Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Task 5.3.3.3.3 - Ensure pam_pwhistory includes use_authtok | Ensure use_authtok is set #282

Open
msachikanta opened this issue Jan 23, 2025 · 2 comments
Open

Task 5.3.3.3.3 - Ensure pam_pwhistory includes use_authtok | Ensure use_authtok is set #282

msachikanta opened this issue Jan 23, 2025 · 2 comments
Assignees
@uk-bolly
Labels
bug Something isn't working

Comments

@msachikanta
Copy link

Have you checked ReadtheDocs?:
Yes

Describe the Issue
Getting following error during Task 5.3.3.3.3 execution:

failed: [default] (item=/etc/pam.d/password-auth) => {"ansible_loop_var": "item", "changed": false, "item": "/etc/pam.d/password-auth", "module_stderr": "Traceback (most recent call last):\n  File \"/home/ec2-user/.ansible/tmp/ansible-tmp-1737625364.8222404-7837-219091554963831/AnsiballZ_lineinfile.py\", line 107, in <module>\n    _ansiballz_main()\n  File \"/home/ec2-user/.ansible/tmp/ansible-tmp-1737625364.8222404-7837-219091554963831/AnsiballZ_lineinfile.py\", line 99, in _ansiballz_main\n    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n  File \"/home/ec2-user/.ansible/tmp/ansible-tmp-1737625364.8222404-7837-219091554963831/AnsiballZ_lineinfile.py\", line 47, in invoke_module\n    runpy.run_module(mod_name='ansible.modules.lineinfile', init_globals=dict(_module_fqn='ansible.modules.lineinfile', _modlib_path=modlib_path),\n  File \"/usr/lib64/python3.9/runpy.py\", line 225, in run_module\n    return _run_module_code(code, init_globals, run_name, mod_spec)\n  File \"/usr/lib64/python3.9/runpy.py\", line 97, in _run_module_code\n    _run_code(code, mod_globals, init_globals,\n  File \"/usr/lib64/python3.9/runpy.py\", line 87, in _run_code\n    exec(code, run_globals)\n  File \"/tmp/ansible_ansible.builtin.lineinfile_payload_wqm93hqu/ansible_ansible.builtin.lineinfile_payload.zip/ansible/modules/lineinfile.py\", line 633, in <module>\n  File \"/tmp/ansible_ansible.builtin.lineinfile_payload_wqm93hqu/ansible_ansible.builtin.lineinfile_payload.zip/ansible/modules/lineinfile.py\", line 623, in main\n  File \"/tmp/ansible_ansible.builtin.lineinfile_payload_wqm93hqu/ansible_ansible.builtin.lineinfile_payload.zip/ansible/modules/lineinfile.py\", line 319, in present\n  File \"/usr/lib64/python3.9/re.py\", line 252, in compile\n    return _compile(pattern, flags)\n  File \"/usr/lib64/python3.9/re.py\", line 304, in _compile\n    p = sre_compile.compile(pattern, flags)\n  File \"/usr/lib64/python3.9/sre_compile.py\", line 788, in compile\n    p = sre_parse.parse(p, flags)\n  File \"/usr/lib64/python3.9/sre_parse.py\", line 955, in parse\n    p = _parse_sub(source, state, flags & SRE_FLAG_VERBOSE, 0)\n  File \"/usr/lib64/python3.9/sre_parse.py\", line 444, in _parse_sub\n    itemsappend(_parse(source, state, verbose, nested + 1,\n  File \"/usr/lib64/python3.9/sre_parse.py\", line 841, in _parse\n    p = _parse_sub(source, state, sub_verbose, nested + 1)\n  File \"/usr/lib64/python3.9/sre_parse.py\", line 444, in _parse_sub\n    itemsappend(_parse(source, state, verbose, nested + 1,\n  File \"/usr/lib64/python3.9/sre_parse.py\", line 526, in _parse\n    code = _escape(source, this, state)\n  File \"/usr/lib64/python3.9/sre_parse.py\", line 427, in _escape\n    raise source.error(\"bad escape %s\" % escape, len(escape))\nre.error: bad escape \\h at position 10\nShared connection to 127.0.0.1 closed.\r\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}

Looks like its a issue with lineinfile regex.

Expected Behavior
I expect the task should be executed successfully.

Actual Behavior
Getting following error during Task 5.3.3.3.3 execution:

failed: [default] (item=/etc/pam.d/password-auth) => {"ansible_loop_var": "item", "changed": false, "item": "/etc/pam.d/password-auth", "module_stderr": "Traceback (most recent call last):\n  File \"/home/ec2-user/.ansible/tmp/ansible-tmp-1737625364.8222404-7837-219091554963831/AnsiballZ_lineinfile.py\", line 107, in <module>\n    _ansiballz_main()\n  File \"/home/ec2-user/.ansible/tmp/ansible-tmp-1737625364.8222404-7837-219091554963831/AnsiballZ_lineinfile.py\", line 99, in _ansiballz_main\n    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n  File \"/home/ec2-user/.ansible/tmp/ansible-tmp-1737625364.8222404-7837-219091554963831/AnsiballZ_lineinfile.py\", line 47, in invoke_module\n    runpy.run_module(mod_name='ansible.modules.lineinfile', init_globals=dict(_module_fqn='ansible.modules.lineinfile', _modlib_path=modlib_path),\n  File \"/usr/lib64/python3.9/runpy.py\", line 225, in run_module\n    return _run_module_code(code, init_globals, run_name, mod_spec)\n  File \"/usr/lib64/python3.9/runpy.py\", line 97, in _run_module_code\n    _run_code(code, mod_globals, init_globals,\n  File \"/usr/lib64/python3.9/runpy.py\", line 87, in _run_code\n    exec(code, run_globals)\n  File \"/tmp/ansible_ansible.builtin.lineinfile_payload_wqm93hqu/ansible_ansible.builtin.lineinfile_payload.zip/ansible/modules/lineinfile.py\", line 633, in <module>\n  File \"/tmp/ansible_ansible.builtin.lineinfile_payload_wqm93hqu/ansible_ansible.builtin.lineinfile_payload.zip/ansible/modules/lineinfile.py\", line 623, in main\n  File \"/tmp/ansible_ansible.builtin.lineinfile_payload_wqm93hqu/ansible_ansible.builtin.lineinfile_payload.zip/ansible/modules/lineinfile.py\", line 319, in present\n  File \"/usr/lib64/python3.9/re.py\", line 252, in compile\n    return _compile(pattern, flags)\n  File \"/usr/lib64/python3.9/re.py\", line 304, in _compile\n    p = sre_compile.compile(pattern, flags)\n  File \"/usr/lib64/python3.9/sre_compile.py\", line 788, in compile\n    p = sre_parse.parse(p, flags)\n  File \"/usr/lib64/python3.9/sre_parse.py\", line 955, in parse\n    p = _parse_sub(source, state, flags & SRE_FLAG_VERBOSE, 0)\n  File \"/usr/lib64/python3.9/sre_parse.py\", line 444, in _parse_sub\n    itemsappend(_parse(source, state, verbose, nested + 1,\n  File \"/usr/lib64/python3.9/sre_parse.py\", line 841, in _parse\n    p = _parse_sub(source, state, sub_verbose, nested + 1)\n  File \"/usr/lib64/python3.9/sre_parse.py\", line 444, in _parse_sub\n    itemsappend(_parse(source, state, verbose, nested + 1,\n  File \"/usr/lib64/python3.9/sre_parse.py\", line 526, in _parse\n    code = _escape(source, this, state)\n  File \"/usr/lib64/python3.9/sre_parse.py\", line 427, in _escape\n    raise source.error(\"bad escape %s\" % escape, len(escape))\nre.error: bad escape \\h at position 10\nShared connection to 127.0.0.1 closed.\r\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}

Looks like its a issue with lineinfile regex.

Control(s) Affected
What controls are being affected by the issue

rhel9cis_rule_5_3_3_3_3

Environment (please complete the following information):

  • branch being used: devel

Additional Notes
If it can be fixed earliest, that will be really great.

Possible Solution
Regex update might fix the issue.
@msachikanta msachikanta added the bug Something isn't working label Jan 23, 2025
@uk-bolly
Copy link
Member

hi @msachikanta

Thank you for raising this, can you confirm you are not using authselect option?

Many thanks

uk-bolly

@uk-bolly uk-bolly self-assigned this Jan 30, 2025
@msachikanta
Copy link
Author

Hi @uk-bolly
I am not using authselect option, coz I use PAM.
Thanks, Sachi

uk-bolly added a commit that referenced this issue Jan 30, 2025
@uk-bolly
addressed issue #282
fecfb7e 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
@uk-bolly uk-bolly mentioned this issue Jan 30, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@uk-bolly uk-bolly

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@msachikanta @uk-bolly