Project

General

Profile

Actions
Copy link

Bug #25797

open

Section 7.2 on Debian 11 is broken

Added by Nicolas CHARLES 29 days ago. Updated 28 days ago.

Status:
Pending release
Priority:
N/A
Assignee:
Michel BOUISSOU
Target version:
Rudder plugins - 8.1
Pull Request:
https://github.com/Normation/rudder-p...
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
To do
Regression:
No

Description

2024-11-04T21:51:25+00:00 rudder     info: Executing 'no timeout' ... 'awk -F: '($2 == "" ) { print $1 " does not have a password "}' /etc/shadow'
2024-11-04T21:51:25+00:00 rudder     info: Command related to promiser 'awk -F: '($2 == "" ) { print $1 " does not have a password "}' /etc/shadow' returned code '0' not defined as promise kept, not kept or repaired; setting to failed
2024-11-04T21:51:25+00:00 rudder     info: Completed execution of 'awk -F: '($2 == "" ) { print $1 " does not have a password "}' /etc/shadow'
A| non-compliant cis_debian11_srv_1        Check that /etc/shadow p| awk -F: '($2 == "| Execute audit command awk -F: '($2 == "" ) { print $1 " does not have a password "}' /etc/shadow was not correct
E| n/a           cis_debian11_srv_1        Unsupported enforce mode  Unimplemented Enf| Skipping method 'Report if condition' with key parameter 'Unimplemented Enforce mode for this CIS item.' since condition 'cis_debian11_7_2_2_enforce' is not reached was not applicable
2024-11-04T21:51:25+00:00 rudder     info: Executing 'no timeout' ... '/usr/bin/env bash /var/rudder/cfengine-community/inputs/cis_debian11_srv_1/1.0/resources/7_2_3_groups_consistency.sh'
/var/rudder/cfengine-community/inputs/inventory/1.0/fusionAgent.cf:1:1: error: Broken variable syntax or bracket mismatch in string (awk -F: '($4 == '"$(getent group shadow | awk -F: '{print $3}' | xargs)"') {print " - user: "" $1 "" primary group is the shadow group"}' /etc/passwd)
/var/rudder/cfengine-community/inputs/inventory/1.0/fusionAgent.cf:1:1: error: Broken variable syntax or bracket mismatch in string (awk -F: '($4 == '"$(getent group shadow | awk -F: '{print $3}' | xargs)"') {print " - user: "" $1 "" primary group is the shadow group"}' /etc/passwd)
/var/rudder/cfengine-community/inputs/inventory/1.0/fusionAgent.cf:1:1: error: Broken variable syntax or bracket mismatch in string (awk -F: '($4 == '"$(getent group shadow | awk -F: '{print $3}' | xargs)"') {print " - user: "" $1 "" primary group is the shadow group"}' /etc/passwd)
/var/rudder/cfengine-community/inputs/inventory/1.0/fusionAgent.cf:1:1: error: Broken variable syntax or bracket mismatch in string (awk -F: '($4 == '"$(getent group shadow | awk -F: '{print $3}' | xargs)"') {print " - user: "" $1 "" primary group is the shadow group"}' /etc/passwd)
/var/rudder/cfengine-community/inputs/inventory/1.0/fusionAgent.cf:1:1: error: Broken variable syntax or bracket mismatch in string (awk -F: '($4 == '"$(getent group shadow | awk -F: '{print $3}' | xargs)"') {print " - user: "" $1 "" primary group is the shadow group"}' /etc/passwd)
/var/rudder/cfengine-community/inputs/inventory/1.0/fusionAgent.cf:1:1: error: Broken variable syntax or bracket mismatch in string (awk -F: '($4 == '"$(getent group shadow | awk -F: '{print $3}' | xargs)"') {print " - user: "" $1 "" primary group is the shadow group"}' /etc/passwd)
/var/rudder/cfengine-community/inputs/inventory/1.0/fusionAgent.cf:1:1: error: Broken variable syntax or bracket mismatch in string (awk -F: '($4 == '"$(getent group shadow | awk -F: '{print $3}' | xargs)"') {print " - user: "" $1 "" primary group is the shadow group"}' /etc/passwd)
/var/rudder/cfengine-community/inputs/inventory/1.0/fusionAgent.cf:1:1: error: Broken scalar variable syntax or bracket mismatch in 'audit_from_command_awk -F: '($4 == '"$(getent group shadow | awk -F: '{print $3}' | xargs)"') {print " - user: "" $1 "" primary group is the shadow group"}' /etc/passwd'
