Correct file permissions with RPM Ansible play throws errors for empty lines returned. The one liner that is used returns empty lines and then the "rpm --setperms" command fails.
# Ansible remediation role for the results of evaluation of profile xccdf_org.ssgproject.content_profile_standard
# XCCDF Version: unknown
#
# Evaluation Start Time: 2018-09-11T15:59:23
▽
# Evaluation End Time: 2018-09-11T16:02:53
#
# This file was generated by OpenSCAP 1.2.16 using:
# $ oscap xccdf generate fix --result-id xccdf_org.open-scap_testresult_xccdf_org.ssgproject.content_profile_standard --template urn:xccdf:fix:script:ansible xccdf-results.xml
#### Actual Results:
Fails on empty lines and succeeds on non empty lines (as expected) see below output.
PLAY [Make open-scap changes based on results.] **************************************************************************************************************
TASK [Gathering Facts] ***************************************************************************************************************************************
ok: [soctxadm01]
TASK [oscap : Read list of files with incorrect permissions] *************************************************************************************************
[WARNING]: Consider using yum, dnf or zypper module rather than running rpm
ok: [soctxadm01]
TASK [oscap : Correct file permissions with RPM] *************************************************************************************************************
failed: [soctxadm01] (item=) => {"changed": true, "cmd": "rpm --setperms $(rpm -qf '')", "delta": "0:00:00.057597", "end": "2018-09-11 20:49:38.715275", "item": "", "msg": "non-zero return code", "rc": 1, "start": "2018-09-11 20:49:38.657678", "stderr": "error: file : No such file or directory\nrpm: no arguments given for query", "stderr_lines": ["error: file : No such file or directory", "rpm: no arguments given for query"], "stdout": "", "stdout_lines": []}
failed: [soctxadm01] (item=) => {"changed": true, "cmd": "rpm --setperms $(rpm -qf '')", "delta": "0:00:00.062367", "end": "2018-09-11 20:49:39.482394", "item": "", "msg": "non-zero return code", "rc": 1, "start": "2018-09-11 20:49:39.420027", "stderr": "error: file : No such file or directory\nrpm: no arguments given for query", "stderr_lines": ["error: file : No such file or directory", "rpm: no arguments given for query"], "stdout": "", "stdout_lines": []}
failed: [soctxadm01] (item=) => {"changed": true, "cmd": "rpm --setperms $(rpm -qf '')", "delta": "0:00:00.060333", "end": "2018-09-11 20:49:40.243464", "item": "", "msg": "non-zero return code", "rc": 1, "start": "2018-09-11 20:49:40.183131", "stderr": "error: file : No such file or directory\nrpm: no arguments given for query", "stderr_lines": ["error: file : No such file or directory", "rpm: no arguments given for query"], "stdout": "", "stdout_lines": []}
failed: [soctxadm01] (item=) => {"changed": true, "cmd": "rpm --setperms $(rpm -qf '')", "delta": "0:00:00.056783", "end": "2018-09-11 20:49:41.002498", "item": "", "msg": "non-zero return code", "rc": 1, "start": "2018-09-11 20:49:40.945715", "stderr": "error: file : No such file or directory\nrpm: no arguments given for query", "stderr_lines": ["error: file : No such file or directory", "rpm: no arguments given for query"], "stdout": "", "stdout_lines": []}
