We have a role that implements the CIS benchmarks on our systems. When we get to the following play, we get the error described below:
name: Disable System Accounts - preparation
Error:
awk: cmd. line:1: |{' /bin/sh: -c: line 1: ($3<500 && $1!=“root” && $1!=“sync” && $1!=“shutdown” && $1!=“sync” && $1!=“shutdown” && $1!=“halt” && $7!=“/sbin/nologin”) { print $1 } /etc/passwd’
Any ideas?
Thanks,
I suspect your problem is simply that your shell command’s incorrectly quoted and something like:
ansible.builtin.shell: |
Note the additional quotes.
https://github.com/major/ansible-role-cis/blob/master/tasks/section_07_level1.yml mostly matches your snippet but uses simpler formatting/quoting as an example.
https://github.com/major/ansible-role-cis appears to be deprecated, as does https://github.com/major/cis-rhel-ansible
It might also be worth including:
What target operating system release(s) you’re targeting and
What versions of upstream CIS roles you’re using.
I was able to get past that issue, but now the next play is erroring out:
name: Disable System Accounts - preparation
name: Disable System Accounts
The “Disable System Accounts” is giving me “The task includes an option with an undefined variable. The error was: ‘item’ is undefined”. I’m assuming that the “enabled_system_accounts” is not defined or available at this point? Any thoughts on how to get past this?
Thanks,
Hello,
If you debug/print the whole content of “enabled_system_accounts” what do you see?
Alex
dnmvisser
March 21, 2023, 4:25pm
5
with_items is incorrectly indented