Error "The conditional check ''nosuid' not in home_mount.options' failed" in fix-cat2.yml. Easy code fix.
erosen03 opened this issue · comments
Lines 2043 and 2056 of fix-cat2.yml appear to have improper condition statements that cause the following error:
TASK [/etc/ansible/roles/ansible-lockdown/RHEL7-STIG : MEDIUM | RHEL-07-021010 | AUDIT | The Red Hat Enterprise Linux operating system must prevent files with the setuid and setgid bit set from being executed on file systems that are used with removable media.] *** 2024-01-03 00:43:09 fatal: [x.x.x.20]: FAILED! => {"msg": "The conditional check ''nosuid' not in home_mount.options' failed. The error was: error while evaluating conditional ('nosuid' not in home_mount.options): 'home_mount' is undefined. 'home_mount' is undefined\n\nThe error appears to be in '/etc/ansible/roles/ansible-lockdown/RHEL7-STIG/tasks/fix-cat2.yml': line 2045, column 9, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n - name: \"MEDIUM | RHEL-07-021010 | AUDIT | The Red Hat Enterprise Linux operating system must prevent files with the setuid and setgid bit set from being executed on file systems that are used with removable media.\"\n ^ here\n"}
Lines 2043 and 2056 refence the home_mount
variable in the conditions, however the tasks are working with the removable_mount
and removable_mount2
variables, respectively. Making the following corrections fixes the issues:
Lines 2043 - original
- "'nosuid' not in home_mounts.options"
Lines 2043 - corrected
- "'nosuid' not in removable_mount.options"
Lines 2056 - original
- "'nosuid' not in home_mounts.options"
Lines 2056 - corrected
- "'nosuid' not in removable_mount2.options"
hi @erosen03
Thank you for taking the time to raise this Issue and thank you for the thorough and detaild explanation. This change has been merged to into devel and will be released into main over the coming days.
Many thanks
uk-bolly
@uk-bolly, you're very welcome. Ansible-lockdown is awesome, and it was my pleasure to have the opportunity to contribute.