debug=True verbose=True and show_profile=True don't add any information

Question

debug=True verbose=True and show_profile=True don't add any information

Closed this issue 8 years ago · 9 comments

Am trying to figure out why I get No audits matched this host in the specified profiles.

Adding verbose & debug & show_profile don't add any extra information.

# salt-call hubble.top debug=true verbose=True show_profile=True
local:
    ----------
    Messages:
        No audits matched this host in the specified profiles.

I would expect at least cve-scan-2 to be run (kernel:Linux targeting).

Answer 1 · 2017-01-04T20:28:45.000Z

Can you double check that salt generated the kernel grain as Linux properly? salt-call grains.get kernel

Also can you do a salt-call cp.cache_file salt://hubblestack_nova_profiles/top.nova and then post the contents of /var/cache/salt/minion/files/base/hubblestack_nova_profiles/top.nova just so we can make sure it's looking at the topfile we expect?

Answer 2 · 2017-01-05T08:10:33.000Z

root@host:~# salt-call grains.get kernel
local:
    Linux
root@host:~# salt-call cp.cache_file salt://hubblestack_nova_profiles/top.nova
local:
    /var/cache/salt/minion/files/base/hubblestack_nova_profiles/top.nova
root@host:~# cat /var/cache/salt/minion/files/base/hubblestack_nova_profiles/top.nova
# Default top.nova
#
# Subscribes to CIS, cve_scan, and misc.yaml for miscellaneous checks

nova:
  'G@kernel:Linux':
    - cve.scan-v2
  'G@osfinger:CentOS-6':
    - cis.centos-6-level-1-scored-v2-0-1
  'G@osfinger:CentOS*Linux-7':
    - cis.centos-7-level-1-scored-v2-1-0
  'G@osfinger:Debian-8':
    - cis.debian-8-level-1-scored-v1-0-0
  'G@osfinger:Red*Hat*Enterprise*Linux*Server-6':
    - cis.rhels-6-level-1-scored-v2-0-1
  'G@osfinger:Red*Hat*Enterprise*Linux*Server-7':
    - cis.rhels-7-level-1-scored-v2-1-0
  'G@osfinger:Red*Hat*Enterprise*Linux*Workstation-7':
    - cis.rhelw-7-level-1-scored-v2-1-0
  'G@osfinger:Ubuntu-14.04':
    - cis.ubuntu-1404-level-1-scored-v1-0-0
  'G@osfullname:Microsoft*Windows*Server*2008*':
    - cis.windows-2008r2-level-1-scored-v3-0-0
  'G@osfullname:Microsoft*Windows*Server*2012*':
    - cis.windows-2012r2-level-1-scored-v2-0-0
  'G@osfinger:Amazon*Linux*2014*':
    - cis.amazon-201409-level-1-scored-v1-0-0
  'G@osfinger:Amazon*Linux*2015*':
    - cis.amazon-level-1-scored-v1-0-0
  'G@osfinger:Amazon*Linux*2016*':
    - cis.amazon-level-1-scored-v1-0-0
  #'*':
  #  - misc

Answer 3 · 2017-01-05T16:11:18.000Z

Hmm. What version of nova do you have installed? If it's a recent one you can just do salt-call hubble.version

Answer 4 · 2017-01-31T15:48:33.000Z

Having the same issue... the hubble version is 2016.10.1 and all values are same as shown.
Saltmaster is Ubuntu 16.04, Vagrant and a fresh install
file_roots, fileserver_backend.. etc is set and am using gitfs

Answer 5 · 2017-02-01T21:20:59.000Z

I don't think we have an Ubuntu 16.04 profile yet, so that's probably the source of your problem. I also realized that if you don't have any CVE vulnerabilities, you won't get cve_scan output, so everything may be working as intended.

Answer 6 · 2017-02-01T22:06:18.000Z

this: No audits matched this host in the specified profiles. also happened on 14.04, but I can confirm again.

Answer 7 · 2017-02-01T22:19:45.000Z

14.04 should definitely be working, so keep me posted on that.

The "no audits matched" will happen if there are no failures or successes reported. Since cve_scan_v2 only reports failures, then if there are no vulnerabilities, that message will be shown. It's a bug I need to fix.

Answer 8 · 2017-02-03T16:32:23.000Z

Ok, quick update 14.04 works.. We will work to understand the profiles better. Thank you for the response.

Answer 9 · 2017-03-07T22:53:50.000Z

This issue was moved to hubblestack/hubble-salt#48