debug=True verbose=True and show_profile=True don't add any information
Closed this issue · 9 comments
Am trying to figure out why I get No audits matched this host in the specified profiles.
Adding verbose & debug & show_profile don't add any extra information.
# salt-call hubble.top debug=true verbose=True show_profile=True
local:
----------
Messages:
No audits matched this host in the specified profiles.
I would expect at least cve-scan-2 to be run (kernel:Linux targeting).
Can you double check that salt generated the kernel
grain as Linux
properly? salt-call grains.get kernel
Also can you do a salt-call cp.cache_file salt://hubblestack_nova_profiles/top.nova
and then post the contents of /var/cache/salt/minion/files/base/hubblestack_nova_profiles/top.nova
just so we can make sure it's looking at the topfile we expect?
root@host:~# salt-call grains.get kernel
local:
Linux
root@host:~# salt-call cp.cache_file salt://hubblestack_nova_profiles/top.nova
local:
/var/cache/salt/minion/files/base/hubblestack_nova_profiles/top.nova
root@host:~# cat /var/cache/salt/minion/files/base/hubblestack_nova_profiles/top.nova
# Default top.nova
#
# Subscribes to CIS, cve_scan, and misc.yaml for miscellaneous checks
nova:
'G@kernel:Linux':
- cve.scan-v2
'G@osfinger:CentOS-6':
- cis.centos-6-level-1-scored-v2-0-1
'G@osfinger:CentOS*Linux-7':
- cis.centos-7-level-1-scored-v2-1-0
'G@osfinger:Debian-8':
- cis.debian-8-level-1-scored-v1-0-0
'G@osfinger:Red*Hat*Enterprise*Linux*Server-6':
- cis.rhels-6-level-1-scored-v2-0-1
'G@osfinger:Red*Hat*Enterprise*Linux*Server-7':
- cis.rhels-7-level-1-scored-v2-1-0
'G@osfinger:Red*Hat*Enterprise*Linux*Workstation-7':
- cis.rhelw-7-level-1-scored-v2-1-0
'G@osfinger:Ubuntu-14.04':
- cis.ubuntu-1404-level-1-scored-v1-0-0
'G@osfullname:Microsoft*Windows*Server*2008*':
- cis.windows-2008r2-level-1-scored-v3-0-0
'G@osfullname:Microsoft*Windows*Server*2012*':
- cis.windows-2012r2-level-1-scored-v2-0-0
'G@osfinger:Amazon*Linux*2014*':
- cis.amazon-201409-level-1-scored-v1-0-0
'G@osfinger:Amazon*Linux*2015*':
- cis.amazon-level-1-scored-v1-0-0
'G@osfinger:Amazon*Linux*2016*':
- cis.amazon-level-1-scored-v1-0-0
#'*':
# - misc
Hmm. What version of nova do you have installed? If it's a recent one you can just do salt-call hubble.version
Having the same issue... the hubble version is 2016.10.1 and all values are same as shown.
Saltmaster is Ubuntu 16.04, Vagrant and a fresh install
file_roots, fileserver_backend.. etc is set and am using gitfs
I don't think we have an Ubuntu 16.04 profile yet, so that's probably the source of your problem. I also realized that if you don't have any CVE vulnerabilities, you won't get cve_scan output, so everything may be working as intended.
this: No audits matched this host in the specified profiles. also happened on 14.04, but I can confirm again.
14.04 should definitely be working, so keep me posted on that.
The "no audits matched" will happen if there are no failures or successes reported. Since cve_scan_v2 only reports failures, then if there are no vulnerabilities, that message will be shown. It's a bug I need to fix.
Ok, quick update 14.04 works.. We will work to understand the profiles better. Thank you for the response.
This issue was moved to hubblestack/hubble-salt#48