq 0 ']'
Stdout of "/bin/bash -x /xccdf_org.ssgproject.content_rule_accounts_umask_etc_bashrc.sh":

and the ansible remediation (may be too much verbose): https://pastebin.com/CTNkvvuL

@yuumasato
Copy link
Member

@ggbecker Would providing just -v for Ansible remediation provide enough debug info? -vvv outputs too much info.

@ggbecker
Copy link
Member Author

@ggbecker Would providing just -v for Ansible remediation provide enough debug info? -vvv outputs too much info.

I will check it.

@ggbecker ggbecker force-pushed the test-suite-verbose-remediation branch from fc7a769 to 5b282d9 Compare July 25, 2019 14:23
@ggbecker
Copy link
Member Author

ggbecker commented Jul 25, 2019
edited
Loading

@yuumasato It is enough to have -v. I've updated the PR accordingly.

This is an ansible output with -v: https://pastebin.com/fTmDycSi

@yuumasato yuumasato self-assigned this Jul 25, 2019
@yuumasato
Copy link
Member

LGTM, thanks!

@yuumasato yuumasato merged commit f7ca4ca into ComplianceAsCode:master Jul 25, 2019
@ggbecker ggbecker deleted the test-suite-verbose-remediation branch August 27, 2019 11:20
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@yuumasato yuumasato

Labels
Ansible Ansible remediation update. Bash Bash remediation update. Test Suite Update in Test Suite.
Projects
None yet
Milestone
0.1.46
Development

Successfully merging this pull request may close these issues.
2 participants
@ggbecker @yuumasato