network_sniffer_disabled RHEL8 Playbook Task Failing
adampankow opened this issue · comments
Description of problem:
When the network sniffer disabling task runs in the RHEL8 playbook it fails when it encounters a VLAN atop a bonded interface (i.e. bond.70@bond0
) due to it attempting to run ip link set dev {{ item.split(':')[1] }} multicast off promisc off
using the full interface name returned by the ip -o link show
command. In order for the set dev
command to succeed it looks to need to be run using only bond.70
.
SCAP Security Guide Version:
N/A
Operating System Version:
RHEL8.9
Steps to Reproduce:
- Run RHEL8 Playbook on a host with an interface consisting of a VLAN atop a bonded interface
Actual Results:
Task returns:
failed: [hostname] (item=15: bond0.70@bond0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000) => {"ansible_loop_var": "item", "changed": true, "cmd": ["ip", "link", "set", "dev", "bond0.70@bond0", "multicast", "off", "promisc", "off"], "delta": "0:00:00.039773", "end": "2024-04-25 06:53:34.691195", "item": "15: bond0.70@bond0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000", "msg": "non-zero return code", "rc": 1, "start": "2024-04-25 06:53:34.651422", "stderr": "Cannot find device "bond0.70@bond0"", "stderr_lines": ["Cannot find device "bond0.70@bond0""], "stdout": "", "stdout_lines": []}
Expected Results:
Task returns:
ok: [hostname]
Additional Information/Debugging Steps:
I suspect similar would result using OpenSCAP