RHEL 9 ACSC ISM Official Profile - Ansible Remediation Role - set -o pipefail issue #10046

rodlilearns · 2023-01-11T03:22:41Z

The Ansible Remediation Role for RHEL 9 ACSC ISM Official Profile has a failure point.

The task Get all world-writable directories with no sticky bits set fails.

The tasks uses set -o pipefail issue which bypasses a non-zero return code if a shell exits with a non-zero return code.

However, we don't want this to fail the task.

I added a ignore_errors: true at the end of the task, to keep the playbook going.

The text was updated successfully, but these errors were encountered:

marcusburghardt · 2023-08-03T09:39:54Z

We can use the macro introduced by #10912
I am working on a PR to update the dir_perms_world_writable_sticky_bits rule.

rodlilearns added the enhancement General enhancements to the project. label Jan 11, 2023

marcusburghardt self-assigned this Aug 3, 2023

marcusburghardt added this to the 0.1.70 milestone Aug 3, 2023

marcusburghardt mentioned this issue Aug 3, 2023

Improve Ansible remediation for dir_perms_world_writable_sticky_bits #10951

Merged

jan-cerny closed this as completed in #10951 Aug 9, 2023

Provide feedback