I was able to get past that issue, but now the next play is erroring out:
- name: Disable System Accounts - preparation
ansible.builtin.shell: |
set -o pipefail && awk -F':' '($3<500 && $1!="root" && $1!="sync" &&
$1!="shutdown" && $1!="sync" && $1!="shutdown" && $1!="halt" &&
$7!="/sbin/nologin") { print $1 }' /etc/passwd
register: enabled_system_accounts
changed_when: false
- name: Disable System Accounts
ansible.builtin.user:
name: "{{ item }}"
shell: /sbin/nologin
with_items: "{{ enabled_system_accounts.stdout_lines }}"
when: enabled_system_accounts.stdout_lines is defined
The "Disable System Accounts" is giving me "The task includes an option
with an undefined variable. The error was: 'item' is undefined". I'm
assuming that the "enabled_system_accounts" is not defined or available at
this point? Any thoughts on how to get past this?
Thanks,
Harry
On Tuesday, March 21, 2023 at 8:25:41 AM UTC-4 Will McDonald wrote:
> I suspect your problem is simply that your shell command's incorrectly
> quoted and something like:
>
> ansible.builtin.shell: |
> set -o pipefail && awk -F':' '($3<500 && $1!="root" && $1!="sync" &&
> $1!="shutdown" && $1!="sync" && $1!="shutdown" && $1!="halt" &&
> $7!="/sbin/nologin") { print $1 } ' /etc/passwd
>
> Note the additional quotes.
>
>
> https://github.com/major/ansible-role-cis/blob/master/tasks/section_07_level1.yml
>
> mostly matches your snippet but uses simpler formatting/quoting as an
> example.
>
> https://github.com/major/ansible-role-cis appears to be deprecated, as
> does https://github.com/major/cis-rhel-ansible
>
> It might also be worth including:
>
> 1. What target operating system release(s) you're targeting and
> 2. What versions of upstream CIS roles you're using.
>
>
>
>
> On Tue, 21 Mar 2023 at 11:52, [email protected] <[email protected]> wrote:
>
>> We have a role that implements the CIS benchmarks on our systems. When
>> we get to the following play, we get the error described below:
>>
>> - name: Disable System Accounts - preparation
>> ansible.builtin.shell: |
>> set -o pipefail && awk -F':' \|
>> ($3<500 && $1!="root" && $1!="sync" && $1!="shutdown" && $1!="sync"
>> && $1!="shutdown" && $1!="halt" && $7!="/sbin/nologin") { print $1 }
>> /etc/passwd
>> register: enabled_system_accounts
>> changed_when: false
>>
>> Error:
>>
>> awk: cmd. line:1: |
>> awk: cmd. line:1: ^ syntax error
>> /bin/sh: -c: line 1: syntax error near unexpected token `{'
>> /bin/sh: -c: line 1: `($3<500 && $1!="root" && $1!="sync" &&
>> $1!="shutdown" && $1!="sync" && $1!="shutdown" && $1!="halt" &&
>> $7!="/sbin/nologin") { print $1 } /etc/passwd'
>>
>> Any ideas?
>>
>> Thanks,
>> Harry
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected].
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/eeb341e7-e45a-4a3e-b1dd-77471c4d9706n%40googlegroups.com
>>
>> <https://groups.google.com/d/msgid/ansible-project/eeb341e7-e45a-4a3e-b1dd-77471c4d9706n%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/4860da4d-9512-4b28-8f0e-1800391d9b86n%40googlegroups.com.
