0
運行我的腳本時,我總是收到「錯誤!該字段'主機'是必需的,但沒有設置」。任何人都可以告訴我什麼是我失蹤。我目前正在嘗試對2個6個虛擬機實施DISA stig加固。運行我的腳本時,我總是收到
---
- name: Stig implementation
hosts: Database
tasks:
- name: upgrade all packages
command: yum upgrade -y
- name: update all packages
command: yum update -y
- name: /etc/passd file is owned by root
command: chown root:root /etc/passwd
- name: remove rsh-server package
command: yum erase rsh-server
- name: bootload configuration owner is root
command: chgrp root /etc/grub.conf
- name: rshd service disabled
command: chkconfig rsh off
- name: rexecd service disabled
command: chkconfig rexec off
- name: remove telnet and telnet-server
command: yum erase telnet-server && yum erase telnet
- lineinfile: dest=/etc/ssh/sshd_config
state=present
regexp='PermitEmptyPasswords'
line='PermitEmptyPasswords no'
backup=yes
- lineinfile: dest=/etc/ssh/sshd_config
state=present
regexp='HostbasedAuthentication'
line='HostbasedAuthentication no'
backup=yes
- name: Change etc/group ownership
command: chgrp root /etc/group
- name: operating system must connect to external networks
command: chkconfig ip6tables on && service ip6tables start
- name: add lines
lineinfile: dest=/etc/audit/audit.rules
line='{{item}}'
with_items:
- '-w /sbin/insmod -p x -k modules'
- '-w /sbin/rmmod -p x -k modules'
- '-w /sbin/modprobe -p x -k modules'
- '-a always,exit -F arch=[b64] -S init_module -S delete_module -k modules'
- name: disable xinetd
command: chkconfig xinetd off && service xinetd stop
- name: turn off and disable netconsole
command: chkconfig netconsole off && service netconsole stop
我的主機文件
[localhost]
x.x.x.x
[Database]
x.x.x.x
x.x.x.x
我們需要的更多細節錯誤 - 它發生了什麼?你能發佈完整的輸出嗎? –
另外,順便說一句,你已經列出的一些命令已經有了等價物 - 比如yum。 –
檢查任務的填充。也許一個任務意外地變成了一場戲。正如在上面的評論中指出的,許多命令應該替換爲可用的本地模塊。 –