OpenStack-Ansible

AIDE configuration is set AFTER the initial run

Bug #1686110 reported by Major Hayden
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack-Ansible
Fix Released
Low
Major Hayden

Bug Description

The "Configure AIDE to verify additional properties" task runs *after* the tasks which do the AIDE initialization. This isn't a problem on CentOS since the default properties meet the STIG requirements, but it does affect Ubuntu.

The result is that Ubuntu users may see a huge AIDE update upon their second AIDE run.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to openstack-ansible-security (master)

Fix proposed to branch: master
Review: https://review.openstack.org/459719

Changed in openstack-ansible:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to openstack-ansible-security (master)

Reviewed: https://review.openstack.org/459719
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible-security/commit/?id=1819c4241a6b12de4119d1f5ec1b75451f64789c
Submitter: Jenkins
Branch: master

commit 1819c4241a6b12de4119d1f5ec1b75451f64789c
Author: Major Hayden <email address hidden>
Date: Tue May 16 10:32:13 2017 -0500

    Configure AIDE before initial run

    This patch ensures that AIDE is fully configured before the first
    database initialization process begins.

    Closes-Bug: 1686110
    Change-Id: I209b88afb305828fa6e46de255ef11f5a6645427

Changed in openstack-ansible:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to openstack-ansible-security (stable/ocata)

Fix proposed to branch: stable/ocata
Review: https://review.openstack.org/465967

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to openstack-ansible-security (stable/ocata)

Reviewed: https://review.openstack.org/465967
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible-security/commit/?id=7db180f80184260aebac5c4df06c31930086b751
Submitter: Jenkins
Branch: stable/ocata

commit 7db180f80184260aebac5c4df06c31930086b751
Author: Major Hayden <email address hidden>
Date: Tue May 16 10:32:13 2017 -0500

    Configure AIDE before initial run

    This patch ensures that AIDE is fully configured before the first
    database initialization process begins.

    Manual backport of I209b88afb305828fa6e46de255ef11f5a6645427 was
    required due to the STIG renaming done in Pike.

    Change-Id: I41c65e16b61721fecb2aac2251126ce21d7a4353
    Closes-Bug: 1686110

tags: added: in-stable-ocata
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/openstack-ansible-security 16.0.0.0b2

This issue was fixed in the openstack/openstack-ansible-security 16.0.0.0b2 development milestone.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/openstack-ansible-security 15.1.5

This issue was fixed in the openstack/openstack-ansible-security 15.1.5 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/ansible-hardening 16.0.0.0rc2

This issue was fixed in the openstack/ansible-hardening 16.0.0.0rc2 release candidate.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/ansible-hardening 15.1.9

This issue was fixed in the openstack/ansible-hardening 15.1.9 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/ansible-hardening 17.0.0.0b1

This issue was fixed in the openstack/ansible-hardening 17.0.0.0b1 development milestone.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.