Project

General

Profile

Bug #13065

Package repository keys Technique in Audit Mode : Missing Reports

Added by Mikaël Mantel 5 months ago. Updated about 2 months ago.

Status:
Released
Priority:
N/A
Category:
Techniques
Target version:
Severity:
User visibility:
Effort required:
Priority:
0

Description

Hello,

On rudder 4.3.3, with a Ubuntu 14.04 Node, if i use this technique (Package repository keys 1.1) in enforce mode, i don't have any problem, but if i use the audit mode, i have a missing reports status.

This is the output of 'rudder agent run' on this node (with the directive in audit mode) :

Rudder agent 4.3.3-trusty0
Node uuid: 1d87a2d3-0805-41cb-b52d-3d3328e2f206
Start execution with config [20180726-114831-ec0e52a0]

M| State Technique Component Key Message
E| compliant Common Update Policy, tools and configuration library are already up to date. No action required.
E| compliant Common ncf Initialization Configuration library initialization was correct
E| compliant Common Security parameters The internal environment security is acceptable
E| n/a Common Process checking Rudder agent proccesses check is done by the rudder-agent cron job
E| compliant Common CRON Daemon Cron daemon status was correct
E| compliant Common Log system for reports Logging system for report centralization is already correctly configured
E| compliant Common Binaries update The agent binaries in /var/rudder/cfengine-community/bin are up to date
E| compliant Inventory inventory Next inventory scheduled between 00:00 and 06:00
E| compliant packageManagement Package vim Presence of package vim in any version was correct
E| compliant packageManagement Package screen Presence of package screen in any version was correct
E| compliant packageManagement Package git Presence of package git in any version was correct
E| compliant packageManagement Package htop Presence of package htop in any version was correct
E| compliant packageManagement Package dnsutils Presence of package dnsutils in any version was correct
E| compliant packageManagement Package tcpdump Presence of package tcpdump in any version was correct
E| compliant packageManagement Package aptitude Presence of package aptitude in any version was correct
E| compliant packageManagement Package mtr Presence of package mtr in any version was correct
E| compliant packageManagement Package unzip Presence of package unzip in any version was correct
E| compliant packageManagement Package nmap Presence of package nmap in any version was correct
E| compliant packageManagement Package curl Presence of package curl in any version was correct
E| compliant packageManagement Package lsof Presence of package lsof in any version was correct
E| compliant packageManagement Package molly-guard Presence of package molly-guard in any version was correct
E| compliant packageManagement Package ntp Presence of package ntp in any version was correct
E| n/a packageManagement Post-modification script vim No post-modification script was set to run
E| n/a packageManagement Post-modification script screen No post-modification script was set to run
E| n/a packageManagement Post-modification script git No post-modification script was set to run
E| n/a packageManagement Post-modification script htop No post-modification script was set to run
E| n/a packageManagement Post-modification script dnsutils No post-modification script was set to run
E| n/a packageManagement Post-modification script tcpdump No post-modification script was set to run
E| n/a packageManagement Post-modification script aptitude No post-modification script was set to run
E| n/a packageManagement Post-modification script mtr No post-modification script was set to run
E| n/a packageManagement Post-modification script unzip No post-modification script was set to run
E| n/a packageManagement Post-modification script nmap No post-modification script was set to run
E| n/a packageManagement Post-modification script curl No post-modification script was set to run
/bin/grep: /etc/init/ssh.override: No such file or directory
E| n/a packageManagement Post-modification script lsof No post-modification script was set to run
E| n/a packageManagement Post-modification script molly-guard No post-modification script was set to run
E| n/a packageManagement Post-modification script ntp No post-modification script was set to run
E| compliant ServicesManagement Process ssh ssh didn't need to have its process checked
E| n/a ServicesManagement Advanced options ssh The process range is not to be checked for service ssh
E| compliant ServicesManagement Service starting paramet| ssh The ssh boot starting configuration was correct
E| n/a Common Monitoring No Rudder monitoring information to share with the server

  1. Summary #####################################################################
    40 components verified in 6 directives
    => 40 components in Enforce mode
    -> 23 compliant
    -> 17 not-applicable
    Execution time: 3.62s ################################################################################

Subtasks

Bug #13236: repoGPGKey does not report at all when in audit mode (branch 4.3)ReleasedAlexis MOUSSET

Related issues

Related to Rudder - Bug #12374: Technique GPG Key Management and SSH Key Management don't work in audit modeNew

Associated revisions

Revision ce1f0e73 (diff)
Added by Nicolas CHARLES 4 months ago

Fixes #13065: Package repository keys Technique in Audit Mode : Missing Reports

Revision 79455f51 (diff)
Added by Nicolas CHARLES 4 months ago

Fixes #13065: Package repository keys Technique in Audit Mode : Missing Reports

History

#1 Updated by Nicolas CHARLES 4 months ago

Thank you Mikaël - i was able to reproduce this issue, that was not seen in our tests as we mixed audit and enforce
If all is in audit, we indeed get not reports - i have a quick partial fix, that will allow to report compliant for key already present (and missing for non present key), but the larger fix need to fix https://www.rudder-project.org/redmine/issues/12374, which is a bit more complex

#2 Updated by Nicolas CHARLES 4 months ago

  • Target version set to 4.3.5

#3 Updated by Nicolas CHARLES 4 months ago

  • Related to Bug #12374: Technique GPG Key Management and SSH Key Management don't work in audit mode added

#4 Updated by Nicolas CHARLES 4 months ago

  • Status changed from New to In progress
  • Assignee set to Nicolas CHARLES

#5 Updated by Nicolas CHARLES 4 months ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Nicolas CHARLES to Alexis MOUSSET
  • Pull Request set to https://github.com/Normation/rudder-techniques/pull/1335

#6 Updated by Nicolas CHARLES 4 months ago

  • Status changed from Pending technical review to Pending release

#7 Updated by Nicolas CHARLES 4 months ago

  • Status changed from Pending release to New
  • Assignee deleted (Alexis MOUSSET)

Ha, I wanted to fix the child ticket, but somehow i pushed with wrong ticket id

#8 Updated by Nicolas CHARLES 4 months ago

  • Status changed from New to Pending technical review
  • Assignee set to Alexis MOUSSET
  • Pull Request changed from https://github.com/Normation/rudder-techniques/pull/1335 to https://github.com/Normation/rudder-techniques/pull/1337

#9 Updated by Nicolas CHARLES 4 months ago

  • Status changed from Pending technical review to Pending release

#10 Updated by Vincent MEMBRÉ about 2 months ago

  • Status changed from Pending release to Released
This bug has been fixed in Rudder 4.3.5 and 5.0.1 which were released today.
Changelog
Changelog

Also available in: Atom PDF