/var/rudder/cfengine-community/inputs/inventory/1.0/fusionAgent.cf:1:1: error: Broken scalar variable syntax or bracket mismatch in 'audit_from_command_awk -F: '($4 == '"$(getent group shadow | awk -F: '{print $3}' | xargs)"') {print " - user: "" $1 "" primary group is the shadow group"}' /etc/passwd'
/var/rudder/cfengine-community/inputs/inventory/1.0/fusionAgent.cf:1:1: error: Broken scalar variable syntax or bracket mismatch in 'audit_from_command_awk -F: '($4 == '"$(getent group shadow | awk -F: '{print $3}' | xargs)"') {print " - user: "" $1 "" primary group is the shadow group"}' /etc/passwd'
/var/rudder/cfengine-community/inputs/inventory/1.0/fusionAgent.cf:1:1: error: Broken scalar variable syntax or bracket mismatch in 'audit_from_command_awk -F: '($4 == '"$(getent group shadow | awk -F: '{print $3}' | xargs)"') {print " - user: "" $1 "" primary group is the shadow group"}' /etc/passwd'
/var/rudder/cfengine-community/inputs/inventory/1.0/fusionAgent.cf:1:1: error: Broken scalar variable syntax or bracket mismatch in 'audit_from_command_awk -F: '($4 == '"$(getent group shadow | awk -F: '{print $3}' | xargs)"') {print " - user: "" $1 "" primary group is the shadow group"}' /etc/passwd'
/var/rudder/cfengine-community/inputs/inventory/1.0/fusionAgent.cf:1:1: error: Broken scalar variable syntax or bracket mismatch in 'audit_from_command_awk -F: '($4 == '"$(getent group shadow | awk -F: '{print $3}' | xargs)"') {print " - user: "" $1 "" primary group is the shadow group"}' /etc/passwd'
Too many errors
2024-11-04T21:51:25+00:00 rudder     info: Command related to promiser '/usr/bin/env bash /var/rudder/cfengine-community/inputs/cis_debian11_srv_1/1.0/resources/7_2_3_groups_consistency.sh' returned code '0' defined as promise kept
2024-11-04T21:51:25+00:00 rudder     info: Completed execution of '/usr/bin/env bash /var/rudder/cfengine-community/inputs/cis_debian11_srv_1/1.0/resources/7_2_3_groups_consistency.sh'
A| compliant     cis_debian11_srv_1        Ensure all groups in /et| /usr/bin/env bash| Execute audit command /usr/bin/env bash /var/rudder/cfengine-community/inputs/cis_debian11_srv_1/1.0/resources/7_2_3_groups_consistency.sh was correct
E| n/a           cis_debian11_srv_1        Unsupported enforce mode  Unimplemented Enf| Skipping method 'Report if condition' with key parameter 'Unimplemented Enforce mode for this CIS item.' since condition 'cis_debian11_7_2_3_enforce' is not reached was not applicable
2024-11-04T21:51:25+00:00 rudder     info: Executing 'no timeout' ... 'awk -F: '($1=="shadow") {print $NF}' /etc/group'
2024-11-04T21:51:25+00:00 rudder     info: Command related to promiser 'awk -F: '($1=="shadow") {print $NF}' /etc/group' returned code '0' not defined as promise kept, not kept or repaired; setting to failed
2024-11-04T21:51:25+00:00 rudder     info: Completed execution of 'awk -F: '($1=="shadow") {print $NF}' /etc/group'
A| non-compliant cis_debian11_srv_1        Ensure shadow group is e| awk -F: '($1=="sh| Execute audit command awk -F: '($1=="shadow") {print $NF}' /etc/group was not correct
2024-11-04T21:51:25+00:00 rudder     info: Executing 'no timeout' ... 'awk -F: '($4 == '"$(getent group shadow | awk -F: '{print $3}' | xargs)"') {print " - user: "" $1 "" primary group is the shadow group"}' /etc/passwd'
2024-11-04T21:51:25+00:00 rudder     info: Command related to promiser 'awk -F: '($4 == '"$(getent group shadow | awk -F: '{print $3}' | xargs)"') {print " - user: "" $1 "" primary group is the shadow group"}' /etc/passwd' returned code '0' not defined as promise kept, not kept or repaired; setting to failed
2024-11-04T21:51:25+00:00 rudder     info: Completed execution of 'awk -F: '($4 == '"$(getent group shadow | awk -F: '{print $3}' | xargs)"') {print " - user: "" $1 "" primary group is the shadow group"}' /etc/passwd'
error    Rudder agent was interrupted during execution by a fatal error
Actions
Copy link
 #1

Updated by Nicolas CHARLES 29 days ago

interestingly, crap goes out of stderr

# rudder agent run -v > /tmp/out
/var/rudder/cfengine-community/inputs/inventory/1.0/fusionAgent.cf:1:1: error: Broken variable syntax or bracket mismatch in string (awk -F: '($4 == '"$(getent group shadow | awk -F: '{print $3}' | xargs)"') {print " - user: "" $1 "" primary group is the shadow group"}' /etc/passwd)
/var/rudder/cfengine-community/inputs/inventory/1.0/fusionAgent.cf:1:1: error: Broken variable syntax or bracket mismatch in string (awk -F: '($4 == '"$(getent group shadow | awk -F: '{print $3}' | xargs)"') {print " - user: "" $1 "" primary group is the shadow group"}' /etc/passwd)
/var/rudder/cfengine-community/inputs/inventory/1.0/fusionAgent.cf:1:1: error: Broken variable syntax or bracket mismatch in string (awk -F: '($4 == '"$(getent group shadow | awk -F: '{print $3}' | xargs)"') {print " - user: "" $1 "" primary group is the shadow group"}' /etc/passwd)
/var/rudder/cfengine-community/inputs/inventory/1.0/fusionAgent.cf:1:1: error: Broken variable syntax or bracket mismatch in string (Dumping report_data:{
  component_name = Ensure shadow group is empty
  component_key = awk -F: '($4 == '"$(getent group shadow | awk -F: '{print $3}' | xargs)"') {print " - user: "" $1 "" primary group is the shadow group"}' /etc/passwd
  technique_name = cis_debian11_srv_1
  directive_id = da0ff416-b8eb-4d3a-93ad-4aeacf900dfb
  canonified_directive_id = da0ff416_b8eb_4d3a_93ad_4aeacf900dfb
  rule_id = 4710727c-f30c-442c-98e7-7ae3a91e4824
  identifier = 4710727c-f30c-442c-98e7-7ae3a91e4824@@da0ff416-b8eb-4d3a-93ad-4aeacf900dfb@@97191532-252f-4709-ae33-fa95f592fcf3
  report_id_r = 97191532-252f-4709-ae33-fa95f592fcf3
  report_id = 97191532_252f_4709_ae33_fa95f592fcf3_da0ff416_b8eb_4d3a_93ad_4aeacf900dfb
  method_id = 97191532_252f_4709_ae33_fa95f592fcf3_da0ff416_b8eb_4d3a_93ad_4aeacf900dfb
})
/var/rudder/cfengine-community/inputs/inventory/1.0/fusionAgent.cf:1:1: error: Broken variable syntax or bracket mismatch in string (Dumping report_data:{
  component_name = Ensure shadow group is empty
  component_key = awk -F: '($4 == '"$(getent group shadow | awk -F: '{print $3}' | xargs)"') {print " - user: "" $1 "" primary group is the shadow group"}' /etc/passwd
  technique_name = cis_debian11_srv_1
  directive_id = da0ff416-b8eb-4d3a-93ad-4aeacf900dfb
  canonified_directive_id = da0ff416_b8eb_4d3a_93ad_4aeacf900dfb
  rule_id = 4710727c-f30c-442c-98e7-7ae3a91e4824
  identifier = 4710727c-f30c-442c-98e7-7ae3a91e4824@@da0ff416-b8eb-4d3a-93ad-4aeacf900dfb@@97191532-252f-4709-ae33-fa95f592fcf3
  report_id_r = 97191532-252f-4709-ae33-fa95f592fcf3
  report_id = 97191532_252f_4709_ae33_fa95f592fcf3_da0ff416_b8eb_4d3a_93ad_4aeacf900dfb
  method_id = 97191532_252f_4709_ae33_fa95f592fcf3_da0ff416_b8eb_4d3a_93ad_4aeacf900dfb
})
/var/rudder/cfengine-community/inputs/inventory/1.0/fusionAgent.cf:1:1: error: Broken variable syntax or bracket mismatch in string (awk -F: '($4 == '"$(getent group shadow | awk -F: '{print $3}' | xargs)"') {print " - user: "" $1 "" primary group is the shadow group"}' /etc/passwd)
/var/rudder/cfengine-community/inputs/inventory/1.0/fusionAgent.cf:1:1: error: Broken variable syntax or bracket mismatch in string (awk -F: '($4 == '"$(getent group shadow | awk -F: '{print $3}' | xargs)"') {print " - user: "" $1 "" primary group is the shadow group"}' /etc/passwd)
/var/rudder/cfengine-community/inputs/inventory/1.0/fusionAgent.cf:1:1: error: Broken variable syntax or bracket mismatch in string (awk -F: '($4 == '"$(getent group shadow | awk -F: '{print $3}' | xargs)"') {print " - user: "" $1 "" primary group is the shadow group"}' /etc/passwd)
/var/rudder/cfengine-community/inputs/inventory/1.0/fusionAgent.cf:1:1: error: Broken variable syntax or bracket mismatch in string (awk -F: '($4 == '"$(getent group shadow | awk -F: '{print $3}' | xargs)"') {print " - user: "" $1 "" primary group is the shadow group"}' /etc/passwd)
/var/rudder/cfengine-community/inputs/inventory/1.0/fusionAgent.cf:1:1: error: Broken scalar variable syntax or bracket mismatch in 'audit_from_command_awk -F: '($4 == '"$(getent group shadow | awk -F: '{print $3}' | xargs)"') {print " - user: "" $1 "" primary group is the shadow group"}' /etc/passwd'
/var/rudder/cfengine-community/inputs/inventory/1.0/fusionAgent.cf:1:1: error: Broken scalar variable syntax or bracket mismatch in 'audit_from_command_awk -F: '($4 == '"$(getent group shadow | awk -F: '{print $3}' | xargs)"') {print " - user: "" $1 "" primary group is the shadow group"}' /etc/passwd'
/var/rudder/cfengine-community/inputs/inventory/1.0/fusionAgent.cf:1:1: error: Broken scalar variable syntax or bracket mismatch in 'audit_from_command_awk -F: '($4 == '"$(getent group shadow | awk -F: '{print $3}' | xargs)"') {print " - user: "" $1 "" primary group is the shadow group"}' /etc/passwd'
/var/rudder/cfengine-community/inputs/inventory/1.0/fusionAgent.cf:1:1: error: Broken scalar variable syntax or bracket mismatch in 'audit_from_command_awk -F: '($4 == '"$(getent group shadow | awk -F: '{print $3}' | xargs)"') {print " - user: "" $1 "" primary group is the shadow group"}' /etc/passwd'
Too many errors

