Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CIS 2.1.1.1 should not fail if systemd-timesyncd is not installed #119

Conversation

kdebisschop
Copy link
Contributor

Overall Review of Changes:
Added a check to "when' for checking if systemd-timesyncd.service is enabled.

Currently, if the package is not installed, the task fails because the systemd check is looking for a service that does not exist. It is clear from the CIS test code that not having the package installed is a valid configuration:

if systemctl list-units --all --type=service | grep -q 'systemd-timesyncd.service' && systemctl is-enabled systemd-timesyncd.service | grep -Eq '(enabled|disabled|masked)'; then

Note how in the CIS script, the systemctl test is only performed if the package is an available service. As a result, instead of reporting a failure, the test is skipped...which maybe is not perfect, but seems much better.

Issue Fixes:
Please list (using linking) any open issues this PR addresses

Enhancements:
Please list any enhancements/features that are not open issue tickets

How has this been tested?:
Has been run against instances without systemd-timesyncd installed. The test within the 2.1.1.1 block for the service is skipped instead of failing.

Copy link
Member

@uk-bolly uk-bolly left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great catch

@uk-bolly uk-bolly merged commit 5eaa8c3 into ansible-lockdown:devel Dec 11, 2023
4 checks passed
@uk-bolly uk-bolly mentioned this pull request Dec 12, 2023
@kdebisschop kdebisschop deleted the CIS-2_1_1_1-should-not-fail-if-systemd-timesyncd-not-installed branch January 28, 2024 20:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants