Created
September 21, 2017 10:41
-
-
Save Inveracity/c1b5c3eda1efebb51dfaf01ea06fb179 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ salt-call hubble.top -l debug | |
| [DEBUG ] Reading configuration from /etc/salt/minion | |
| [DEBUG ] Including configuration from '/etc/salt/minion.d/_schedule.conf' | |
| [DEBUG ] Reading configuration from /etc/salt/minion.d/_schedule.conf | |
| [DEBUG ] Including configuration from '/etc/salt/minion.d/hubblestack.conf' | |
| [DEBUG ] Reading configuration from /etc/salt/minion.d/hubblestack.conf | |
| [DEBUG ] Including configuration from '/etc/salt/minion.d/minion.conf' | |
| [DEBUG ] Reading configuration from /etc/salt/minion.d/minion.conf | |
| [DEBUG ] Using cached minion ID from /etc/salt/minion_id: master | |
| [DEBUG ] Configuration file path: /etc/salt/minion | |
| [WARNING ] Insecure logging configuration detected! Sensitive data may be logged. | |
| [DEBUG ] Reading configuration from /etc/salt/minion | |
| [DEBUG ] Including configuration from '/etc/salt/minion.d/_schedule.conf' | |
| [DEBUG ] Reading configuration from /etc/salt/minion.d/_schedule.conf | |
| [DEBUG ] Including configuration from '/etc/salt/minion.d/hubblestack.conf' | |
| [DEBUG ] Reading configuration from /etc/salt/minion.d/hubblestack.conf | |
| [DEBUG ] Including configuration from '/etc/salt/minion.d/minion.conf' | |
| [DEBUG ] Reading configuration from /etc/salt/minion.d/minion.conf | |
| [DEBUG ] Please install 'virt-what' to improve results of the 'virtual' grain. | |
| [DEBUG ] Connecting to master. Attempt 1 of 1 | |
| [DEBUG ] Initializing new AsyncAuth for ('/etc/salt/pki/minion', 'master', 'tcp://192.168.56.2:4506') | |
| [DEBUG ] Generated random reconnect delay between '1000ms' and '11000ms' (7330) | |
| [DEBUG ] Setting zmq_reconnect_ivl to '7330ms' | |
| [DEBUG ] Setting zmq_reconnect_ivl_max to '11000ms' | |
| [DEBUG ] Initializing new AsyncZeroMQReqChannel for ('/etc/salt/pki/minion', 'master', 'tcp://192.168.56.2:4506', 'clear') | |
| [DEBUG ] Decrypting the current master AES key | |
| [DEBUG ] Loaded minion key: /etc/salt/pki/minion/minion.pem | |
| [DEBUG ] SaltEvent PUB socket URI: /var/run/salt/minion/minion_event_fc613b4dfd_pub.ipc | |
| [DEBUG ] SaltEvent PULL socket URI: /var/run/salt/minion/minion_event_fc613b4dfd_pull.ipc | |
| [DEBUG ] Initializing new IPCClient for path: /var/run/salt/minion/minion_event_fc613b4dfd_pull.ipc | |
| [DEBUG ] Sending event: tag = salt/auth/creds; data = {'_stamp': '2017-09-21T10:38:55.006922', 'creds': {'publish_port': 4505, 'aes': 'G6NA1PUoJpMTHtJLZFemyivkEGKo/KDh3mbE0w8IFLll2kfrjpJ5oOqJ6/d3Yo0rYH1vI/wCBdo=', 'master_uri': 'tcp://192.168.56.2:4506'}, 'key': ('/etc/salt/pki/minion', 'master', 'tcp://192.168.56.2:4506')} | |
| [DEBUG ] Loaded minion key: /etc/salt/pki/minion/minion.pem | |
| [DEBUG ] Determining pillar cache | |
| [DEBUG ] Initializing new AsyncZeroMQReqChannel for ('/etc/salt/pki/minion', 'master', 'tcp://192.168.56.2:4506', 'aes') | |
| [DEBUG ] Initializing new AsyncAuth for ('/etc/salt/pki/minion', 'master', 'tcp://192.168.56.2:4506') | |
| [DEBUG ] Loaded minion key: /etc/salt/pki/minion/minion.pem | |
| [DEBUG ] LazyLoaded jinja.render | |
| [DEBUG ] LazyLoaded yaml.render | |
| [DEBUG ] LazyLoaded hubble.top | |
| [DEBUG ] LazyLoaded config.get | |
| [DEBUG ] syncing nova modules | |
| [DEBUG ] LazyLoaded cp.cache_dir | |
| [DEBUG ] Initializing new AsyncZeroMQReqChannel for ('/etc/salt/pki/minion', 'master', 'tcp://192.168.56.2:4506', 'aes') | |
| [DEBUG ] Initializing new AsyncAuth for ('/etc/salt/pki/minion', 'master', 'tcp://192.168.56.2:4506') | |
| [INFO ] Caching directory 'hubblestack_nova/' for environment 'base' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova/command.py' to resolve 'salt://hubblestack_nova/command.py' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/command.py' to resolve 'salt://hubblestack_nova/command.py' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cve_scan.py' to resolve 'salt://hubblestack_nova/cve_scan.py' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/cve_scan.py' to resolve 'salt://hubblestack_nova/cve_scan.py' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cve_scan_v2.py' to resolve 'salt://hubblestack_nova/cve_scan_v2.py' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/cve_scan_v2.py' to resolve 'salt://hubblestack_nova/cve_scan_v2.py' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova/firewall.py' to resolve 'salt://hubblestack_nova/firewall.py' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/firewall.py' to resolve 'salt://hubblestack_nova/firewall.py' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova/grep.py' to resolve 'salt://hubblestack_nova/grep.py' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/grep.py' to resolve 'salt://hubblestack_nova/grep.py' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova/misc.py' to resolve 'salt://hubblestack_nova/misc.py' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/misc.py' to resolve 'salt://hubblestack_nova/misc.py' | |
| [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://hubblestack_nova/misc.py' | |
| [DEBUG ] No dest file found | |
| [INFO ] Fetching file from saltenv 'base', ** done ** 'hubblestack_nova/misc.py' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova/mount.py' to resolve 'salt://hubblestack_nova/mount.py' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/mount.py' to resolve 'salt://hubblestack_nova/mount.py' | |
| [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://hubblestack_nova/mount.py' | |
| [DEBUG ] No dest file found | |
