Project

General

Profile

Actions

Bug #13065

closed

Package repository keys Technique in Audit Mode : Missing Reports

Added by Anonymous over 6 years ago. Updated about 6 years ago.

Status:
Released
Priority:
N/A
Category:
Techniques
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
Fix check:
Regression:

Description

Hello,

On rudder 4.3.3, with a Ubuntu 14.04 Node, if i use this technique (Package repository keys 1.1) in enforce mode, i don't have any problem, but if i use the audit mode, i have a missing reports status.

This is the output of 'rudder agent run' on this node (with the directive in audit mode) :

Rudder agent 4.3.3-trusty0
Node uuid: 1d87a2d3-0805-41cb-b52d-3d3328e2f206
Start execution with config [20180726-114831-ec0e52a0]

M| State Technique Component Key Message
E| compliant Common Update Policy, tools and configuration library are already up to date. No action required.
E| compliant Common ncf Initialization Configuration library initialization was correct
E| compliant Common Security parameters The internal environment security is acceptable
E| n/a Common Process checking Rudder agent proccesses check is done by the rudder-agent cron job
E| compliant Common CRON Daemon Cron daemon status was correct
E| compliant Common Log system for reports Logging system for report centralization is already correctly configured
E| compliant Common Binaries update The agent binaries in /var/rudder/cfengine-community/bin are up to date
E| compliant Inventory inventory Next inventory scheduled between 00:00 and 06:00
E| compliant packageManagement Package vim Presence of package vim in any version was correct
E| compliant packageManagement Package screen Presence of package screen in any version was correct
E| compliant packageManagement Package git Presence of package git in any version was correct
E| compliant packageManagement Package htop Presence of package htop in any version was correct
E| compliant packageManagement Package dnsutils Presence of package dnsutils in any version was correct
E| compliant packageManagement Package tcpdump Presence of package tcpdump in any version was correct
E| compliant packageManagement Package aptitude Presence of package aptitude in any version was correct
E| compliant packageManagement Package mtr Presence of package mtr in any version was correct
E| compliant packageManagement Package unzip Presence of package unzip in any version was correct
E| compliant packageManagement Package nmap Presence of package nmap in any version was correct
E| compliant packageManagement Package curl Presence of package curl in any version was correct
E| compliant packageManagement Package lsof Presence of package lsof in any version was correct
E| compliant packageManagement Package molly-guard Presence of package molly-guard in any version was correct
E| compliant packageManagement Package ntp Presence of package ntp in any version was correct
E| n/a packageManagement Post-modification script vim No post-modification script was set to run
E| n/a packageManagement Post-modification script screen No post-modification script was set to run
E| n/a packageManagement Post-modification script git No post-modification script was set to run
E| n/a packageManagement Post-modification script htop No post-modification script was set to run
E| n/a packageManagement Post-modification script dnsutils No post-modification script was set to run
E| n/a packageManagement Post-modification script tcpdump No post-modification script was set to run
E| n/a packageManagement Post-modification script aptitude No post-modification script was set to run
E| n/a packageManagement Post-modification script mtr No post-modification script was set to run
E| n/a packageManagement Post-modification script unzip No post-modification script was set to run
E| n/a packageManagement Post-modification script nmap No post-modification script was set to run
E| n/a packageManagement Post-modification script curl No post-modification script was set to run
/bin/grep: /etc/init/ssh.override: No such file or directory
E| n/a packageManagement Post-modification script lsof No post-modification script was set to run
E| n/a packageManagement Post-modification script molly-guard No post-modification script was set to run
E| n/a packageManagement Post-modification script ntp No post-modification script was set to run
E| compliant ServicesManagement Process ssh ssh didn't need to have its process checked
E| n/a ServicesManagement Advanced options ssh The process range is not to be checked for service ssh
E| compliant ServicesManagement Service starting paramet| ssh The ssh boot starting configuration was correct
E| n/a Common Monitoring No Rudder monitoring information to share with the server

  1. Summary #####################################################################
    40 components verified in 6 directives
    => 40 components in Enforce mode
    -> 23 compliant
    -> 17 not-applicable
    Execution time: 3.62s ################################################################################

Subtasks 1 (0 open1 closed)

Bug #13236: repoGPGKey does not report at all when in audit mode (branch 4.3)ReleasedAlexis MoussetActions

Related issues 1 (0 open1 closed)

Related to Rudder - Bug #12374: Technique GPG Key Management and SSH Key Management don't work in audit modeReleasedActions
Actions #1

Updated by Nicolas CHARLES over 6 years ago

Thank you Mikaël - i was able to reproduce this issue, that was not seen in our tests as we mixed audit and enforce
If all is in audit, we indeed get not reports - i have a quick partial fix, that will allow to report compliant for key already present (and missing for non present key), but the larger fix need to fix https://www.rudder-project.org/redmine/issues/12374, which is a bit more complex

Actions #2

Updated by Nicolas CHARLES over 6 years ago

  • Target version set to 4.3.5
Actions #3

Updated by Nicolas CHARLES over 6 years ago

  • Related to Bug #12374: Technique GPG Key Management and SSH Key Management don't work in audit mode added
Actions #4

Updated by Nicolas CHARLES over 6 years ago

  • Status changed from New to In progress
  • Assignee set to Nicolas CHARLES
Actions #5

Updated by Nicolas CHARLES over 6 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Nicolas CHARLES to Alexis Mousset
  • Pull Request set to https://github.com/Normation/rudder-techniques/pull/1335
Actions #6

Updated by Nicolas CHARLES over 6 years ago

  • Status changed from Pending technical review to Pending release
Actions #7

Updated by Nicolas CHARLES over 6 years ago

  • Status changed from Pending release to New
  • Assignee deleted (Alexis Mousset)

Ha, I wanted to fix the child ticket, but somehow i pushed with wrong ticket id

Actions #8

Updated by Nicolas CHARLES over 6 years ago

  • Status changed from New to Pending technical review
  • Assignee set to Alexis Mousset
  • Pull Request changed from https://github.com/Normation/rudder-techniques/pull/1335 to https://github.com/Normation/rudder-techniques/pull/1337
Actions #9

Updated by Nicolas CHARLES over 6 years ago

  • Status changed from Pending technical review to Pending release
Actions #10

Updated by Vincent MEMBRÉ about 6 years ago

  • Status changed from Pending release to Released
This bug has been fixed in Rudder 4.3.5 and 5.0.1 which were released today.
Changelog
Changelog
Actions

Also available in: Atom PDF