**changed: [soctxadm01] => (item=/opt/splunkforwarder/etc/auth)**
failed: [soctxadm01] (item=) => {"changed": true, "cmd": "rpm --setperms $(rpm -qf '')", "delta": "0:00:00.060986", "end": "2018-09-11 20:49:42.725782", "item": "", "msg": "non-zero return code", "rc": 1, "start": "2018-09-11 20:49:42.664796", "stderr": "error: file : No such file or directory\nrpm: no arguments given for query", "stderr_lines": ["error: file : No such file or directory", "rpm: no arguments given for query"], "stdout": "", "stdout_lines": []}
failed: [soctxadm01] (item=) => {"changed": true, "cmd": "rpm --setperms $(rpm -qf '')", "delta": "0:00:00.061702", "end": "2018-09-11 20:49:43.515857", "item": "", "msg": "non-zero return code", "rc": 1, "start": "2018-09-11 20:49:43.454155", "stderr": "error: file : No such file or directory\nrpm: no arguments given for query", "stderr_lines": ["error: file : No such file or directory", "rpm: no arguments given for query"], "stdout": "", "stdout_lines": []}
failed: [soctxadm01] (item=) => {"changed": true, "cmd": "rpm --setperms $(rpm -qf '')", "delta": "0:00:00.057170", "end": "2018-09-11 20:49:44.275944", "item": "", "msg": "non-zero return code", "rc": 1, "start": "2018-09-11 20:49:44.218774", "stderr": "error: file : No such file or directory\nrpm: no arguments given for query", "stderr_lines": ["error: file : No such file or directory", "rpm: no arguments given for query"], "stdout": "", "stdout_lines": []}
failed: [soctxadm01] (item=) => {"changed": true, "cmd": "rpm --setperms $(rpm -qf '')", "delta": "0:00:00.057145", "end": "2018-09-11 20:49:45.024893", "item": "", "msg": "non-zero return code", "rc": 1, "start": "2018-09-11 20:49:44.967748", "stderr": "error: file : No such file or directory\nrpm: no arguments given for query", "stderr_lines": ["error: file : No such file or directory", "rpm: no arguments given for query"], "stdout": "", "stdout_lines": []}
failed: [soctxadm01] (item=) => {"changed": true, "cmd": "rpm --setperms $(rpm -qf '')", "delta": "0:00:00.055314", "end": "2018-09-11 20:49:45.824828", "item": "", "msg": "non-zero return code", "rc": 1, "start": "2018-09-11 20:49:45.769514", "stderr": "error: file : No such file or directory\nrpm: no arguments given for query", "stderr_lines": ["error: file : No such file or directory", "rpm: no arguments given for query"], "stdout": "", "stdout_lines": []}
failed: [soctxadm01] (item=) => {"changed": true, "cmd": "rpm --setperms $(rpm -qf '')", "delta": "0:00:00.058074", "end": "2018-09-11 20:49:46.584866", "item": "", "msg": "non-zero return code", "rc": 1, "start": "2018-09-11 20:49:46.526792", "stderr": "error: file : No such file or directory\nrpm: no arguments given for query", "stderr_lines": ["error: file : No such file or directory", "rpm: no arguments given for query"], "stdout": "", "stdout_lines": []}
failed: [soctxadm01] (item=) => {"changed": true, "cmd": "rpm --setperms $(rpm -qf '')", "delta": "0:00:00.056553", "end": "2018-09-11 20:49:47.375288", "item": "", "msg": "non-zero return code", "rc": 1, "start": "2018-09-11 20:49:47.318735", "stderr": "error: file : No such file or directory\nrpm: no arguments given for query", "stderr_lines": ["error: file : No such file or directory", "rpm: no arguments given for query"], "stdout": "", "stdout_lines": []}
failed: [soctxadm01] (item=) => {"changed": true, "cmd": "rpm --setperms $(rpm -qf '')", "delta": "0:00:00.059886", "end": "2018-09-11 20:49:48.166889", "item": "", "msg": "non-zero return code", "rc": 1, "start": "2018-09-11 20:49:48.107003", "stderr": "error: file : No such file or directory\nrpm: no arguments given for query", "stderr_lines": ["error: file : No such file or directory", "rpm: no arguments given for query"], "stdout": "", "stdout_lines": []}
