OpenStack-Ansible

Ansible hardening takes comments into account for some checks

Bug #1768725 reported by Jean-Philippe Evrard
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack-Ansible
Fix Released
Low
Mohammed Naser

Bug Description

On this line (and maybe others) [1], ansible-hardening might be tricked by adding a new line containing:

# nameserver

While the amount of nameservers would still be counted as 2, only one would be used by the resolvers.

[1]: https://github.com/openstack/ansible-hardening/blob/dc798c797985408f4b787e3dd3cfc634c15f354a/tasks/rhel7stig/misc.yml#L324

Jean-Philippe Evrard (jean-philippe-evrard)
tags: added: low-hanging-fruit
Changed in openstack-ansible:
status: New → Confirmed
importance: Undecided → Low
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to ansible-hardening (master)

Fix proposed to branch: master
Review: https://review.openstack.org/566936

Changed in openstack-ansible:
assignee: nobody → Mohammed Naser (mnaser)
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to ansible-hardening (master)

Reviewed: https://review.openstack.org/566936
Committed: https://git.openstack.org/cgit/openstack/ansible-hardening/commit/?id=6cae2c1e46ce42a7970460b493c3907f8805108b
Submitter: Zuul
Branch: master

commit 6cae2c1e46ce42a7970460b493c3907f8805108b
Author: Mohammed Naser <email address hidden>
Date: Tue May 8 12:18:12 2018 -0400

    Ensure that comments are not counted

    With the previous grep, it was possible that any commented nameserver
    entries would be counted. This patch fixes that.

    Change-Id: I9925cb9a71c1b58dcf12f70d8ce0872386732f06
    Closes-Bug: #1768725

Changed in openstack-ansible:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to ansible-hardening (stable/queens)

Fix proposed to branch: stable/queens
Review: https://review.openstack.org/567212

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to ansible-hardening (stable/pike)

Fix proposed to branch: stable/pike
Review: https://review.openstack.org/567213

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to ansible-hardening (stable/ocata)

Fix proposed to branch: stable/ocata
Review: https://review.openstack.org/567214

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to ansible-hardening (stable/pike)

Reviewed: https://review.openstack.org/567213
Committed: https://git.openstack.org/cgit/openstack/ansible-hardening/commit/?id=71e18e1ef7c37979239f8e65bc9c200e0105b5b4
Submitter: Zuul
Branch: stable/pike

commit 71e18e1ef7c37979239f8e65bc9c200e0105b5b4
Author: Mohammed Naser <email address hidden>
Date: Tue May 8 12:18:12 2018 -0400

    Ensure that comments are not counted

    With the previous grep, it was possible that any commented nameserver
    entries would be counted. This patch fixes that.

    Change-Id: I9925cb9a71c1b58dcf12f70d8ce0872386732f06
    Closes-Bug: #1768725
    (cherry picked from commit 6cae2c1e46ce42a7970460b493c3907f8805108b)

tags: added: in-stable-pike
tags: added: in-stable-ocata
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to ansible-hardening (stable/ocata)

Reviewed: https://review.openstack.org/567214
Committed: https://git.openstack.org/cgit/openstack/ansible-hardening/commit/?id=18c8d537629606f8e887dac790521b4064180467
Submitter: Zuul
Branch: stable/ocata

commit 18c8d537629606f8e887dac790521b4064180467
Author: Mohammed Naser <email address hidden>
Date: Tue May 8 12:18:12 2018 -0400

    Ensure that comments are not counted

    With the previous grep, it was possible that any commented nameserver
    entries would be counted. This patch fixes that.

    Change-Id: I9925cb9a71c1b58dcf12f70d8ce0872386732f06
    Closes-Bug: #1768725
    (cherry picked from commit 6cae2c1e46ce42a7970460b493c3907f8805108b)

tags: added: in-stable-queens
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to ansible-hardening (stable/queens)

Reviewed: https://review.openstack.org/567212
Committed: https://git.openstack.org/cgit/openstack/ansible-hardening/commit/?id=8c55927d31b1c91df70eda65aa6a458fb03754f4
Submitter: Zuul
Branch: stable/queens

commit 8c55927d31b1c91df70eda65aa6a458fb03754f4
Author: Mohammed Naser <email address hidden>
Date: Tue May 8 12:18:12 2018 -0400

    Ensure that comments are not counted

    With the previous grep, it was possible that any commented nameserver
    entries would be counted. This patch fixes that.

    Change-Id: I9925cb9a71c1b58dcf12f70d8ce0872386732f06
    Closes-Bug: #1768725
    (cherry picked from commit 6cae2c1e46ce42a7970460b493c3907f8805108b)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/ansible-hardening ocata-em

This issue was fixed in the openstack/ansible-hardening ocata-em release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/ansible-hardening 16.0.29

This issue was fixed in the openstack/ansible-hardening 16.0.29 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/ansible-hardening queens-eol

This issue was fixed in the openstack/ansible-hardening queens-eol release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/ansible-hardening rocky-eol

This issue was fixed in the openstack/ansible-hardening rocky-eol release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/ansible-hardening stein-eol

This issue was fixed in the openstack/ansible-hardening stein-eol release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/ansible-hardening train-eol

This issue was fixed in the openstack/ansible-hardening train-eol release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/ansible-hardening ussuri-eol

This issue was fixed in the openstack/ansible-hardening ussuri-eol release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/ansible-hardening yoga-eom

This issue was fixed in the openstack/ansible-hardening yoga-eom release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/ansible-hardening victoria-eom

This issue was fixed in the openstack/ansible-hardening victoria-eom release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/ansible-hardening wallaby-eom

This issue was fixed in the openstack/ansible-hardening wallaby-eom release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/ansible-hardening xena-eom

This issue was fixed in the openstack/ansible-hardening xena-eom release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.