-
Notifications
You must be signed in to change notification settings - Fork 85
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Task 4.2.3 fails if a log file vanishes #90
Comments
I'm running into the same issue. I've found one quick fix which significantly reduces the likelihood of the issue occurring, and then another more elaborate solution which fully covers the issue. The quick fix is to modify the when statement in
to:
This prevents ansible.builtin.file from trying to run on a log file where the permissions are already correct. As most log files seem to have the correct permissions by default, this resolves the issue for most situations. The second solution was to create a separate file with a block/rescue which would be used to set the permissions. In the same cis_4.2.3.yml file as before, change:
to:
And the set_perms.yml file:
|
Thanks for this, it's a good solution. I'd still like to see the when check existing permissions as it'll currently loosen a 0600 to 0640. Something like:
|
hi @Atamido I believe this should be resolved in this PR also, i have changed the mode from octal format to symbolic. e.g.
This should allow more restriced files to stay as they are. Kindest regards uk-bolly |
That PR changes the mode for format for 4.1.4.3, which is audit log files. But 4.2.3 still uses the octal format. I think if 4.2.3 were changed to also use symbolic, that would be an improvement. |
Describe the Issue
If during a run, a logfile is configured to say keep X histories but are uniquely named (e.g. sessionlauncher.log.2023-09-21-14-19) and that log file vanishes, then the task will fail.
Expected Behavior
Task ignores the fact a file no longer exists and carries on with the next file.
Actual Behavior
A clear and concise description of what's happening.
Control(s) Affected
4.2.3
Environment (please complete the following information):
branch being used: [e.g. devel]
Ansible Version: [e.g. 2.10]
Host Python Version: [e.g. Python 3.7.6]
Ansible Server Python Version: [e.g. Python 3.7.6]
branch being used: main
Ansible Version: ansible 2.10.8
Host Python Version: 3.10.12
Ansible Server Python Version: 3.10.12 (same - being run locally)
Additional Details:
We are targetting AWS WorkSpaces Ubuntu offering.
Additional Notes
Sample error message:
Possible Solution
Task ignores errors? This feels a little brittle...
The text was updated successfully, but these errors were encountered: