Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

charm with cis_enabled=true does not take care of installation of usg repo and package #215

Open
mastier opened this issue Dec 12, 2024 · 2 comments
Open

charm with cis_enabled=true does not take care of installation of usg repo and package #215

mastier opened this issue Dec 12, 2024 · 2 comments

Comments

@mastier
Copy link

mastier commented Dec 12, 2024

As in the description the charm is silently failing in the logs as it does not care about installing Ubuntu Security Guide package (usg)

Dec 11 12:15:15 compute-std-22 cron_cis_audit[1070983]: Sleeping for 314s to randomize the cis-audit start time
Dec 11 12:15:15 compute-std-22 cron_cis_audit[1070983]: Run cis-audit: ['/usr/sbin/usg', 'audit']
Dec 11 12:15:15 compute-std-22 cron_cis_audit[1070983]: Traceback (most recent call last):
Dec 11 12:15:15 compute-std-22 cron_cis_audit[1070983]:   File "/usr/local/lib/nagios/plugins/cron_cis_audit.py", line 216, in <module>
Dec 11 12:15:15 compute-std-22 cron_cis_audit[1070983]:     main()
Dec 11 12:15:15 compute-std-22 cron_cis_audit[1070983]:   File "/usr/local/lib/nagios/plugins/cron_cis_audit.py", line 210, in main
Dec 11 12:15:15 compute-std-22 cron_cis_audit[1070983]:     run_audit(profile)
Dec 11 12:15:15 compute-std-22 cron_cis_audit[1070983]:   File "/usr/local/lib/nagios/plugins/cron_cis_audit.py", line 128, in run_audit
Dec 11 12:15:15 compute-std-22 cron_cis_audit[1070983]:     subprocess.run(
Dec 11 12:15:15 compute-std-22 cron_cis_audit[1070983]:   File "/usr/lib/python3.10/subprocess.py", line 503, in run
Dec 11 12:15:15 compute-std-22 cron_cis_audit[1070983]:     with Popen(*popenargs, **kwargs) as process:
Dec 11 12:15:15 compute-std-22 cron_cis_audit[1070983]:   File "/usr/lib/python3.10/subprocess.py", line 971, in __init__
Dec 11 12:15:15 compute-std-22 cron_cis_audit[1070983]:     self._execute_child(args, executable, preexec_fn, close_fds,
Dec 11 12:15:15 compute-std-22 cron_cis_audit[1070983]:   File "/usr/lib/python3.10/subprocess.py", line 1863, in _execute_child
Dec 11 12:15:15 compute-std-22 cron_cis_audit[1070983]:     raise child_exception_type(errno_num, err_msg, err_filename)
Dec 11 12:15:15 compute-std-22 cron_cis_audit[1070983]: FileNotFoundError: [Errno 2] No such file or directory: '/usr/sbin/usg'

That would require two additional steps:

  • sudo pro enable usg
  • sudo apt install usg

While the first can be realized by ubuntu-advantage charm option (services)

ubuntu-advantage:
   charm: ubuntu-advantage
   options:
      services: "usg"

The other should would be nice to be handled by the charm
Also there could be realized by relation of the charm to ubuntu-advantage charm and setting appriopriate repo usg to be implicitly enabled.
@syncronize-issues-to-jira Syncronize issues to Jira
Copy link

Thank you for reporting us your feedback!

The internal ticket has been created: https://warthogs.atlassian.net/browse/SOLENG-990.

This message was autogenerated

@aieri
Copy link
Contributor

aieri commented Dec 13, 2024

When cis_audit check is deployed and usg is not installed we could either set the charm to blocked or return an UNKNOWN check result

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mastier @aieri