Open
Description
Describe the bug
On servers that do not have Trivial File Transfer Protocol (TFTP) installed, Powerstig does not attempt to determine if Xinetd (the hosting daemon for tftp), or tftp is installed before attempting to audit the configuration of same. This results in an error that forces DSC config apply to stop.
To Reproduce
Resources used: 1 windows server 2016 server running desired state configuration(DSC Controller), one server running red hat enterprise linux 7 (client machine)
- Create a .mof file on the DSC controller using the following code:
CD C:\DSC
configuration RHEL7Baseline
{
param
(
[parameter()]
[string]
$NodeName = '<name-of-rhel-7-server>'
)
Import-DscResource -ModuleName PowerStig
Node $NodeName
{
RHEL BaseLine
{
OsVersion = '7'
StigVersion = '3.2'
SkipRule = 'V-204447'
}
}
}
RHEL7Baseline -OutputPath C:\DSC\RHEL7Baseline\
- Open resulting .mof file and save it in UTF-8 format, overwriting the original.
- On the DSC Controller, execute the following in Powershell:
$Node = "<name-of-rhel-7-server"
$Credential = Get-Credential -UserName "root" -Message "Enter Password:"
#Ignore SSL certificate validation
$opt = New-CimSessionOption -UseSsl -SkipCACheck -SkipCNCheck -SkipRevocationCheck
#Options for a trusted SSL certificate
#$opt = New-CimSessionOption -UseSsl
$sessParams = @{
Credential = $credential
ComputerName = $Node
Port = 5986
Authentication = 'basic'
SessionOption = $opt
OperationTimeoutSec = 90
}
$Sess = New-CimSession @sessParams
Start-DscConfiguration -CimSession $Sess -Path "C:\DSC\RHEL7Baseline" -Wait -Verbose -Force
- Receive error message saying that v-204623 failed to apply.
2021/06/21 16:00:04: ERROR: null(0): EventId=1 Priority=ERROR Job D231E46F-E8FE-469E-B268-A1D41EC4BD82 :
DSC Engine Error :
Error Message Failed to apply the configuration. These resources produced errors: [nxFileLine][V-204623][medium][SRG-OS-000480-GPOS-00227]::[RHEL]BaseLine
Error Code : 1
Expected behavior
powerstig should detect whether tftp, or its dependency, xinetd, is installed using commands:
rpm -q tftp
rpm -q tftp-server
rpm -q xinetd
If these modules are not found, configuration should be skipped.
Logs
/etc/ssh/sshd_config ^#\s*Compression.*$|^Compression\s*(?!delayed\b)\w*$ False
2021/06/21 16:00:03: INFO: Scripts/nxFileLine.pyc(140):
/etc/ssh/sshd_config ^#\s*X11Forwarding.*$|^X11Forwarding\s*(?!no\b)\w*$ False
2021/06/21 16:00:03: ERROR: Scripts/nxFileLine.pyc(112):
Error: /etc/xinetd.d/tftp not found!
2021/06/21 16:00:03: ERROR: Scripts/nxFileLine.pyc(94):
Error: /etc/xinetd.d/tftp not found!
2021/06/21 16:00:03: ERROR: null(0): EventId=1 Priority=ERROR Job D231E46F-E8FE-469E-B268-A1D41EC4BD82 :
This event indicates that failure happens when LCM is processing the configuration. ErrorId is 1. ErrorDetail is The SendConfigurationApply function did not succeed.. ResourceId is [nxFileLine][V-204623][medium][SRG-OS-000480-GPOS-00227]::[RHEL]BaseLine and SourceInfo is C:\Program Files\WindowsPowerShell\Modules\PowerSTIG\4.8.0\DSCResources\Resources\linux.nxFileLine.ps1::41::9::nxFileLine. ErrorMessage is A general error occurred, not covered by a more specific error code.. The related ResourceID is [nxFileLine][V-204623][medium][SRG-OS-000480-GPOS-00227]::[RHEL]BaseLine..
2021/06/21 16:00:03: INFO: Scripts/nxFileLine.pyc(140):
/etc/ssh/sshd_config #\s*X11UseLocalhost\s*yes False
2021/06/21 16:00:04: INFO: Scripts/nxScript.pyc(303):
stdout:
2021/06/21 16:00:04: INFO: Scripts/nxScript.pyc(306):
stderr:
2021/06/21 16:00:04: INFO: Scripts/nxScript.pyc(303):
stdout:
2021/06/21 16:00:04: INFO: Scripts/nxScript.pyc(306):
stderr:
2021/06/21 16:00:04: ERROR: null(0): EventId=1 Priority=ERROR Job D231E46F-E8FE-469E-B268-A1D41EC4BD82 :
DSC Engine Error :
Error Message Failed to apply the configuration. These resources produced errors: [nxFileLine][V-204623][medium][SRG-OS-000480-GPOS-00227]::[RHEL]BaseLine
Error Code : 1
2021/06/21 16:00:04: WARNING: null(0): EventId=2 Priority=WARNING Job D231E46F-E8FE-469E-B268-A1D41EC4BD82 :
Displaying messages from built-in DSC resources:
WMI channel 1
ResourceID:
Message : [azupitxrhtest1]: [] Consistency check completed.
2021/06/21 16:00:04: WARNING: null(0): EventId=2 Priority=WARNING Job D231E46F-E8FE-469E-B268-A1D41EC4BD82 : PerformRequiredConfigurationChecks DSC operation completed in 2.4851 seconds.
Activity