# STDOUT: ---v---v---v---v---v--- ansible-playbook [core 2.16.0] config file = /etc/ansible/ansible.cfg configured module search path = ['/home/jenkins/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /opt/ansible-2.16/lib/python3.11/site-packages/ansible ansible collection location = /WORKDIR/git-weekly-cis_1i3qav/.collection executable location = /opt/ansible-2.16/bin/ansible-playbook python version = 3.11.5 (main, Sep 7 2023, 00:00:00) [GCC 11.4.1 20230605 (Red Hat 11.4.1-2)] (/opt/ansible-2.16/bin/python) jinja version = 3.1.2 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_ipsets.yml ***************************************************** 1 plays in /WORKDIR/git-weekly-cis_1i3qav/tests/tests_ipsets.yml PLAY [Test firewall user defined ipsets] *************************************** TASK [Gathering Facts] ********************************************************* task path: /WORKDIR/git-weekly-cis_1i3qav/tests/tests_ipsets.yml:2 Saturday 09 December 2023 05:55:07 +0000 (0:00:00.022) 0:00:00.022 ***** ok: [sut] TASK [Start from clean slate] ************************************************** task path: /WORKDIR/git-weekly-cis_1i3qav/tests/tests_ipsets.yml:11 Saturday 09 December 2023 05:55:08 +0000 (0:00:00.830) 0:00:00.852 ***** TASK [fedora.linux_system_roles.firewall : Setup firewalld] ******************** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:2 Saturday 09 December 2023 05:55:08 +0000 (0:00:00.040) 0:00:00.893 ***** included: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml for sut TASK [fedora.linux_system_roles.firewall : Ensure ansible_facts used by role] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:2 Saturday 09 December 2023 05:55:08 +0000 (0:00:00.037) 0:00:00.931 ***** skipping: [sut] => { "changed": false, "false_condition": "__firewall_required_facts | difference(ansible_facts.keys() | list) | length > 0", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Check if system is ostree] ********** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:10 Saturday 09 December 2023 05:55:08 +0000 (0:00:00.019) 0:00:00.950 ***** ok: [sut] => { "changed": false, "stat": { "exists": false } } TASK [fedora.linux_system_roles.firewall : Set flag to indicate system is ostree] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:15 Saturday 09 December 2023 05:55:09 +0000 (0:00:00.272) 0:00:01.222 ***** ok: [sut] => { "ansible_facts": { "__firewall_is_ostree": false }, "changed": false } TASK [fedora.linux_system_roles.firewall : Install firewalld] ****************** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:19 Saturday 09 December 2023 05:55:09 +0000 (0:00:00.014) 0:00:01.237 ***** ok: [sut] => { "changed": false, "rc": 0, "results": [ "firewalld-0.6.3-13.el7_9.noarch providing firewalld is already installed" ] } lsrpackages: firewalld TASK [fedora.linux_system_roles.firewall : Collect service facts] ************** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:5 Saturday 09 December 2023 05:55:09 +0000 (0:00:00.465) 0:00:01.703 ***** skipping: [sut] => { "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Attempt to stop and disable conflicting services] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:9 Saturday 09 December 2023 05:55:09 +0000 (0:00:00.017) 0:00:01.720 ***** skipping: [sut] => (item=nftables) => { "ansible_loop_var": "item", "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "item": "nftables", "skip_reason": "Conditional result was False" } skipping: [sut] => (item=iptables) => { "ansible_loop_var": "item", "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "item": "iptables", "skip_reason": "Conditional result was False" } skipping: [sut] => (item=ufw) => { "ansible_loop_var": "item", "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "item": "ufw", "skip_reason": "Conditional result was False" } skipping: [sut] => { "changed": false } MSG: All items skipped TASK [fedora.linux_system_roles.firewall : Unmask firewalld service] *********** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:22 Saturday 09 December 2023 05:55:09 +0000 (0:00:00.026) 0:00:01.747 ***** ok: [sut] => { "changed": false, "name": "firewalld", "status": { "ActiveEnterTimestamp": "Sat 2023-12-09 05:54:49 UTC", "ActiveEnterTimestampMonotonic": "445505242", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "basic.target polkit.service system.slice dbus.service", "AllowIsolate": "no", "AmbientCapabilities": "0", "AssertResult": "yes", "AssertTimestamp": "Sat 2023-12-09 05:54:48 UTC", "AssertTimestampMonotonic": "445126489", "Before": "multi-user.target network-pre.