| [INFO ] Fetching file from saltenv 'base', ** done ** 'hubblestack_nova/mount.py' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova/netstat.py' to resolve 'salt://hubblestack_nova/netstat.py' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/netstat.py' to resolve 'salt://hubblestack_nova/netstat.py' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova/openssl.py' to resolve 'salt://hubblestack_nova/openssl.py' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/openssl.py' to resolve 'salt://hubblestack_nova/openssl.py' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova/pkg.py' to resolve 'salt://hubblestack_nova/pkg.py' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/pkg.py' to resolve 'salt://hubblestack_nova/pkg.py' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova/pkgng_audit.py' to resolve 'salt://hubblestack_nova/pkgng_audit.py' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/pkgng_audit.py' to resolve 'salt://hubblestack_nova/pkgng_audit.py' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova/service.py' to resolve 'salt://hubblestack_nova/service.py' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/service.py' to resolve 'salt://hubblestack_nova/service.py' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova/stat_nova.py' to resolve 'salt://hubblestack_nova/stat_nova.py' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/stat_nova.py' to resolve 'salt://hubblestack_nova/stat_nova.py' | |
| [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://hubblestack_nova/stat_nova.py' | |
| [DEBUG ] No dest file found | |
| [INFO ] Fetching file from saltenv 'base', ** done ** 'hubblestack_nova/stat_nova.py' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova/sysctl.py' to resolve 'salt://hubblestack_nova/sysctl.py' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/sysctl.py' to resolve 'salt://hubblestack_nova/sysctl.py' | |
| [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://hubblestack_nova/sysctl.py' | |
| [DEBUG ] No dest file found | |
| [INFO ] Fetching file from saltenv 'base', ** done ** 'hubblestack_nova/sysctl.py' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova/systemctl.py' to resolve 'salt://hubblestack_nova/systemctl.py' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/systemctl.py' to resolve 'salt://hubblestack_nova/systemctl.py' | |
| [DEBUG ] Fetching file from saltenv 'base', ** attempting ** 'salt://hubblestack_nova/systemctl.py' | |
| [DEBUG ] No dest file found | |
| [INFO ] Fetching file from saltenv 'base', ** done ** 'hubblestack_nova/systemctl.py' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova/vulners_scanner.py' to resolve 'salt://hubblestack_nova/vulners_scanner.py' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/vulners_scanner.py' to resolve 'salt://hubblestack_nova/vulners_scanner.py' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova/win_auditpol.py' to resolve 'salt://hubblestack_nova/win_auditpol.py' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/win_auditpol.py' to resolve 'salt://hubblestack_nova/win_auditpol.py' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova/win_firewall.py' to resolve 'salt://hubblestack_nova/win_firewall.py' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/win_firewall.py' to resolve 'salt://hubblestack_nova/win_firewall.py' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova/win_gp.py' to resolve 'salt://hubblestack_nova/win_gp.py' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/win_gp.py' to resolve 'salt://hubblestack_nova/win_gp.py' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova/win_pkg.py' to resolve 'salt://hubblestack_nova/win_pkg.py' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/win_pkg.py' to resolve 'salt://hubblestack_nova/win_pkg.py' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova/win_reg.py' to resolve 'salt://hubblestack_nova/win_reg.py' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/win_reg.py' to resolve 'salt://hubblestack_nova/win_reg.py' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova/win_secedit.py' to resolve 'salt://hubblestack_nova/win_secedit.py' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/win_secedit.py' to resolve 'salt://hubblestack_nova/win_secedit.py' | |
| [INFO ] Caching directory 'hubblestack_nova_profiles/' for environment 'base' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova_profiles/centos_6.json' to resolve 'salt://hubblestack_nova_profiles/centos_6.json' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova_profiles/centos_6.json' to resolve 'salt://hubblestack_nova_profiles/centos_6.json' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova_profiles/centos_7.json' to resolve 'salt://hubblestack_nova_profiles/centos_7.json' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova_profiles/centos_7.json' to resolve 'salt://hubblestack_nova_profiles/centos_7.json' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova_profiles/cis/amazon-201409-level-1-scored-v1-0-0.yaml' to resolve 'salt://hubblestack_nova_profiles/cis/amazon-201409-level-1-scored-v1-0-0.yaml' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova_profiles/cis/amazon-201409-level-1-scored-v1-0-0.yaml' to resolve 'salt://hubblestack_nova_profiles/cis/amazon-201409-level-1-scored-v1-0-0.yaml' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova_profiles/cis/amazon-level-1-scored-v1-0-0.yaml' to resolve 'salt://hubblestack_nova_profiles/cis/amazon-level-1-scored-v1-0-0.yaml' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova_profiles/cis/amazon-level-1-scored-v1-0-0.yaml' to resolve 'salt://hubblestack_nova_profiles/cis/amazon-level-1-scored-v1-0-0.yaml' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova_profiles/cis/amazon-level-1-scored-v2-0-0.yaml' to resolve 'salt://hubblestack_nova_profiles/cis/amazon-level-1-scored-v2-0-0.yaml' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova_profiles/cis/amazon-level-1-scored-v2-0-0.yaml' to resolve 'salt://hubblestack_nova_profiles/cis/amazon-level-1-scored-v2-0-0.yaml' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova_profiles/cis/centos-6-level-1-scored-v1-0-0.yaml' to resolve 'salt://hubblestack_nova_profiles/cis/centos-6-level-1-scored-v1-0-0.yaml' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova_profiles/cis/centos-6-level-1-scored-v1-0-0.yaml' to resolve 'salt://hubblestack_nova_profiles/cis/centos-6-level-1-scored-v1-0-0.yaml' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova_profiles/cis/centos-6-level-1-scored-v2-0-1.yaml' to resolve 'salt://hubblestack_nova_profiles/cis/centos-6-level-1-scored-v2-0-1.yaml' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova_profiles/cis/centos-6-level-1-scored-v2-0-1.yaml' to resolve 'salt://hubblestack_nova_profiles/cis/centos-6-level-1-scored-v2-0-1.yaml' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova_profiles/cis/centos-7-level-1-scored-v1-0-0.yaml' to resolve 'salt://hubblestack_nova_profiles/cis/centos-7-level-1-scored-v1-0-0.yaml' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova_profiles/cis/centos-7-level-1-scored-v1-0-0.yaml' to resolve 'salt://hubblestack_nova_profiles/cis/centos-7-level-1-scored-v1-0-0.yaml' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova_profiles/cis/centos-7-level-1-scored-v2-0-0.yaml' to resolve 'salt://hubblestack_nova_profiles/cis/centos-7-level-1-scored-v2-0-0.yaml' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova_profiles/cis/centos-7-level-1-scored-v2-0-0.yaml' to resolve 'salt://hubblestack_nova_profiles/cis/centos-7-level-1-scored-v2-0-0.yaml' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova_profiles/cis/centos-7-level-1-scored-v2-1-0.yaml' to resolve 'salt://hubblestack_nova_profiles/cis/centos-7-level-1-scored-v2-1-0.yaml' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova_profiles/cis/centos-7-level-1-scored-v2-1-0.yaml' to resolve 'salt://hubblestack_nova_profiles/cis/centos-7-level-1-scored-v2-1-0.yaml' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova_profiles/cis/coreos-level-1.yaml' to resolve 'salt://hubblestack_nova_profiles/cis/coreos-level-1.yaml' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova_profiles/cis/coreos-level-1.yaml' to resolve 'salt://hubblestack_nova_profiles/cis/coreos-level-1.yaml' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova_profiles/cis/debian-7.yaml' to resolve 'salt://hubblestack_nova_profiles/cis/debian-7.yaml' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova_profiles/cis/debian-7.yaml' to resolve 'salt://hubblestack_nova_profiles/cis/debian-7.yaml' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova_profiles/cis/debian-8-level-1-scored-v1-0-0.yaml' to resolve 'salt://hubblestack_nova_profiles/cis/debian-8-level-1-scored-v1-0-0.yaml' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova_profiles/cis/debian-8-level-1-scored-v1-0-0.yaml' to resolve 'salt://hubblestack_nova_profiles/cis/debian-8-level-1-scored-v1-0-0.yaml' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova_profiles/cis/debian-9.yaml' to resolve 'salt://hubblestack_nova_profiles/cis/debian-9.yaml' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova_profiles/cis/debian-9.yaml' to resolve 'salt://hubblestack_nova_profiles/cis/debian-9.yaml' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova_profiles/cis/rhels-5-level-1-scored-v2-2-0.yaml' to resolve 'salt://hubblestack_nova_profiles/cis/rhels-5-level-1-scored-v2-2-0.yaml' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova_profiles/cis/rhels-5-level-1-scored-v2-2-0.yaml' to resolve 'salt://hubblestack_nova_profiles/cis/rhels-5-level-1-scored-v2-2-0.yaml' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova_profiles/cis/rhels-6-level-1-scored-v1-0-0.yaml' to resolve 'salt://hubblestack_nova_profiles/cis/rhels-6-level-1-scored-v1-0-0.yaml' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova_profiles/cis/rhels-6-level-1-scored-v1-0-0.yaml' to resolve 'salt://hubblestack_nova_profiles/cis/rhels-6-level-1-scored-v1-0-0.yaml' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova_profiles/cis/rhels-6-level-1-scored-v2-0-1.yaml' to resolve 'salt://hubblestack_nova_profiles/cis/rhels-6-level-1-scored-v2-0-1.yaml' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova_profiles/cis/rhels-6-level-1-scored-v2-0-1.yaml' to resolve 'salt://hubblestack_nova_profiles/cis/rhels-6-level-1-scored-v2-0-1.yaml' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova_profiles/cis/rhels-7-level-1-scored-v1-0-0.yaml' to resolve 'salt://hubblestack_nova_profiles/cis/rhels-7-level-1-scored-v1-0-0.yaml' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova_profiles/cis/rhels-7-level-1-scored-v1-0-0.yaml' to resolve 'salt://hubblestack_nova_profiles/cis/rhels-7-level-1-scored-v1-0-0.yaml' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova_profiles/cis/rhels-7-level-1-scored-v2-1-0.yaml' to resolve 'salt://hubblestack_nova_profiles/cis/rhels-7-level-1-scored-v2-1-0.yaml' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova_profiles/cis/rhels-7-level-1-scored-v2-1-0.yaml' to resolve 'salt://hubblestack_nova_profiles/cis/rhels-7-level-1-scored-v2-1-0.yaml' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova_profiles/cis/rhelw-7-level-1-scored-v2-1-0.yaml' to resolve 'salt://hubblestack_nova_profiles/cis/rhelw-7-level-1-scored-v2-1-0.yaml' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova_profiles/cis/rhelw-7-level-1-scored-v2-1-0.yaml' to resolve 'salt://hubblestack_nova_profiles/cis/rhelw-7-level-1-scored-v2-1-0.yaml' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova_profiles/cis/ubuntu-1204-level-1-scored-v1-0-0.yaml' to resolve 'salt://hubblestack_nova_profiles/cis/ubuntu-1204-level-1-scored-v1-0-0.yaml' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova_profiles/cis/ubuntu-1204-level-1-scored-v1-0-0.yaml' to resolve 'salt://hubblestack_nova_profiles/cis/ubuntu-1204-level-1-scored-v1-0-0.yaml' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova_profiles/cis/ubuntu-1404-level-1-scored-v1-0-0.yaml' to resolve 'salt://hubblestack_nova_profiles/cis/ubuntu-1404-level-1-scored-v1-0-0.yaml' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova_profiles/cis/ubuntu-1404-level-1-scored-v1-0-0.yaml' to resolve 'salt://hubblestack_nova_profiles/cis/ubuntu-1404-level-1-scored-v1-0-0.yaml' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova_profiles/cis/ubuntu-1604-level-1-scored-v1-0-0.yaml' to resolve 'salt://hubblestack_nova_profiles/cis/ubuntu-1604-level-1-scored-v1-0-0.yaml' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova_profiles/cis/ubuntu-1604-level-1-scored-v1-0-0.yaml' to resolve 'salt://hubblestack_nova_profiles/cis/ubuntu-1604-level-1-scored-v1-0-0.yaml' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova_profiles/cis/windows-2008r2-level-1-scored-v1.yaml' to resolve 'salt://hubblestack_nova_profiles/cis/windows-2008r2-level-1-scored-v1.yaml' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova_profiles/cis/windows-2008r2-level-1-scored-v1.yaml' to resolve 'salt://hubblestack_nova_profiles/cis/windows-2008r2-level-1-scored-v1.yaml' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova_profiles/cis/windows-2008r2-level-1-scored-v3-0-0.yaml' to resolve 'salt://hubblestack_nova_profiles/cis/windows-2008r2-level-1-scored-v3-0-0.yaml' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova_profiles/cis/windows-2008r2-level-1-scored-v3-0-0.yaml' to resolve 'salt://hubblestack_nova_profiles/cis/windows-2008r2-level-1-scored-v3-0-0.yaml' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova_profiles/cis/windows-2012r2-level-1-scored-v1-0-0.yaml' to resolve 'salt://hubblestack_nova_profiles/cis/windows-2012r2-level-1-scored-v1-0-0.yaml' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova_profiles/cis/windows-2012r2-level-1-scored-v1-0-0.yaml' to resolve 'salt://hubblestack_nova_profiles/cis/windows-2012r2-level-1-scored-v1-0-0.yaml' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova_profiles/cis/windows-2012r2-level-1-scored-v2-0-0.yaml' to resolve 'salt://hubblestack_nova_profiles/cis/windows-2012r2-level-1-scored-v2-0-0.yaml' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova_profiles/cis/windows-2012r2-level-1-scored-v2-0-0.yaml' to resolve 'salt://hubblestack_nova_profiles/cis/windows-2012r2-level-1-scored-v2-0-0.yaml' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova_profiles/cis/windows-2016-level-1-scored-v1-0-0.yaml' to resolve 'salt://hubblestack_nova_profiles/cis/windows-2016-level-1-scored-v1-0-0.yaml' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova_profiles/cis/windows-2016-level-1-scored-v1-0-0.yaml' to resolve 'salt://hubblestack_nova_profiles/cis/windows-2016-level-1-scored-v1-0-0.yaml' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova_profiles/cve/centos-6-salt.yaml' to resolve 'salt://hubblestack_nova_profiles/cve/centos-6-salt.yaml' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova_profiles/cve/centos-6-salt.yaml' to resolve 'salt://hubblestack_nova_profiles/cve/centos-6-salt.yaml' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova_profiles/cve/centos-7-salt.yaml' to resolve 'salt://hubblestack_nova_profiles/cve/centos-7-salt.yaml' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova_profiles/cve/centos-7-salt.yaml' to resolve 'salt://hubblestack_nova_profiles/cve/centos-7-salt.yaml' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova_profiles/cve/scan-v1.yaml' to resolve 'salt://hubblestack_nova_profiles/cve/scan-v1.yaml' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova_profiles/cve/scan-v1.yaml' to resolve 'salt://hubblestack_nova_profiles/cve/scan-v1.yaml' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova_profiles/cve/scan-v2-salt.yaml' to resolve 'salt://hubblestack_nova_profiles/cve/scan-v2-salt.yaml' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova_profiles/cve/scan-v2-salt.yaml' to resolve 'salt://hubblestack_nova_profiles/cve/scan-v2-salt.yaml' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova_profiles/cve/scan-v2.yaml' to resolve 'salt://hubblestack_nova_profiles/cve/scan-v2.yaml' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova_profiles/cve/scan-v2.yaml' to resolve 'salt://hubblestack_nova_profiles/cve/scan-v2.yaml' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova_profiles/firewall/ssh.yaml' to resolve 'salt://hubblestack_nova_profiles/firewall/ssh.yaml' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova_profiles/firewall/ssh.yaml' to resolve 'salt://hubblestack_nova_profiles/firewall/ssh.yaml' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova_profiles/misc.yaml' to resolve 'salt://hubblestack_nova_profiles/misc.yaml' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova_profiles/misc.yaml' to resolve 'salt://hubblestack_nova_profiles/misc.yaml' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova_profiles/network/smtp.yaml' to resolve 'salt://hubblestack_nova_profiles/network/smtp.yaml' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova_profiles/network/smtp.yaml' to resolve 'salt://hubblestack_nova_profiles/network/smtp.yaml' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova_profiles/network/ssh.yaml' to resolve 'salt://hubblestack_nova_profiles/network/ssh.yaml' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova_profiles/network/ssh.yaml' to resolve 'salt://hubblestack_nova_profiles/network/ssh.yaml' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova_profiles/samples/dont_blame_nrpe.yaml' to resolve 'salt://hubblestack_nova_profiles/samples/dont_blame_nrpe.yaml' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova_profiles/samples/dont_blame_nrpe.yaml' to resolve 'salt://hubblestack_nova_profiles/samples/dont_blame_nrpe.yaml' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova_profiles/samples/sample_cis.yaml' to resolve 'salt://hubblestack_nova_profiles/samples/sample_cis.yaml' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova_profiles/samples/sample_cis.yaml' to resolve 'salt://hubblestack_nova_profiles/samples/sample_cis.yaml' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova_profiles/samples/sample_command.yaml' to resolve 'salt://hubblestack_nova_profiles/samples/sample_command.yaml' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova_profiles/samples/sample_command.yaml' to resolve 'salt://hubblestack_nova_profiles/samples/sample_command.yaml' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova_profiles/samples/sample_control.yaml' to resolve 'salt://hubblestack_nova_profiles/samples/sample_control.yaml' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova_profiles/samples/sample_control.yaml' to resolve 'salt://hubblestack_nova_profiles/samples/sample_control.yaml' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova_profiles/samples/sample_firewall.yaml' to resolve 'salt://hubblestack_nova_profiles/samples/sample_firewall.yaml' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova_profiles/samples/sample_firewall.yaml' to resolve 'salt://hubblestack_nova_profiles/samples/sample_firewall.yaml' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova_profiles/samples/sample_openssl.yaml' to resolve 'salt://hubblestack_nova_profiles/samples/sample_openssl.yaml' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova_profiles/samples/sample_openssl.yaml' to resolve 'salt://hubblestack_nova_profiles/samples/sample_openssl.yaml' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova_profiles/stig/rhel-6-mac-1-classified.yaml' to resolve 'salt://hubblestack_nova_profiles/stig/rhel-6-mac-1-classified.yaml' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova_profiles/stig/rhel-6-mac-1-classified.yaml' to resolve 'salt://hubblestack_nova_profiles/stig/rhel-6-mac-1-classified.yaml' | |
| [DEBUG ] In saltenv 'base', looking at rel_path 'hubblestack_nova_profiles/top.nova' to resolve 'salt://hubblestack_nova_profiles/top.nova' | |
| [DEBUG ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova_profiles/top.nova' to resolve 'salt://hubblestack_nova_profiles/top.nova' | |
| [DEBUG ] loading nova modules | |
| [DEBUG ] Error loading nova./win_secedit.py: This audit module only runs on windows | |
| [DEBUG ] Error loading nova./win_firewall.py: This audit module only runs on windows | |
| [DEBUG ] Error loading nova./pkgng_audit.py: This audit module only runs on FreeBSD | |
| [DEBUG ] Error loading nova./win_gp.py: This audit module only runs on windows | |
| [DEBUG ] Error loading nova./cve_scan.py: This module requires Linux and the oscap binary | |
| [DEBUG ] LazyLoaded network.netstat | |
| [DEBUG ] Error loading nova./win_reg.py: This audit module only runs on windows | |
| [DEBUG ] Error loading nova./win_pkg.py: This audit module only runs on windows | |
| [DEBUG ] Error loading nova./win_auditpol.py: This audit module only runs on windows | |
| [DEBUG ] LazyLoaded match.compound | |
| [DEBUG ] compound_match: master ? G@osfinger:Ubuntu-12.04 | |
| [DEBUG ] grains target: osfinger:Ubuntu-12.04 | |
| [DEBUG ] Attempting to match 'Ubuntu-12.04' in 'osfinger' using delimiter ':' | |
| [DEBUG ] compound_match master ? "G@osfinger:Ubuntu-12.04" => "False" | |
| [DEBUG ] compound_match: master ? G@osfinger:Ubuntu-16.04 | |
| [DEBUG ] grains target: osfinger:Ubuntu-16.04 | |
| [DEBUG ] Attempting to match 'Ubuntu-16.04' in 'osfinger' using delimiter ':' | |
| [DEBUG ] compound_match master ? "G@osfinger:Ubuntu-16.04" => "True" | |
| [DEBUG ] compound_match: master ? G@osfinger:Amazon*Linux*2014* | |
| [DEBUG ] grains target: osfinger:Amazon*Linux*2014* | |
| [DEBUG ] Attempting to match 'Amazon*Linux*2014*' in 'osfinger' using delimiter ':' | |
| [DEBUG ] compound_match master ? "G@osfinger:Amazon*Linux*2014*" => "False" | |
| [DEBUG ] compound_match: master ? G@osfinger:Amazon*Linux*2015* | |
| [DEBUG ] grains target: osfinger:Amazon*Linux*2015* | |
| [DEBUG ] Attempting to match 'Amazon*Linux*2015*' in 'osfinger' using delimiter ':' | |
| [DEBUG ] compound_match master ? "G@osfinger:Amazon*Linux*2015*" => "False" | |
| [DEBUG ] compound_match: master ? G@osfinger:Ubuntu-14.04 | |
| [DEBUG ] grains target: osfinger:Ubuntu-14.04 | |
| [DEBUG ] Attempting to match 'Ubuntu-14.04' in 'osfinger' using delimiter ':' | |
| [DEBUG ] compound_match master ? "G@osfinger:Ubuntu-14.04" => "False" | |
| [DEBUG ] compound_match: master ? G@osfullname:Microsoft*Windows*Server*2016* | |
| [DEBUG ] grains target: osfullname:Microsoft*Windows*Server*2016* | |
| [DEBUG ] Attempting to match 'Microsoft*Windows*Server*2016*' in 'osfullname' using delimiter ':' | |
| [DEBUG ] compound_match master ? "G@osfullname:Microsoft*Windows*Server*2016*" => "False" | |
| [DEBUG ] compound_match: master ? G@osfinger:Amazon*Linux*2016* | |
| [DEBUG ] grains target: osfinger:Amazon*Linux*2016* | |
| [DEBUG ] Attempting to match 'Amazon*Linux*2016*' in 'osfinger' using delimiter ':' | |
| [DEBUG ] compound_match master ? "G@osfinger:Amazon*Linux*2016*" => "False" | |
| [DEBUG ] compound_match: master ? G@osfinger:Debian*8 | |
| [DEBUG ] grains target: osfinger:Debian*8 | |
| [DEBUG ] Attempting to match 'Debian*8' in 'osfinger' using delimiter ':' | |
| [DEBUG ] compound_match master ? "G@osfinger:Debian*8" => "False" | |
| [DEBUG ] compound_match: master ? G@osfinger:Amazon*Linux*2017* | |
| [DEBUG ] grains target: osfinger:Amazon*Linux*2017* | |
| [DEBUG ] Attempting to match 'Amazon*Linux*2017*' in 'osfinger' using delimiter ':' | |
| [DEBUG ] compound_match master ? "G@osfinger:Amazon*Linux*2017*" => "False" | |
| [DEBUG ] compound_match: master ? G@osfullname:Microsoft*Windows*Server*2012* | |
| [DEBUG ] grains target: osfullname:Microsoft*Windows*Server*2012* | |
| [DEBUG ] Attempting to match 'Microsoft*Windows*Server*2012*' in 'osfullname' using delimiter ':' | |
| [DEBUG ] compound_match master ? "G@osfullname:Microsoft*Windows*Server*2012*" => "False" | |
| [DEBUG ] compound_match: master ? G@osfinger:*CoreOS* | |
| [DEBUG ] grains target: osfinger:*CoreOS* | |
| [DEBUG ] Attempting to match '*CoreOS*' in 'osfinger' using delimiter ':' | |
| [DEBUG ] compound_match master ? "G@osfinger:*CoreOS*" => "False" | |
| [DEBUG ] compound_match: master ? G@osfinger:Red*Hat*Enterprise*Linux*Server-7 | |
| [DEBUG ] grains target: osfinger:Red*Hat*Enterprise*Linux*Server-7 | |
| [DEBUG ] Attempting to match 'Red*Hat*Enterprise*Linux*Server-7' in 'osfinger' using delimiter ':' | |
| [DEBUG ] compound_match master ? "G@osfinger:Red*Hat*Enterprise*Linux*Server-7" => "False" | |
| [DEBUG ] compound_match: master ? G@osfinger:Red*Hat*Enterprise*Linux*Server-6 | |
| [DEBUG ] grains target: osfinger:Red*Hat*Enterprise*Linux*Server-6 | |
| [DEBUG ] Attempting to match 'Red*Hat*Enterprise*Linux*Server-6' in 'osfinger' using delimiter ':' | |
| [DEBUG ] compound_match master ? "G@osfinger:Red*Hat*Enterprise*Linux*Server-6" => "False" | |
| [DEBUG ] compound_match: master ? G@osfinger:Red*Hat*Enterprise*Linux*Workstation-7 | |
| [DEBUG ] grains target: osfinger:Red*Hat*Enterprise*Linux*Workstation-7 | |
| [DEBUG ] Attempting to match 'Red*Hat*Enterprise*Linux*Workstation-7' in 'osfinger' using delimiter ':' | |
| [DEBUG ] compound_match master ? "G@osfinger:Red*Hat*Enterprise*Linux*Workstation-7" => "False" | |
| [DEBUG ] compound_match: master ? G@osfinger:Debian*7 | |
| [DEBUG ] grains target: osfinger:Debian*7 | |
| [DEBUG ] Attempting to match 'Debian*7' in 'osfinger' using delimiter ':' | |
| [DEBUG ] compound_match master ? "G@osfinger:Debian*7" => "False" | |
| [DEBUG ] compound_match: master ? G@osfinger:CentOS-6 | |
| [DEBUG ] grains target: osfinger:CentOS-6 | |
| [DEBUG ] Attempting to match 'CentOS-6' in 'osfinger' using delimiter ':' | |
| [DEBUG ] compound_match master ? "G@osfinger:CentOS-6" => "False" | |
| [DEBUG ] compound_match: master ? G@osfinger:Amazon*Linux*2018* | |
| [DEBUG ] grains target: osfinger:Amazon*Linux*2018* | |
| [DEBUG ] Attempting to match 'Amazon*Linux*2018*' in 'osfinger' using delimiter ':' | |
| [DEBUG ] compound_match master ? "G@osfinger:Amazon*Linux*2018*" => "False" | |
| [DEBUG ] compound_match: master ? G@osfinger:CentOS*Linux-7 | |
| [DEBUG ] grains target: osfinger:CentOS*Linux-7 | |
| [DEBUG ] Attempting to match 'CentOS*Linux-7' in 'osfinger' using delimiter ':' | |
| [DEBUG ] compound_match master ? "G@osfinger:CentOS*Linux-7" => "False" | |
| [DEBUG ] compound_match: master ? G@osfullname:Microsoft*Windows*Server*2008* | |
| [DEBUG ] grains target: osfullname:Microsoft*Windows*Server*2008* | |
| [DEBUG ] Attempting to match 'Microsoft*Windows*Server*2008*' in 'osfullname' using delimiter ':' | |
| [DEBUG ] compound_match master ? "G@osfullname:Microsoft*Windows*Server*2008*" => "False" | |
| [DEBUG ] compound_match: master ? G@osfinger:Debian*9 | |
| [DEBUG ] grains target: osfinger:Debian*9 | |
| [DEBUG ] Attempting to match 'Debian*9' in 'osfinger' using delimiter ':' | |
| [DEBUG ] compound_match master ? "G@osfinger:Debian*9" => "False" | |
| [DEBUG ] nova_kwargs: {} | |
| [DEBUG ] LazyLoaded pkg.version | |
| [DEBUG ] LazyLoaded pkg_resource.version | |
| [DEBUG ] LazyLoaded cmd.run_stdout | |
| [INFO ] Executing command ['dpkg-query', '--showformat', '${Status} ${Package} ${Version} ${Architecture}', '-W'] in directory '/root' | |
| [INFO ] Executing command 'if [ "`echo $PATH | grep :: `" != "" ]; then | |
| echo "Empty Directory in PATH (::)" | |
| fi | |
| if [ "`echo $PATH | grep :$`" != "" ]; then | |
| echo "Trailing : in PATH" | |
| fi | |
| p=`echo $PATH | sed -e 's/::/:/' -e 's/:$//' -e 's/:/ /g'` | |
| set -- $p | |
| while [ "$1" != "" ]; do | |
| if [ "$1" = "." ]; then | |
| echo "PATH contains ." | |
| shift | |
| continue | |
| fi | |
| if [ -d $1 ]; then | |
| dirperm=`ls -ldH $1 | cut -f1 -d" "` | |
| if [ `echo $dirperm | cut -c6 ` != "-" ]; then | |
| echo "Group Write permission set on directory $1" | |
| fi | |
| if [ `echo $dirperm | cut -c9 ` != "-" ]; then | |
| echo "Other Write permission set on directory $1" | |
| fi | |
| dirown=`ls -ldH $1 | awk '{print $3}'` | |
| if [ "$dirown" != "root" ] ; then | |
| echo $1 is not owned by root | |
| fi | |
| else | |
| echo $1 is not a directory | |
| fi | |
| shift | |
| done' in directory '/root' | |
| [DEBUG ] output: | |
| [INFO ] Executing command 'cat /etc/passwd | /usr/bin/awk -F: '($1!="root" && $3==0) { print $1 }'' in directory '/root' | |
| [DEBUG ] output: | |
| [INFO ] Executing command 'cat /etc/shadow | /usr/bin/awk -F: '($2 == "" ) { print $1 }'' in directory '/root' | |
| [DEBUG ] output: | |
| [INFO ] Executing command 'dpkg -s rsh-client' in directory '/root' | |
| [ERROR ] Command 'dpkg -s rsh-client' failed with return code: 1 | |
| [ERROR ] output: dpkg-query: package 'rsh-client' is not installed and no information is available | |
| Use dpkg --info (= dpkg-deb --info) to examine archive files, | |
| and dpkg --contents (= dpkg-deb --contents) to list their contents. | |
| [INFO ] Executing command 'dpkg -s rsh-redone-client' in directory '/root' | |
| [ERROR ] Command 'dpkg -s rsh-redone-client' failed with return code: 1 | |
| [ERROR ] output: dpkg-query: package 'rsh-redone-client' is not installed and no information is available | |
| Use dpkg --info (= dpkg-deb --info) to examine archive files, | |
| and dpkg --contents (= dpkg-deb --contents) to list their contents. | |
| [INFO ] Executing command 'grep "^root:" /etc/passwd | cut -f4 -d:' in directory '/root' | |
| [DEBUG ] output: 0 | |
| [INFO ] Executing command 'egrep -v "^\+" /etc/passwd | awk -F: '($1!="root" && $1!="sync" && $1!="shutdown" && $1!="halt" && $3<500 && $7!="/usr/sbin/nologin" && $7!="/bin/false") {print}'' in directory '/root' | |
| [DEBUG ] output: | |
| [INFO ] Executing command 'useradd -D | grep INACTIVE' in directory '/root' | |
| [DEBUG ] output: INACTIVE=-1 | |
| [INFO ] Executing command 'ufw status' in directory '/root' | |
| [DEBUG ] output: Status: inactive | |
| [DEBUG ] os_version: 16.04, os_name: ubuntu | |
| [DEBUG ] service audit __data__: | |
| [DEBUG ] {'openssl': []} | |
| [DEBUG ] service audit __tags__: | |
| [DEBUG ] {} | |
| [INFO ] Executing command 'grep password /boot/grub/grub.cfg' in directory '/root' | |
| [DEBUG ] retcode: 1 | |
| [INFO ] Executing command 'grep /tmp /etc/fstab' in directory '/root' | |
| [DEBUG ] retcode: 1 | |
| [INFO ] Executing command 'grep /dev/shm /etc/fstab' in directory '/root' | |
| [DEBUG ] retcode: 1 | |
| [INFO ] Executing command 'grep ^*.*[^I][^I]*@ /etc/rsyslog.conf' in directory '/root' | |
| [DEBUG ] retcode: 1 | |
| [INFO ] Executing command 'grep /dev/shm /etc/fstab' in directory '/root' | |
| [DEBUG ] retcode: 1 | |
| [INFO ] Executing command 'grep ^+ /etc/passwd' in directory '/root' | |
| [DEBUG ] retcode: 1 | |
| [INFO ] Executing command 'grep ^+ /etc/shadow' in directory '/root' | |
| [DEBUG ] retcode: 1 | |
| [INFO ] Executing command 'grep ^discard /etc/inetd.conf' in directory '/root' | |
| [DEBUG ] stderr: grep: /etc/inetd.conf: No such file or directory | |
| [DEBUG ] retcode: 2 | |
| [INFO ] Executing command 'grep ^talk /etc/inetd.conf' in directory '/root' | |
| [DEBUG ] stderr: grep: /etc/inetd.conf: No such file or directory | |
| [DEBUG ] retcode: 2 | |
| [INFO ] Executing command 'grep ^ntalk /etc/inetd.conf' in directory '/root' | |
| [DEBUG ] stderr: grep: /etc/inetd.conf: No such file or directory | |
| [DEBUG ] retcode: 2 | |
| [INFO ] Executing command 'grep ^tftp /etc/inetd.conf' in directory '/root' | |
| [DEBUG ] stderr: grep: /etc/inetd.conf: No such file or directory | |
| [DEBUG ] retcode: 2 | |
| [INFO ] Executing command 'grep ^telnet /etc/inetd.conf' in directory '/root' | |
| [DEBUG ] stderr: grep: /etc/inetd.conf: No such file or directory | |
| [DEBUG ] retcode: 2 | |
| [INFO ] Executing command 'grep ^shell /etc/inetd.conf' in directory '/root' | |
| [DEBUG ] stderr: grep: /etc/inetd.conf: No such file or directory | |
| [DEBUG ] retcode: 2 | |
| [INFO ] Executing command 'grep ^login /etc/inetd.conf' in directory '/root' | |
| [DEBUG ] stderr: grep: /etc/inetd.conf: No such file or directory | |
| [DEBUG ] retcode: 2 | |
| [INFO ] Executing command 'grep ^exec /etc/inetd.conf' in directory '/root' | |
| [DEBUG ] stderr: grep: /etc/inetd.conf: No such file or directory | |
| [DEBUG ] retcode: 2 | |
| [INFO ] Executing command 'grep pam_cracklib /etc/pam.d/common-password' in directory '/root' | |
| [DEBUG ] retcode: 1 | |
| [INFO ] Executing command 'grep pam_cracklib /etc/pam.d/common-password' in directory '/root' | |
| [DEBUG ] retcode: 1 | |
| [INFO ] Executing command 'grep pam_cracklib /etc/pam.d/common-password' in directory '/root' | |
| [DEBUG ] retcode: 1 | |
| [INFO ] Executing command 'grep pam_cracklib /etc/pam.d/common-password' in directory '/root' | |
| [DEBUG ] retcode: 1 | |
| [INFO ] Executing command 'grep pam_cracklib /etc/pam.d/common-password' in directory '/root' | |
| [DEBUG ] retcode: 1 | |
| [INFO ] Executing command 'grep pam_cracklib /etc/pam.d/common-password' in directory '/root' | |
| [DEBUG ] retcode: 1 | |
| [INFO ] Executing command 'grep PASS_WARN_AGE /etc/login.defs' in directory '/root' | |
| [DEBUG ] stdout: # PASS_WARN_AGE Number of days warning given before a password expires. | |
| PASS_WARN_AGE 7 | |
| [INFO ] Executing command 'grep PermitRootLogin /etc/ssh/sshd_config' in directory '/root' | |
| [DEBUG ] stdout: PermitRootLogin prohibit-password | |
| # the setting of "PermitRootLogin without-password". | |
| [INFO ] Executing command 'grep AllowUsers /etc/ssh/sshd_config' in directory '/root' | |
| [DEBUG ] retcode: 1 | |
| [INFO ] Executing command 'grep AllowGroups /etc/ssh/sshd_config' in directory '/root' | |
| [DEBUG ] retcode: 1 | |
| [INFO ] Executing command 'grep DenyUsers /etc/ssh/sshd_config' in directory '/root' | |
| [DEBUG ] retcode: 1 | |
| [INFO ] Executing command 'grep DenyGroups /etc/ssh/sshd_config' in directory '/root' | |
| [DEBUG ] retcode: 1 | |
| [INFO ] Executing command 'grep ClientAliveInterval /etc/ssh/sshd_config' in directory '/root' | |
| [DEBUG ] retcode: 1 | |
| [INFO ] Executing command 'grep ClientAliveCountMax /etc/ssh/sshd_config' in directory '/root' | |
| [DEBUG ] retcode: 1 | |
| [ERROR ] Exception occurred in nova module: | |
| [ERROR ] Traceback (most recent call last): | |
| File "/var/cache/salt/minion/extmods/modules/hubble.py", line 286, in _run_audit | |
| ret = func(data_list, tags, **kwargs) | |
| File "/var/cache/salt/minion/files/base/hubblestack_nova/grep.py", line 123, in audit | |
| if tag_data['match_output'] not in grep_ret: | |
| TypeError: 'in <string>' requires string as left operand, not int | |
| [DEBUG ] LazyLoaded service.status | |
| [INFO ] Executing command ['systemctl', 'status', 'isc-dhcp-server.service', '-n', '0'] in directory '/root' | |
| [DEBUG ] stdout: * isc-dhcp-server.service | |
| Loaded: not-found (Reason: No such file or directory) | |
| Active: inactive (dead) | |
| [DEBUG ] retcode: 3 | |
| [INFO ] Executing command ['systemctl', 'is-active', 'isc-dhcp-server.service'] in directory '/root' | |
| [DEBUG ] output: inactive | |
| [INFO ] Executing command ['systemctl', 'status', 'cups.service', '-n', '0'] in directory '/root' | |
| [DEBUG ] stdout: * cups.service | |
| Loaded: not-found (Reason: No such file or directory) | |
| Active: inactive (dead) | |
| [DEBUG ] retcode: 3 | |
| [INFO ] Executing command ['systemctl', 'is-active', 'cups.service'] in directory '/root' | |
| [DEBUG ] output: inactive | |
| [INFO ] Executing command ['systemctl', 'status', 'avahi-daemon.service', '-n', '0'] in directory '/root' | |
| [DEBUG ] stdout: * avahi-daemon.service | |
| Loaded: not-found (Reason: No such file or directory) | |
| Active: inactive (dead) | |
| [DEBUG ] retcode: 3 | |
| [INFO ] Executing command ['systemctl', 'is-active', 'avahi-daemon.service'] in directory '/root' | |
| [DEBUG ] output: inactive | |
| [INFO ] Executing command ['systemctl', 'status', 'autofs.service', '-n', '0'] in directory '/root' | |
| [DEBUG ] stdout: * autofs.service | |
| Loaded: not-found (Reason: No such file or directory) | |
| Active: inactive (dead) | |
| [DEBUG ] retcode: 3 | |
| [INFO ] Executing command ['systemctl', 'is-active', 'autofs.service'] in directory '/root' | |
| [DEBUG ] output: inactive | |
| [INFO ] Executing command ['systemctl', 'status', 'rsyslog.service', '-n', '0'] in directory '/root' | |
| [DEBUG ] stdout: * rsyslog.service - System Logging Service | |
| Loaded: loaded (/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled) | |
| Active: active (running) since Thu 2017-09-21 10:37:45 UTC; 1min 24s ago | |
| Docs: man:rsyslogd(8) | |
| http://www.rsyslog.com/doc/ | |
| Main PID: 1113 (rsyslogd) | |
| Tasks: 4 | |
| Memory: 1.9M | |
| CPU: 22ms | |
| CGroup: /system.slice/rsyslog.service | |
| `-1113 /usr/sbin/rsyslogd -n | |
| [INFO ] Executing command ['systemctl', 'is-active', 'rsyslog.service'] in directory '/root' | |
| [DEBUG ] output: active | |
| [INFO ] Executing command ['systemctl', 'status', 'cron.service', '-n', '0'] in directory '/root' | |
| [DEBUG ] stdout: * cron.service - Regular background program processing daemon | |
| Loaded: loaded (/lib/systemd/system/cron.service; enabled; vendor preset: enabled) | |
| Active: active (running) since Thu 2017-09-21 10:37:45 UTC; 1min 24s ago | |
| Docs: man:cron(8) | |
| Main PID: 1140 (cron) | |
| Tasks: 1 | |
| Memory: 348.0K | |
| CPU: 3ms | |
| CGroup: /system.slice/cron.service | |
| `-1140 /usr/sbin/cron -f | |
| [INFO ] Executing command ['systemctl', 'is-active', 'cron.service'] in directory '/root' | |
| [DEBUG ] output: active | |
| [INFO ] Executing command ['systemctl', 'status', 'apport.service', '-n', '0'] in directory '/root' | |
| [DEBUG ] stdout: * apport.service - LSB: automatic crash report generation | |
| Loaded: loaded (/etc/init.d/apport; bad; vendor preset: enabled) | |
| Active: active (exited) since Thu 2017-09-21 10:37:46 UTC; 1min 23s ago | |
| Docs: man:systemd-sysv-generator(8) | |
| Process: 1314 ExecStart=/etc/init.d/apport start (code=exited, status=0/SUCCESS) | |
| Tasks: 0 | |
| Memory: 0B | |
| CPU: 0 | |
| [INFO ] Executing command ['systemctl', 'is-active', 'apport.service'] in directory '/root' | |
| [DEBUG ] output: active | |
| [INFO ] Executing command ['systemctl', 'status', 'whoopsie.service', '-n', '0'] in directory '/root' | |
| [DEBUG ] stdout: * whoopsie.service | |
| Loaded: not-found (Reason: No such file or directory) | |
| Active: inactive (dead) | |
| [DEBUG ] retcode: 3 | |
| [INFO ] Executing command ['systemctl', 'is-active', 'whoopsie.service'] in directory '/root' | |
| [DEBUG ] output: inactive | |
| [INFO ] Executing command ['systemctl', 'status', 'xinetd.service', '-n', '0'] in directory '/root' | |
| [DEBUG ] stdout: * xinetd.service | |
| Loaded: not-found (Reason: No such file or directory) | |
| Active: inactive (dead) | |
| [DEBUG ] retcode: 3 | |
| [INFO ] Executing command ['systemctl', 'is-active', 'xinetd.service'] in directory '/root' | |
| [DEBUG ] output: inactive | |
| [INFO ] Executing command 'sysctl -n net.ipv4.conf.all.accept_source_route' in directory '/root' | |
| [DEBUG ] output: 0 | |
| [INFO ] Executing command 'sysctl -n net.ipv4.conf.all.accept_redirects' in directory '/root' | |
| [DEBUG ] output: 1 | |
| [INFO ] Executing command 'sysctl -n net.ipv4.conf.all.secure_redirects' in directory '/root' | |
| [DEBUG ] output: 1 | |
| [INFO ] Executing command 'sysctl -n net.ipv4.conf.all.log_martians' in directory '/root' | |
| [DEBUG ] output: 0 | |
| [INFO ] Executing command 'sysctl -n net.ipv4.icmp_echo_ignore_broadcasts' in directory '/root' | |
| [DEBUG ] output: 1 | |
| [INFO ] Executing command 'sysctl -n net.ipv4.icmp_ignore_bogus_error_responses' in directory '/root' | |
| [DEBUG ] output: 1 | |
| [INFO ] Executing command 'sysctl -n net.ipv4.conf.all.rp_filter' in directory '/root' | |
| [DEBUG ] output: 1 | |
| [INFO ] Executing command 'sysctl -n net.ipv4.tcp_syncookies' in directory '/root' | |
| [DEBUG ] output: 1 | |
| [INFO ] Executing command 'sysctl -n fs.suid_dumpable' in directory '/root' | |
| [DEBUG ] output: 2 | |
| [INFO ] Executing command 'sysctl -n net.ipv4.conf.all.send_redirects' in directory '/root' | |
| [DEBUG ] output: 1 | |
| [INFO ] Executing command 'sysctl -n kernel.randomize_va_space' in directory '/root' | |
| [DEBUG ] output: 2 | |
| [INFO ] Executing command 'sysctl -n net.ipv4.ip_forward' in directory '/root' | |
| [DEBUG ] output: 0 | |
| [DEBUG ] Initializing new AsyncZeroMQReqChannel for ('/etc/salt/pki/minion', 'master', 'tcp://192.168.56.2:4506', 'aes') | |
| [DEBUG ] Initializing new AsyncAuth for ('/etc/salt/pki/minion', 'master', 'tcp://192.168.56.2:4506') | |
| [DEBUG ] LazyLoaded nested.output | |
| local: | |
| ---------- | |
| Compliance: | |
| 68% | |
| Errors: | |
| |_ | |
| ---------- | |
| /grep.py: | |
| ---------- | |
| data: | |
| TypeError: 'in <string>' requires string as left operand, not int | |
| error: | |
| exception occurred | |
| Failure: | |
| |_ | |
| ---------- |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment