Project

General

Profile

Actions

Bug #23011

open

“SSH authorized keys” system technique breaks when changed from “audit” to “enforce” mode

Added by Michel BOUISSOU over 1 year ago. Updated 6 months ago.

Status:
New
Priority:
N/A
Assignee:
-
Category:
Techniques
Target version:
Severity:
Major - prevents use of part of Rudder | no simple workaround
UX impact:
User visibility:
Getting started - demo | first install | Technique editor and level 1 Techniques
Effort required:
Priority:
0
Name check:
To do
Fix check:
To do
Regression:
No

Description

If a directive is created in “audit” mode using the “SSH authorized keys” system technique with parameters as in attached screenshot, and after having been ran on the nodes, the directive is later on changed to “enforce” mode, then after being ran on the nodes again, their compliance displays a “bad policy mode” error as in attached screenshot.

Furthermore, if the directive is changed to “audit” mode again, it will display a spurious “The keys for user blah could not be flushed”, where the authorized_keys file do actually have the proper contents (thus should be considered compliant and shouldn't need to be flushed).


Files

authorized_keys_directive_parameters.png (111 KB) authorized_keys_directive_parameters.png Directive parameters Michel BOUISSOU, 2023-07-05 10:22
Bad_policy_mode_230705a.png (171 KB) Bad_policy_mode_230705a.png Error : bad policy mode. Michel BOUISSOU, 2023-07-05 10:24
authorized_keys_could_not_be_flushed.png (128 KB) authorized_keys_could_not_be_flushed.png “Could not be flushed” error message. Michel BOUISSOU, 2023-07-05 10:25
Bad_policy_mode_230706a.png (166 KB) Bad_policy_mode_230706a.png Error on freshly added node Michel BOUISSOU, 2023-07-06 10:03
Bad_policy_mode_230706b.png (189 KB) Bad_policy_mode_230706b.png Same error for directive recreated in enforce mode Michel BOUISSOU, 2023-07-06 15:27

Related issues 1 (0 open1 closed)

Related to Rudder - Bug #23027: Grammar correction in error messageReleasedFélix DALLIDETActions
Actions #1

Updated by Michel BOUISSOU over 1 year ago

This error also happens on a freshly added node on which the agent had not been previously ran.

See attached screenshot.

Actions #2

Updated by Michel BOUISSOU over 1 year ago

  • Related to Bug #23027: Grammar correction in error message added
Actions #3

Updated by Michel BOUISSOU over 1 year ago

Even stranger : After having deleted the directive, made sure that the deletion propagated ot all nodes, and recreated the technique in “enforce” mode with the same parameters, still getting the same error about an incorrect policy mode for reports.

See screenshot (basically the same as previously)

Actions #4

Updated by Alexis Mousset over 1 year ago

  • Category changed from System techniques to Techniques
Actions #5

Updated by Michel BOUISSOU over 1 year ago

Even even stranger : this appeared to solve itself after I changed another, unrelated directive (sudoers) from audit to enforce mode...

Actions #6

Updated by Vincent MEMBRÉ over 1 year ago

  • Target version changed from 7.3.4 to 7.3.5
Actions #7

Updated by Alexis Mousset over 1 year ago

  • Target version changed from 7.3.5 to 7.3.6
Actions #8

Updated by Vincent MEMBRÉ over 1 year ago

  • Target version changed from 7.3.6 to 7.3.7
Actions #9

Updated by Vincent MEMBRÉ over 1 year ago

  • Target version changed from 7.3.7 to 7.3.8
Actions #10

Updated by Vincent MEMBRÉ about 1 year ago

  • Target version changed from 7.3.8 to 7.3.9
Actions #11

Updated by Vincent MEMBRÉ about 1 year ago

  • Target version changed from 7.3.9 to 7.3.10
Actions #12

Updated by Vincent MEMBRÉ about 1 year ago

  • Target version changed from 7.3.10 to 7.3.11
Actions #13

Updated by Vincent MEMBRÉ 11 months ago

  • Target version changed from 7.3.11 to 7.3.12
Actions #14

Updated by Vincent MEMBRÉ 10 months ago

  • Target version changed from 7.3.12 to 7.3.13
Actions #15

Updated by Vincent MEMBRÉ 10 months ago

  • Target version changed from 7.3.13 to 7.3.14
Actions #16

Updated by Vincent MEMBRÉ 8 months ago

  • Target version changed from 7.3.14 to 7.3.15
Actions #17

Updated by Vincent MEMBRÉ 7 months ago

  • Target version changed from 7.3.15 to 7.3.16
Actions #18

Updated by Vincent MEMBRÉ 6 months ago

  • Target version changed from 7.3.16 to 7.3.17
Actions

Also available in: Atom PDF