API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 23rd, 2016
49
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 7.31 KB | None | 0 0
raw download clone embed print report
  1. 2016-03-23 18:28:17,194 p=5499 u=root |  <172.29.236.100> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/root/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=120 172.29.236.100 /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1458757697.19-52315589461934 && echo $HOME/.ansible/tmp/ansible-tmp-1458757697.19-52315589461934'
  2. 2016-03-23 18:28:17,291 p=5499 u=root |  <172.29.236.100> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/root/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=120 172.29.236.100 /bin/sh -c 'rc=flag; [ -r /etc/audit/rules.d/osas-auditd.rules ] || rc=2; [ -f /etc/audit/rules.d/osas-auditd.rules ] || rc=1; [ -d /etc/audit/rules.d/osas-auditd.rules ] && rc=3; python -V 2>/dev/null || rc=4; [ x"$rc" != "xflag" ] && echo "${rc} "/etc/audit/rules.d/osas-auditd.rules && exit 0; (python -c '"'"'import hashlib; BLOCKSIZE = 65536; hasher = hashlib.sha1(); afile = open("'"'"'/etc/audit/rules.d/osas-auditd.rules'"'"'", "rb") buf = afile.read(BLOCKSIZE) while len(buf) > 0: hasher.update(buf) buf = afile.read(BLOCKSIZE) afile.close() print(hasher.hexdigest())'"'"' 2>/dev/null) || (python -c '"'"'import sha; BLOCKSIZE = 65536; hasher = sha.sha(); afile = open("'"'"'/etc/audit/rules.d/osas-auditd.rules'"'"'", "rb") buf = afile.read(BLOCKSIZE) while len(buf) > 0: hasher.update(buf) buf = afile.read(BLOCKSIZE) afile.close() print(hasher.hexdigest())'"'"' 2>/dev/null) || (echo '"'"'0 '"'"'/etc/audit/rules.d/osas-auditd.rules)'
  3. 2016-03-23 18:28:17,307 p=5499 u=root |  <172.29.236.100> EXEC ssh -C -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/root/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=120 172.29.236.100 /bin/sh -c 'LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python ; rm -rf /root/.ansible/tmp/ansible-tmp-1458757697.19-52315589461934/ >/dev/null 2>&1'
  4. 2016-03-23 18:28:17,340 p=5499 u=root |  ok: [aio1] => {"changed": false, "gid": 0, "group": "root", "mode": "0644", "owner": "root", "path": "/etc/audit/rules.d/osas-auditd.rules", "size": 6718, "state": "file", "uid": 0}
  5. 2016-03-23 18:28:17,342 p=5499 u=root |  TASK: [openstack-ansible-security | V-38471 - Forward auditd records to syslog] ***
  6. 2016-03-23 18:28:17,349 p=5499 u=root |  <172.29.236.100> ESTABLISH CONNECTION FOR USER: root
  7. 2016-03-23 18:28:17,349 p=5499 u=root |  <172.29.236.100> REMOTE_MODULE lineinfile state=present line='active = yes' regexp='^(#)?active' dest=/etc/audisp/plugins.d/syslog.conf
  8. 2016-03-23 18:28:17,350 p=5499 u=root |  <172.29.236.100> EXEC ssh -C -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/root/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=120 172.29.236.100 /bin/sh -c 'LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python'
  9. 2016-03-23 18:28:17,383 p=5499 u=root |  ok: [aio1] => {"backup": "", "changed": false, "msg": ""}
  10. 2016-03-23 18:28:17,385 p=5499 u=root |  TASK: [openstack-ansible-security | V-54381 - The audit system must switch to single user mode when disk space is low] ***
  11. 2016-03-23 18:28:17,391 p=5499 u=root |  <172.29.236.100> ESTABLISH CONNECTION FOR USER: root
