Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 2016-03-23 18:28:17,194 p=5499 u=root | <172.29.236.100> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/root/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=120 172.29.236.100 /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1458757697.19-52315589461934 && echo $HOME/.ansible/tmp/ansible-tmp-1458757697.19-52315589461934'
- 2016-03-23 18:28:17,291 p=5499 u=root | <172.29.236.100> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/root/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=120 172.29.236.100 /bin/sh -c 'rc=flag; [ -r /etc/audit/rules.d/osas-auditd.rules ] || rc=2; [ -f /etc/audit/rules.d/osas-auditd.rules ] || rc=1; [ -d /etc/audit/rules.d/osas-auditd.rules ] && rc=3; python -V 2>/dev/null || rc=4; [ x"$rc" != "xflag" ] && echo "${rc} "/etc/audit/rules.d/osas-auditd.rules && exit 0; (python -c '"'"'import hashlib; BLOCKSIZE = 65536; hasher = hashlib.sha1(); afile = open("'"'"'/etc/audit/rules.d/osas-auditd.rules'"'"'", "rb") buf = afile.read(BLOCKSIZE) while len(buf) > 0: hasher.update(buf) buf = afile.read(BLOCKSIZE) afile.close() print(hasher.hexdigest())'"'"' 2>/dev/null) || (python -c '"'"'import sha; BLOCKSIZE = 65536; hasher = sha.sha(); afile = open("'"'"'/etc/audit/rules.d/osas-auditd.rules'"'"'", "rb") buf = afile.read(BLOCKSIZE) while len(buf) > 0: hasher.update(buf) buf = afile.read(BLOCKSIZE) afile.close() print(hasher.hexdigest())'"'"' 2>/dev/null) || (echo '"'"'0 '"'"'/etc/audit/rules.d/osas-auditd.rules)'
- 2016-03-23 18:28:17,307 p=5499 u=root | <172.29.236.100> EXEC ssh -C -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/root/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=120 172.29.236.100 /bin/sh -c 'LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python ; rm -rf /root/.ansible/tmp/ansible-tmp-1458757697.19-52315589461934/ >/dev/null 2>&1'
- 2016-03-23 18:28:17,340 p=5499 u=root | ok: [aio1] => {"changed": false, "gid": 0, "group": "root", "mode": "0644", "owner": "root", "path": "/etc/audit/rules.d/osas-auditd.rules", "size": 6718, "state": "file", "uid": 0}
- 2016-03-23 18:28:17,342 p=5499 u=root | TASK: [openstack-ansible-security | V-38471 - Forward auditd records to syslog] ***
- 2016-03-23 18:28:17,349 p=5499 u=root | <172.29.236.100> ESTABLISH CONNECTION FOR USER: root
- 2016-03-23 18:28:17,349 p=5499 u=root | <172.29.236.100> REMOTE_MODULE lineinfile state=present line='active = yes' regexp='^(#)?active' dest=/etc/audisp/plugins.d/syslog.conf
- 2016-03-23 18:28:17,350 p=5499 u=root | <172.29.236.100> EXEC ssh -C -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/root/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=120 172.29.236.100 /bin/sh -c 'LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python'
- 2016-03-23 18:28:17,383 p=5499 u=root | ok: [aio1] => {"backup": "", "changed": false, "msg": ""}
- 2016-03-23 18:28:17,385 p=5499 u=root | TASK: [openstack-ansible-security | V-54381 - The audit system must switch to single user mode when disk space is low] ***
- 2016-03-23 18:28:17,391 p=5499 u=root | <172.29.236.100> ESTABLISH CONNECTION FOR USER: root
- 2016-03-23 18:28:17,392 p=5499 u=root | <172.29.236.100> REMOTE_MODULE lineinfile line='admin_space_left_action = SUSPEND' regexp='^(#)?admin_space_left_action' dest=/etc/audit/auditd.conf
- 2016-03-23 18:28:17,393 p=5499 u=root | <172.29.236.100> EXEC ssh -C -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/root/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=120 172.29.236.100 /bin/sh -c 'LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python'
- 2016-03-23 18:28:17,426 p=5499 u=root | ok: [aio1] => {"backup": "", "changed": false, "msg": ""}
- 2016-03-23 18:28:17,427 p=5499 u=root | TASK: [openstack-ansible-security | V-38475 - Set minimum length for passwords] ***
- 2016-03-23 18:28:17,435 p=5499 u=root | skipping: [aio1]
- 2016-03-23 18:28:17,436 p=5499 u=root | TASK: [openstack-ansible-security | V-38477 - Set minimum time for password changes] ***
- 2016-03-23 18:28:17,443 p=5499 u=root | skipping: [aio1]
- 2016-03-23 18:28:17,444 p=5499 u=root | TASK: [openstack-ansible-security | V-38479 - Set maximum age for passwords] ***
- 2016-03-23 18:28:17,450 p=5499 u=root | skipping: [aio1]
- 2016-03-23 18:28:17,452 p=5499 u=root | TASK: [openstack-ansible-security | V-38480 - Warn users prior to password expiration] ***
- 2016-03-23 18:28:17,458 p=5499 u=root | skipping: [aio1]
- 2016-03-23 18:28:17,460 p=5499 u=root | TASK: [openstack-ansible-security | Check for default system accounts other than root that aren't locked (for V-38496)] ***
- 2016-03-23 18:28:17,466 p=5499 u=root | <172.29.236.100> ESTABLISH CONNECTION FOR USER: root
- 2016-03-23 18:28:17,466 p=5499 u=root | <172.29.236.100> REMOTE_MODULE command awk -F: '$1 !~ /^root$/ && $2 !~ /^[!*]/ {print $1 ":" $2}' /etc/shadow | wc -l #USE_SHELL
- 2016-03-23 18:28:17,467 p=5499 u=root | <172.29.236.100> EXEC ssh -C -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/root/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=120 172.29.236.100 /bin/sh -c 'LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python'
- 2016-03-23 18:28:17,504 p=5499 u=root | changed: [aio1] => {"changed": true, "cmd": "awk -F: '$1 !~ /^root$/ && $2 !~ /^[!*]/ {print $1 \":\" $2}' /etc/shadow | wc -l", "delta": "0:00:00.001925", "end": "2016-03-23 18:28:17.498974", "failed": false, "failed_when_result": false, "rc": 0, "start": "2016-03-23 18:28:17.497049", "stderr": "", "stdout": "1", "stdout_lines": ["1"], "warnings": []}
- 2016-03-23 18:28:17,505 p=5499 u=root | TASK: [openstack-ansible-security | V-38496 - Default operating system accounts (other than root) must be locked] ***
- 2016-03-23 18:28:17,512 p=5499 u=root | <172.29.236.100> ESTABLISH CONNECTION FOR USER: root
- 2016-03-23 18:28:17,512 p=5499 u=root | failed: [aio1] => {"failed": true}
- 2016-03-23 18:28:17,513 p=5499 u=root | msg: FAILED: Lock default system user accounts (other than root)
- 2016-03-23 18:28:17,515 p=5499 u=root | FATAL: all hosts have already failed -- aborting
- 2016-03-23 18:28:17,515 p=5499 u=root | PLAY RECAP ********************************************************************
- 2016-03-23 18:28:17,515 p=5499 u=root | to retry, use: --limit @/root/security-hardening.retry
- 2016-03-23 18:28:17,515 p=5499 u=root | aio1 : ok=25 changed=4 unreachable=0 failed=1
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement