UBUNTU22-CIS 'audit_bin' is undefined
txsastre opened this issue · 1 comments
txsastre commented
Describe the Issue
when trying to execute UBUNTU22-CIS with
/defaults/main.yml
# enable audits to run - this runs the audit and get the latest content
run_audit: true
The Ansible controller has installed goss VERSION v0.4.6
As the environment has a very restricted internet access, the idea is to copy goss from ansible controller to the clients, so the playbook can do the audit. Well I think this is how it's supposed to work, but is not.
The main.yml file (goss related modified)
/defaults/main.yml
##########################################
### Goss is required on the remote host ###
## Refer to vars/auditd.yml for any other settings ##
# Allow audit to setup the requirements including installing git (if option chosen and downloading and adding goss binary to system)
setup_audit: false
# enable audits to run - this runs the audit and get the latest content
run_audit: true
# Only run Audit do not remediate
audit_only: true
# As part of audit_only
# This will enable files to be copied back to control node
fetch_audit_files: true
# Path to copy the files to will create dir structure
audit_capture_files_dir: /home/ansibleemer/ansible/hardening/log
# How to retrieve audit binary
# Options are copy or download - detailed settings at the bottom of this file
# you will need to access to either github or the file already dowmloaded
get_audit_binary_method: copy
## if get_audit_binary_method - copy the following needs to be updated for your environment
## it is expected that it will be copied from somewhere accessible to the control node
## e.g copy from ansible control node to remote host
audit_bin_copy_location: /usr/local/bin/goss
# how to get audit files onto host options
# options are git/copy/get_url other e.g. if you wish to run from already downloaded conf
audit_content: copy
# archive or copy:
audit_conf_copy: "some path to copy from"
# get_url:
audit_files_url: "some url maybe s3?"
# Run heavy tests - some tests can have more impact on a system enabling these can have greater impact on a system
audit_run_heavy_tests: true
# This variable specifies the timeout (in ms) for audit commands that
# take a very long time: if a command takes too long to complete,
# it will be forcefully terminated after the specified duration.
audit_cmd_timeout: 120000
### End Goss enablements ####
Expected Behavior
that the audit worked
Actual Behavior
getting this error
TASK [/home/ansibleemer/hardening/UBUNTU22-CIS-devel : Post Audit | Run post_remediation UBUNTU22-CIS audit] *****************************
fatal: [X-UBU-2]: FAILED! => {"msg": "The field 'environment' has an invalid value, which includes an undefined variable. The error was: 'audit_bin' is undefined. 'audit_bin' is undefined\n\nThe error appears to be in '/home/ansibleemer/hardening/UBUNTU22-CIS-devel/tasks/post_remediation_audit.yml': line 2, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n---\n- name: Post Audit | Run post_remediation {{ benchmark }} audit\n ^ here\nWe could be wrong, but this one looks like it might be an issue with\nmissing quotes. Always quote template expression brackets when they\nstart a value. For instance:\n\n with_items:\n - {{ foo }}\n\nShould be written as:\n\n with_items:\n - \"{{ foo }}\"\n"}
Environment (please complete the following information):
- using UBUNTU22-CIS
- devel
- ansible [core 2.16.5]
- Python 3.10.12
Additional Notes
added this task in post_remediation_audit.yml to see the value, but none received
- name: Debug | Print audit_bin value
ansible.builtin.debug:
msg: "The value of audit_bin is {{ audit_bin }}"
Possible Solution
trace audit_bin if there's a mistake o maybe my configuration.