failed: [soctxadm01] (item=) => {"changed": true, "cmd": "rpm --setperms $(rpm -qf '')", "delta": "0:00:00.056782", "end": "2018-09-11 20:49:48.933468", "item": "", "msg": "non-zero return code", "rc": 1, "start": "2018-09-11 20:49:48.876686", "stderr": "error: file : No such file or directory\nrpm: no arguments given for query", "stderr_lines": ["error: file : No such file or directory", "rpm: no arguments given for query"], "stdout": "", "stdout_lines": []}
failed: [soctxadm01] (item=) => {"changed": true, "cmd": "rpm --setperms $(rpm -qf '')", "delta": "0:00:00.055651", "end": "2018-09-11 20:49:49.676099", "item": "", "msg": "non-zero return code", "rc": 1, "start": "2018-09-11 20:49:49.620448", "stderr": "error: file : No such file or directory\nrpm: no arguments given for query", "stderr_lines": ["error: file : No such file or directory", "rpm: no arguments given for query"], "stdout": "", "stdout_lines": []}
failed: [soctxadm01] (item=) => {"changed": true, "cmd": "rpm --setperms $(rpm -qf '')", "delta": "0:00:00.059687", "end": "2018-09-11 20:49:50.434649", "item": "", "msg": "non-zero return code", "rc": 1, "start": "2018-09-11 20:49:50.374962", "stderr": "error: file : No such file or directory\nrpm: no arguments given for query", "stderr_lines": ["error: file : No such file or directory", "rpm: no arguments given for query"], "stdout": "", "stdout_lines": []}
failed: [soctxadm01] (item=) => {"changed": true, "cmd": "rpm --setperms $(rpm -qf '')", "delta": "0:00:00.056253", "end": "2018-09-11 20:49:51.228388", "item": "", "msg": "non-zero return code", "rc": 1, "start": "2018-09-11 20:49:51.172135", "stderr": "error: file : No such file or directory\nrpm: no arguments given for query", "stderr_lines": ["error: file : No such file or directory", "rpm: no arguments given for query"], "stdout": "", "stdout_lines": []}
failed: [soctxadm01] (item=) => {"changed": true, "cmd": "rpm --setperms $(rpm -qf '')", "delta": "0:00:00.055444", "end": "2018-09-11 20:49:51.992743", "item": "", "msg": "non-zero return code", "rc": 1, "start": "2018-09-11 20:49:51.937299", "stderr": "error: file : No such file or directory\nrpm: no arguments given for query", "stderr_lines": ["error: file : No such file or directory", "rpm: no arguments given for query"], "stdout": "", "stdout_lines": []}
failed: [soctxadm01] (item=) => {"changed": true, "cmd": "rpm --setperms $(rpm -qf '')", "delta": "0:00:00.055757", "end": "2018-09-11 20:49:52.791141", "item": "", "msg": "non-zero return code", "rc": 1, "start": "2018-09-11 20:49:52.735384", "stderr": "error: file : No such file or directory\nrpm: no arguments given for query", "stderr_lines": ["error: file : No such file or directory", "rpm: no arguments given for query"], "stdout": "", "stdout_lines": []}
failed: [soctxadm01] (item=) => {"changed": true, "cmd": "rpm --setperms $(rpm -qf '')", "delta": "0:00:00.056513", "end": "2018-09-11 20:49:53.612805", "item": "", "msg": "non-zero return code", "rc": 1, "start": "2018-09-11 20:49:53.556292", "stderr": "error: file : No such file or directory\nrpm: no arguments given for query", "stderr_lines": ["error: file : No such file or directory", "rpm: no arguments given for query"], "stdout": "", "stdout_lines": []}
failed: [soctxadm01] (item=) => {"changed": true, "cmd": "rpm --setperms $(rpm -qf '')", "delta": "0:00:00.055389", "end": "2018-09-11 20:49:54.444850", "item": "", "msg": "non-zero return code", "rc": 1, "start": "2018-09-11 20:49:54.389461", "stderr": "error: file : No such file or directory\nrpm: no arguments given for query", "stderr_lines": ["error: file : No such file or directory", "rpm: no arguments given for query"], "stdout": "", "stdout_lines": []}
failed: [soctxadm01] (item=) => {"changed": true, "cmd": "rpm --setperms $(rpm -qf '')", "delta": "0:00:00.056185", "end": "2018-09-11 20:49:55.195202", "item": "", "msg": "non-zero return code", "rc": 1, "start": "2018-09-11 20:49:55.139017", "stderr": "error: file : No such file or directory\nrpm: no arguments given for query", "stderr_lines": ["error: file : No such file or directory", "rpm: no arguments given for query"], "stdout": "", "stdout_lines": []}
failed: [soctxadm01] (item=) => {"changed": true, "cmd": "rpm --setperms $(rpm -qf '')", "delta": "0:00:00.055412", "end": "2018-09-11 20:49:55.916375", "item": "", "msg": "non-zero return code", "rc": 1, "start": "2018-09-11 20:49:55.860963", "stderr": "error: file : No such file or directory\nrpm: no arguments given for query", "stderr_lines": ["error: file : No such file or directory", "rpm: no arguments given for query"], "stdout": "", "stdout_lines": []}
**changed: [soctxadm01] => (item=/etc/insights-client/.exp.sed)
changed: [soctxadm01] => (item=/etc/insights-client/.fallback.json)
changed: [soctxadm01] => (item=/etc/insights-client/.fallback.json.asc)
changed: [soctxadm01] => (item=/etc/insights-client/cert-api.access.redhat.com.pem)**
failed: [soctxadm01] (item=) => {"changed": true, "cmd": "rpm --setperms $(rpm -qf '')", "delta": "0:00:00.056488", "end": "2018-09-11 20:49:59.966179", "item": "", "msg": "non-zero return code", "rc": 1, "start": "2018-09-11 20:49:59.909691", "stderr": "error: file : No such file or directory\nrpm: no arguments given for query", "stderr_lines": ["error: file : No such file or directory", "rpm: no arguments given for query"], "stdout": "", "stdout_lines": []}
**changed: [soctxadm01] => (item=/etc/insights-client/redhattools.pub.gpg)
changed: [soctxadm01] => (item=/etc/insights-client/rpm.egg)
changed: [soctxadm01] => (item=/etc/insights-client/rpm.egg.asc)**
to retry, use: --limit @/home/v683653/development/ops/redhat/ansible/rh_oscap.retry
PLAY RECAP ***************************************************************************************************************************************************
soctxadm01 : ok=2 changed=0 unreachable=0 failed=1
Here is an easy fix to this issue, I just added a pipe (|) and another sed at the end to remove blank lines. I would provide a patch, but I don't know what file create the Ansible fix in order to edit it and send back the patch.
rpm -Va | grep '^.M' | cut -d ' ' -f5- | sed -r 's;^.*\s+(.+);\1;g'|sed -e '/^$/d'
Description of problem:
Correct file permissions with RPM Ansible play throws errors for empty lines returned. The one liner that is used returns empty lines and then the "rpm --setperms" command fails.
SCAP Security Guide Version:
Name : scap-security-guide
Arch : noarch
Version : 0.1.36
Release : 9.el7_5
Size : 61 M
Operating System Version:
Red Hat Enterprise Linux Server release 7.5 (Maipo)
Steps to Reproduce:
This is from the Anisble playbook that is created from the generate
Expected Results:
To not return empty lines then the 'rpm --setperms' command will not fail
Addition Information/Debugging Steps:
Here is an easy fix to this issue, I just added a pipe (|) and another sed at the end to remove blank lines. I would provide a patch, but I don't know what file create the Ansible fix in order to edit it and send back the patch.
rpm -Va | grep '^.M' | cut -d ' ' -f5- | sed -r 's;^.*\s+(.+);\1;g'|sed -e '/^$/d'
EDIT by @mpreisler: formatting