-
Notifications
You must be signed in to change notification settings - Fork 729
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
mysql_hardening cannot work with mysql on freebsd #472
Comments
This has to be disabled for now because of dev-sec/ansible-collection-hardening#472
Just to elaborate on this, since this failing piece of code is pretty early, I know other stuff works because I was running with |
Making the variable user-overridable seems like the best idea. Something like this:
Do you weant to create a PR for this? |
I can do that, but I wanted to make sure this was something y'all would take. I can also do a second PR for getting some of the platform variables for FreeBSD defined, if you'd like. |
I'd like both PRs! :) |
On some operating systems, the package for MySQL is not `mysql-server`, and so the default check for this will not yield the correct result. This change adds an escape hatch by letting the user set `mysql_distribution`. Additionally, it verifies that it is set to a legal value if the user has set it. Closes dev-sec#472
On some operating systems, the package for MySQL is not `mysql-server`, and so the default check for this will not yield the correct result. This change adds an escape hatch by letting the user set `mysql_distribution`. Additionally, it verifies that it is set to a legal value if the user has set it. Closes dev-sec#472 Signed-off-by: Shawn Wilsher <656602+sdwilsh@users.noreply.github.com>
* [mysql_hardening] Allow setting the mysql_distribution On some operating systems, the package for MySQL is not `mysql-server`, and so the default check for this will not yield the correct result. This change adds an escape hatch by letting the user set `mysql_distribution`. Additionally, it verifies that it is set to a legal value if the user has set it. Closes #472 Signed-off-by: Shawn Wilsher <656602+sdwilsh@users.noreply.github.com> * Update roles/mysql_hardening/tasks/main.yml Co-authored-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com>
* [mysql_hardening] Allow setting the mysql_distribution On some operating systems, the package for MySQL is not `mysql-server`, and so the default check for this will not yield the correct result. This change adds an escape hatch by letting the user set `mysql_distribution`. Additionally, it verifies that it is set to a legal value if the user has set it. Closes dev-sec#472 Signed-off-by: Shawn Wilsher <656602+sdwilsh@users.noreply.github.com> * Update roles/mysql_hardening/tasks/main.yml Co-authored-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com>
Describe the bug
Due to this line of code, on FreeBSD it is always assumed that the distribution is
mariadb
because the package name ismysql80-server
, notmysql-server
.Expected behavior
Either the system detects the right package or it is allowed to be user-overridden.
Actual behavior
Notably, if I ask mysql what version it is running, it properly reports version
8.0.25
Example Playbook
n/a - this is pretty obvious what is going on
OS / Environment
FreeBSD 12.2
Ansible Version
Role Version
Additional context
Everything else about this playbook works, although I do have to set a number of variables in order to get this far.
The text was updated successfully, but these errors were encountered: