Description
Description
Errors caused by X11's symlink :
find: File system loop detected; ‘/usr/bin/X11’ is part of the same file system loop as ‘/usr/bin’.
find: File system loop detected; ‘/bin/X11’ is part of the same file system loop as ‘/bin’.
I read from a previous issue (#215) that these can be safely ignored, but can you please provide info about the expected permissions I should find on other dirs in bin, to confirm that only the X11 directory has been skipped? Is skipping the X11 dir a concern?
My concern is that this leads to other dirs in the bin dir being skipped too, and am requesting info about checks I can run to confirm the children of bin have the correct permissions.
Thanks
Reproduction steps
...
Include these playbook tasks in a ubuntu 24.04 installation:
- { role: devsec.hardening.os_hardening, tags: "os_hardening" }
- { role: devsec.hardening.nginx_hardening, tags: "nginx_hardening" }
- { role: devsec.hardening.ssh_hardening, tags: "ssh_hardening" }Current Behavior
ok: [170.64.215.211] => (item=/usr/local/bin)
ok: [170.64.215.211] => (item=/usr/sbin)
failed: [170.64.215.211] (item=/usr/bin) => {"ansible_loop_var": "item", "changed": false, "cmd": "find -L /usr/bin -perm /go+w -type f", "delta": "0:00:00.046808", "end": "2024-10-27 08:38:03.110458", "item": "/usr/bin", "msg": "non-zero return code", "rc": 1, "start": "2024-10-27 08:38:03.063650", "stderr": "find: File system loop detected; ‘/usr/bin/X11’ is part of the same file system loop as ‘/usr/bin’.", "stderr_lines": ["find: File system loop detected; ‘/usr/bin/X11’ is part of the same file system loop as ‘/usr/bin’."], "stdout": "", "stdout_lines": []}
ok: [170.64.215.211] => (item=/sbin)
failed: [170.64.215.211] (item=/bin) => {"ansible_loop_var": "item", "changed": false, "cmd": "find -L /bin -perm /go+w -type f", "delta": "0:00:00.009521", "end": "2024-10-27 08:38:06.305799", "item": "/bin", "msg": "non-zero return code", "rc": 1, "start": "2024-10-27 08:38:06.296278", "stderr": "find: File system loop detected; ‘/bin/X11’ is part of the same file system loop as ‘/bin’.", "stderr_lines": ["find: File system loop detected; ‘/bin/X11’ is part of the same file system loop as ‘/bin’."], "stdout": "", "stdout_lines": []}
...ignoring
TASK [devsec.hardening.os_hardening : Minimize access on found files] *****************************************************************************************
skipping: [170.64.215.211]
Expected Behavior
Expecting no error. But the error is ok if I can verify permission checks have been performed correctly on sibling dirs of bin, and have information if this failure on X11 dir is a problem.
OS / Environment
Target is ubuntu 24.04 on a digital ocean droplet
Ansible Version
ansible [core 2.17.5]
config file = None
configured module search path = ['/Users/james/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /opt/homebrew/Cellar/ansible/10.5.0/libexec/lib/python3.12/site-packages/ansible
ansible collection location = /Users/james/.ansible/collections:/usr/share/ansible/collections
executable location = /opt/homebrew/bin/ansible
python version = 3.12.7 (main, Oct 1 2024, 02:05:46) [Clang 15.0.0 (clang-1500.3.9.4)] (/opt/homebrew/Cellar/ansible/10.5.0/libexec/bin/python)
jinja version = 3.1.4
libyaml = TrueCollection Version
10.1.0Additional information
...