  12. 2016-03-23 18:28:17,392 p=5499 u=root |  <172.29.236.100> REMOTE_MODULE lineinfile line='admin_space_left_action = SUSPEND' regexp='^(#)?admin_space_left_action' dest=/etc/audit/auditd.conf
  13. 2016-03-23 18:28:17,393 p=5499 u=root |  <172.29.236.100> EXEC ssh -C -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/root/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=120 172.29.236.100 /bin/sh -c 'LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python'
  14. 2016-03-23 18:28:17,426 p=5499 u=root |  ok: [aio1] => {"backup": "", "changed": false, "msg": ""}
  15. 2016-03-23 18:28:17,427 p=5499 u=root |  TASK: [openstack-ansible-security | V-38475 - Set minimum length for passwords] ***
  16. 2016-03-23 18:28:17,435 p=5499 u=root |  skipping: [aio1]
  17. 2016-03-23 18:28:17,436 p=5499 u=root |  TASK: [openstack-ansible-security | V-38477 - Set minimum time for password changes] ***
  18. 2016-03-23 18:28:17,443 p=5499 u=root |  skipping: [aio1]
  19. 2016-03-23 18:28:17,444 p=5499 u=root |  TASK: [openstack-ansible-security | V-38479 - Set maximum age for passwords] ***
  20. 2016-03-23 18:28:17,450 p=5499 u=root |  skipping: [aio1]
  21. 2016-03-23 18:28:17,452 p=5499 u=root |  TASK: [openstack-ansible-security | V-38480 - Warn users prior to password expiration] ***
  22. 2016-03-23 18:28:17,458 p=5499 u=root |  skipping: [aio1]
  23. 2016-03-23 18:28:17,460 p=5499 u=root |  TASK: [openstack-ansible-security | Check for default system accounts other than root that aren't locked (for V-38496)] ***
  24. 2016-03-23 18:28:17,466 p=5499 u=root |  <172.29.236.100> ESTABLISH CONNECTION FOR USER: root
  25. 2016-03-23 18:28:17,466 p=5499 u=root |  <172.29.236.100> REMOTE_MODULE command awk -F: '$1 !~ /^root$/ && $2 !~ /^[!*]/ {print $1 ":" $2}' /etc/shadow | wc -l #USE_SHELL
  26. 2016-03-23 18:28:17,467 p=5499 u=root |  <172.29.236.100> EXEC ssh -C -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/root/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=120 172.29.236.100 /bin/sh -c 'LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python'
  27. 2016-03-23 18:28:17,504 p=5499 u=root |  changed: [aio1] => {"changed": true, "cmd": "awk -F: '$1 !~ /^root$/ && $2 !~ /^[!*]/ {print $1 \":\" $2}' /etc/shadow | wc -l", "delta": "0:00:00.001925", "end": "2016-03-23 18:28:17.498974", "failed": false, "failed_when_result": false, "rc": 0, "start": "2016-03-23 18:28:17.497049", "stderr": "", "stdout": "1", "stdout_lines": ["1"], "warnings": []}
  28. 2016-03-23 18:28:17,505 p=5499 u=root |  TASK: [openstack-ansible-security | V-38496 - Default operating system accounts (other than root) must be locked] ***
  29. 2016-03-23 18:28:17,512 p=5499 u=root |  <172.29.236.100> ESTABLISH CONNECTION FOR USER: root
  30. 2016-03-23 18:28:17,512 p=5499 u=root |  failed: [aio1] => {"failed": true}
  31. 2016-03-23 18:28:17,513 p=5499 u=root |  msg: FAILED: Lock default system user accounts (other than root)
  32. 2016-03-23 18:28:17,515 p=5499 u=root |  FATAL: all hosts have already failed -- aborting
  33. 2016-03-23 18:28:17,515 p=5499 u=root |  PLAY RECAP ********************************************************************
  34. 2016-03-23 18:28:17,515 p=5499 u=root |             to retry, use: --limit @/root/security-hardening.retry
  35.  
  36. 2016-03-23 18:28:17,515 p=5499 u=root |  aio1                       : ok=25   changed=4    unreachable=0    failed=1
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!