Hello,
If you debug/print the whole content of "enabled_system_accounts" what do
you see?
Is "enabled_system_accounts.stdout_lines" being populated?
Alex
On Tue, Mar 21, 2023 at 9:14 AM lift...@gmail.com <lifte...@gmail.com>
wrote:
> I was able to get past that issue, but now the next play is erroring out:
>
> - name: Disable System Accounts - preparation
> ansible.builtin.shell: |
> set -o pipefail && awk -F':' '($3<500 && $1!="root" && $1!="sync" &&
> $1!="shutdown" && $1!="sync" && $1!="shutdown" && $1!="halt" &&
> $7!="/sbin/nologin") { print $1 }' /etc/passwd
> register: enabled_system_accounts
> changed_when: false
>
> - name: Disable System Accounts
> ansible.builtin.user:
> name: "{{ item }}"
> shell: /sbin/nologin
> with_items: "{{ enabled_system_accounts.stdout_lines }}"
> when: enabled_system_accounts.stdout_lines is defined
>
>
> The "Disable System Accounts" is giving me "The task includes an option
> with an undefined variable. The error was: 'item' is undefined". I'm
> assuming that the "enabled_system_accounts" is not defined or available at
> this point? Any thoughts on how to get past this?
>
> Thanks,
> Harry
> On Tuesday, March 21, 2023 at 8:25:41 AM UTC-4 Will McDonald wrote:
>
>> I suspect your problem is simply that your shell command's incorrectly
>> quoted and something like:
>>
>> ansible.builtin.shell: |
>> set -o pipefail && awk -F':' '($3<500 && $1!="root" && $1!="sync" &&
>> $1!="shutdown" && $1!="sync" && $1!="shutdown" && $1!="halt" &&
>> $7!="/sbin/nologin") { print $1 } ' /etc/passwd
>>
>> Note the additional quotes.
>>
>>
>> https://github.com/major/ansible-role-cis/blob/master/tasks/section_07_level1.yml
>> mostly matches your snippet but uses simpler formatting/quoting as an
>> example.
>>
>> https://github.com/major/ansible-role-cis appears to be deprecated, as
>> does https://github.com/major/cis-rhel-ansible
>>
>> It might also be worth including:
>>
>> 1. What target operating system release(s) you're targeting and
>> 2. What versions of upstream CIS roles you're using.
>>
>>
>>
>>
>> On Tue, 21 Mar 2023 at 11:52, lift...@gmail.com <lift...@gmail.com>
>> wrote:
>>
>>> We have a role that implements the CIS benchmarks on our systems. When
>>> we get to the following play, we get the error described below:
>>>
>>> - name: Disable System Accounts - preparation
>>> ansible.builtin.shell: |
>>> set -o pipefail && awk -F':' \|
>>> ($3<500 && $1!="root" && $1!="sync" && $1!="shutdown" && $1!="sync"
>>> && $1!="shutdown" && $1!="halt" && $7!="/sbin/nologin") { print $1 }
>>> /etc/passwd
>>> register: enabled_system_accounts
>>> changed_when: false
>>>
>>> Error:
>>>
>>> awk: cmd. line:1: |
>>> awk: cmd. line:1: ^ syntax error
>>> /bin/sh: -c: line 1: syntax error near unexpected token `{'
>>> /bin/sh: -c: line 1: `($3<500 && $1!="root" && $1!="sync" &&
>>> $1!="shutdown" && $1!="sync" && $1!="shutdown" && $1!="halt" &&
>>> $7!="/sbin/nologin") { print $1 } /etc/passwd'
>>>
>>> Any ideas?
>>>
>>> Thanks,
>>> Harry
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Ansible Project" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to ansible-proje...@googlegroups.com.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/ansible-project/eeb341e7-e45a-4a3e-b1dd-77471c4d9706n%40googlegroups.com
>>> <https://groups.google.com/d/msgid/ansible-project/eeb341e7-e45a-4a3e-b1dd-77471c4d9706n%40googlegroups.com?utm_medium=email&utm_source=footer>
>>> .
>>>
>> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/4860da4d-9512-4b28-8f0e-1800391d9b86n%40googlegroups.com
> <https://groups.google.com/d/msgid/ansible-project/4860da4d-9512-4b28-8f0e-1800391d9b86n%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>
--
[image: Edmonton_sig_RGB_S.jpg]
Alex Wanderley
Application and Infrastructure Analyst II
Server Solutions & Automation
Financial and Corporate Services | Open City and Technology
780-496-4156 Office
780-819-0273 Mobile
City of Edmonton
Century Place, 19th Floor
9803 102A Avenue NW
Edmonton AB, T5J 3A3
All information contained in this email post is proprietary to the City of
Edmonton, confidential and intended only for the addressed recipient. If
you have received this post in error, please disregard the contents, inform
the sender of the misdirection, and remove it from your system. The
copying, dissemination or distribution of this email, if misdirected, is
strictly prohibited.
--
*The contents of this message and any attachment(s) are confidential,
proprietary to the City of Edmonton, and are intended only for the
addressed recipient. If you have received this in error, please disregard
the contents, inform the sender of the misdirection, and remove it from
your system. The copying, dissemination, or distribution of this message,
if misdirected, is strictly prohibited.*
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CADp8UUSSONcFD9FpEUnDWvXmgUmhfUw9HAM6dBK8v3e3GD8Hww%40mail.gmail.com.