Actions
Copy link
 #2

Updated by Nicolas CHARLES 29 days ago

removing content of 7.2.4 workaround the issue, but I don't understand what causes it

Actions
Copy link
 #3

Updated by Nicolas CHARLES 29 days ago

either 

awk -F: '($1=="shadow") {print $NF}' /etc/group

or
awk -F: '($4 == '"$(getent group shadow | awk -F: '{print $3}' | xargs)"') {print " - user: \"" $1 "\" primary group is the shadow group"}' /etc/passwd

breaks it

Actions
Copy link
 #4

Updated by Nicolas CHARLES 28 days ago

  • Status changed from New to In progress
  • Assignee set to Nicolas CHARLES
Actions
Copy link
 #5

Updated by Nicolas CHARLES 28 days ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Nicolas CHARLES to Michel BOUISSOU
  • Pull Request set to https://github.com/Normation/rudder-plugins-private/pull/824
Actions
Copy link
 #6

Updated by Nicolas CHARLES 28 days ago

  • Status changed from Pending technical review to Pending release

Applied in changeset rudder-plugins-private:commit:rudder-plugins-private|106f2d2f7a8d178d4629b544300814d94b03f9e9.

Actions
Copy link
 #7

Updated by Nicolas CHARLES 28 days ago

Applied in changeset rudder-plugins-private:commit:rudder-plugins-private|850e8c4dce6533aa5871878b75976623c1115a89.

Actions
Copy link
 #8

Updated by Nicolas CHARLES 28 days ago

Applied in changeset rudder-plugins-private:commit:rudder-plugins-private|850e8c4dce6533aa5871878b75976623c1115a89.

Actions
Copy link
 #9

Updated by Anonymous 28 days ago

Applied in changeset rudder-plugins-private:commit:rudder-plugins-private|77db48dec0b96ff5100572b5cc0237423a3c6d4d.

Actions
Copy link

Also available in: Atom PDF