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "18446744073709551615", "BusName": "org.fedoraproject.FirewallD1", "CPUAccounting": "no", "CPUQuotaPerSecUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "18446744073709551615", "CanIsolate": "no", "CanReload": "yes", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "18446744073709551615", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Sat 2023-12-09 05:54:48 UTC", "ConditionTimestampMonotonic": "445126487", "Conflicts": "ipset.service iptables.service ip6tables.service ebtables.service shutdown.target", "ControlGroup": "/system.slice/firewalld.service", "ControlPID": "0", "DefaultDependencies": "yes", "Delegate": "no", "Description": "firewalld - dynamic firewall daemon", "DevicePolicy": "auto", "Documentation": "man:firewalld(1)", "EnvironmentFile": "/etc/sysconfig/firewalld (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "4650", "ExecMainStartTimestamp": "Sat 2023-12-09 05:54:48 UTC", "ExecMainStartTimestampMonotonic": "445134979", "ExecMainStatus": "0", "ExecReload": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStart": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; ignore_errors=no ; start_time=[Sat 2023-12-09 05:54:48 UTC] ; stop_time=[n/a] ; pid=4650 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/firewalld.service", "GuessMainPID": "yes", "IOScheduling": "0", "Id": "firewalld.service", "IgnoreOnIsolate": "no", "IgnoreOnSnapshot": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Sat 2023-12-09 05:54:48 UTC", "InactiveExitTimestampMonotonic": "445135029", "JobTimeoutAction": "none", "JobTimeoutUSec": "0", "KillMode": "mixed", "KillSignal": "15", "LimitAS": "18446744073709551615", "LimitCORE": "18446744073709551615", "LimitCPU": "18446744073709551615", "LimitDATA": "18446744073709551615", "LimitFSIZE": "18446744073709551615", "LimitLOCKS": "18446744073709551615", "LimitMEMLOCK": "65536", "LimitMSGQUEUE": "819200", "LimitNICE": "0", "LimitNOFILE": "4096", "LimitNPROC": "14311", "LimitRSS": "18446744073709551615", "LimitRTPRIO": "0", "LimitRTTIME": "18446744073709551615", "LimitSIGPENDING": "14311", "LimitSTACK": "18446744073709551615", "LoadState": "loaded", "MainPID": "4650", "MemoryAccounting": "no", "MemoryCurrent": "30699520", "MemoryLimit": "18446744073709551615", "MountFlags": "0", "Names": "firewalld.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PermissionsStartOnly": "no", "PrivateDevices": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "ProtectHome": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "Requires": "system.slice basic.target", "Restart": "no", "RestartUSec": "100ms", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "null", "StandardInput": "null", "StandardOutput": "null", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitInterval": "10000000", "StartupBlockIOWeight": "18446744073709551615", "StartupCPUShares": "18446744073709551615", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "no", "TasksCurrent": "2", "TasksMax": "18446744073709551615", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UMask": "0022", "UnitFilePreset": "enabled", "UnitFileState": "enabled", "WantedBy": "multi-user.target", "Wants": "network-pre.target", "WatchdogTimestamp": "Sat 2023-12-09 05:54:49 UTC", "WatchdogTimestampMonotonic": "445505154", "WatchdogUSec": "0" } } TASK [fedora.linux_system_roles.firewall : Enable and start firewalld service] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:28 Saturday 09 December 2023 05:55:09 +0000 (0:00:00.418) 0:00:02.166 ***** ok: [sut] => { "changed": false, "enabled": true, "name": "firewalld", "state": "started", "status": { "ActiveEnterTimestamp": "Sat 2023-12-09 05:54:49 UTC", "ActiveEnterTimestampMonotonic": "445505242", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "basic.target polkit.service system.slice dbus.service", "AllowIsolate": "no", "AmbientCapabilities": "0", "AssertResult": "yes", "AssertTimestamp": "Sat 2023-12-09 05:54:48 UTC", "AssertTimestampMonotonic": "445126489", "Before": "multi-user.target network-pre.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "18446744073709551615", "BusName": "org.fedoraproject.FirewallD1", "CPUAccounting": "no", "CPUQuotaPerSecUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "18446744073709551615", "CanIsolate": "no", "CanReload": "yes", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "18446744073709551615", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Sat 2023-12-09 05:54:48 UTC", "ConditionTimestampMonotonic": "445126487", "Conflicts": "ipset.service iptables.service ip6tables.service ebtables.service shutdown.target", "ControlGroup": "/system.slice/firewalld.service", "ControlPID": "0", "DefaultDependencies": "yes", "Delegate": "no", "Description": "firewalld - dynamic firewall daemon", "DevicePolicy": "auto", "Documentation": "man:firewalld(1)", "EnvironmentFile": "/etc/sysconfig/firewalld (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "4650", "ExecMainStartTimestamp": "Sat 2023-12-09 05:54:48 UTC", "ExecMainStartTimestampMonotonic": "445134979", "ExecMainStatus": "0", "ExecReload": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStart": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; ignore_errors=no ; start_time=[Sat 2023-12-09 05:54:48 UTC] ; stop_time=[n/a] ; pid=4650 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/firewalld.service", "GuessMainPID": "yes", "IOScheduling": "0", "Id": "firewalld.service", "IgnoreOnIsolate": "no", "IgnoreOnSnapshot": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Sat 2023-12-09 05:54:48 UTC", "InactiveExitTimestampMonotonic": "445135029", "JobTimeoutAction": "none", "JobTimeoutUSec": "0", "KillMode": "mixed", "KillSignal": "15", "LimitAS": "18446744073709551615", "LimitCORE": "18446744073709551615", "LimitCPU": "18446744073709551615", "LimitDATA": "18446744073709551615", "LimitFSIZE": "18446744073709551615", "LimitLOCKS": "18446744073709551615", "LimitMEMLOCK": "65536", "LimitMSGQUEUE": "819200", "LimitNICE": "0", "LimitNOFILE": "4096", "LimitNPROC": "14311", "LimitRSS": "18446744073709551615", "LimitRTPRIO": "0", "LimitRTTIME": "18446744073709551615", "LimitSIGPENDING": "14311", "LimitSTACK": "18446744073709551615", "LoadState": "loaded", "MainPID": "4650", "MemoryAccounting": "no", "MemoryCurrent": "30699520", "MemoryLimit": "18446744073709551615", "MountFlags": "0", "Names": "firewalld.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PermissionsStartOnly": "no", "PrivateDevices": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "ProtectHome": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "Requires": "system.slice basic.target", "Restart": "no", "RestartUSec": "100ms", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "null", "StandardInput": "null", "StandardOutput": "null", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitInterval": "10000000", "StartupBlockIOWeight": "18446744073709551615", "StartupCPUShares": "18446744073709551615", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "no", "TasksCurrent": "2", "TasksMax": "18446744073709551615", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UMask": "0022", "UnitFilePreset": "enabled", "UnitFileState": "enabled", "WantedBy": "multi-user.target", "Wants": "network-pre.target", "WatchdogTimestamp": "Sat 2023-12-09 05:54:49 UTC", "WatchdogTimestampMonotonic": "445505154", "WatchdogUSec": "0" } } TASK [fedora.linux_system_roles.firewall : Check if previous replaced is defined] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:34 Saturday 09 December 2023 05:55:10 +0000 (0:00:00.242) 0:00:02.408 ***** ok: [sut] => { "ansible_facts": { "__firewall_previous_replaced": true, "__firewall_python_cmd": "/usr/bin/python2", "__firewall_report_changed": true }, "changed": false } TASK [fedora.linux_system_roles.firewall : Get config files, checksums before and remove] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:43 Saturday 09 December 2023 05:55:10 +0000 (0:00:00.031) 0:00:02.440 ***** ok: [sut] => { "changed": false, "rc": 0 } STDOUT: 3abce906e7451e7074ff1eb735c807e5b34c2de18d11ebfabd40ba30c738b192 /etc/firewalld/zones/public.xml 4baa9218a023fc374a6d44f36e4d903f1704a4c6ea197ebbbf907d5d346c9855 /etc/firewalld/services/custom.xml STDERR: Shared connection to 10.31.43.224 closed. TASK [fedora.linux_system_roles.firewall : Tell firewall module it is able to report changed] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:55 Saturday 09 December 2023 05:55:11 +0000 (0:00:00.844) 0:00:03.285 ***** ok: [sut] => { "ansible_facts": { "__firewall_report_changed": false }, "changed": false } TASK [fedora.linux_system_roles.firewall : Configure firewall] ***************** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:71 Saturday 09 December 2023 05:55:11 +0000 (0:00:00.021) 0:00:03.306 ***** skipping: [sut] => { "changed": false, "skipped_reason": "No items in the list" } TASK [fedora.linux_system_roles.firewall : Gather firewall config information] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:120 Saturday 09 December 2023 05:55:11 +0000 (0:00:00.029) 0:00:03.336 ***** skipping: [sut] => { "changed": false, "skipped_reason": "No items in the list" } TASK [fedora.linux_system_roles.firewall : Update firewalld_config fact] ******* task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:130 Saturday 09 December 2023 05:55:11 +0000 (0:00:00.020) 0:00:03.357 ***** skipping: [sut] => { "changed": false, "false_condition": "'detailed' in fw[0]", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Gather firewall config if no arguments] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:139 Saturday 09 December 2023 05:55:11 +0000 (0:00:00.027) 0:00:03.384 ***** skipping: [sut] => { "changed": false, "false_condition": "firewall == None or firewall | length == 0", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Update firewalld_config fact] ******* task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:144 Saturday 09 December 2023 05:55:11 +0000 (0:00:00.016) 0:00:03.401 ***** skipping: [sut] => { "changed": false, "false_condition": "firewall == None or firewall | length == 0", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Get config files, checksums after] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:153 Saturday 09 December 2023 05:55:11 +0000 (0:00:00.016) 0:00:03.417 ***** ok: [sut] => { "changed": false, "rc": 0 } STDERR: Shared connection to 10.31.43.224 closed. TASK [fedora.linux_system_roles.firewall : Calculate what has changed] ********* task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:163 Saturday 09 December 2023 05:55:11 +0000 (0:00:00.272) 0:00:03.690 ***** changed: [sut] => { "ansible_facts": { "firewall_lib_result": { "changed": true } }, "changed": true } TASK [fedora.linux_system_roles.firewall : Show diffs] ************************* task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:169 Saturday 09 December 2023 05:55:11 +0000 (0:00:00.022) 0:00:03.712 ***** skipping: [sut] => { "false_condition": "__firewall_debug | d(false)" } TASK [Get all ipsets] ********************************************************** task path: /WORKDIR/git-weekly-cis_1i3qav/tests/tests_ipsets.yml:19 Saturday 09 December 2023 05:55:11 +0000 (0:00:00.019) 0:00:03.732 ***** ok: [sut] => { "changed": false, "cmd": "set -o pipefail\nfirewall-cmd --permanent --get-ipsets | grep customipset\n", "delta": "0:00:00.313219", "end": "2023-12-09 05:55:12.023853", "failed_when_result": false, "rc": 1, "start": "2023-12-09 05:55:11.710634" } MSG: non-zero return code TASK [Define new ipset] ******************************************************** task path: /WORKDIR/git-weekly-cis_1i3qav/tests/tests_ipsets.yml:30 Saturday 09 December 2023 05:55:12 +0000 (0:00:00.543) 0:00:04.276 ***** TASK [fedora.linux_system_roles.firewall : Setup firewalld] ******************** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:2 Saturday 09 December 2023 05:55:12 +0000 (0:00:00.031) 0:00:04.308 ***** included: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml for sut TASK [fedora.linux_system_roles.firewall : Ensure ansible_facts used by role] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:2 Saturday 09 December 2023 05:55:12 +0000 (0:00:00.012) 0:00:04.320 ***** skipping: [sut] => { "changed": false, "false_condition": "__firewall_required_facts | difference(ansible_facts.keys() | list) | length > 0", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Check if system is ostree] ********** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:10 Saturday 09 December 2023 05:55:12 +0000 (0:00:00.020) 0:00:04.341 ***** skipping: [sut] => { "changed": false, "false_condition": "not __firewall_is_ostree is defined", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Set flag to indicate system is ostree] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:15 Saturday 09 December 2023 05:55:12 +0000 (0:00:00.012) 0:00:04.353 ***** skipping: [sut] => { "changed": false, "false_condition": "not __firewall_is_ostree is defined", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Install firewalld] ****************** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:19 Saturday 09 December 2023 05:55:12 +0000 (0:00:00.013) 0:00:04.367 ***** ok: [sut] => { "changed": false, "rc": 0, "results": [ "firewalld-0.6.3-13.el7_9.noarch providing firewalld is already installed" ] } lsrpackages: firewalld TASK [fedora.linux_system_roles.firewall : Collect service facts] ************** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:5 Saturday 09 December 2023 05:55:12 +0000 (0:00:00.373) 0:00:04.740 ***** skipping: [sut] => { "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Attempt to stop and disable conflicting services] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:9 Saturday 09 December 2023 05:55:12 +0000 (0:00:00.022) 0:00:04.762 ***** skipping: [sut] => (item=nftables) => { "ansible_loop_var": "item", "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "item": "nftables", "skip_reason": "Conditional result was False" } skipping: [sut] => (item=iptables) => { "ansible_loop_var": "item", "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "item": "iptables", "skip_reason": "Conditional result was False" } skipping: [sut] => (item=ufw) => { "ansible_loop_var": "item", "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "item": "ufw", "skip_reason": "Conditional result was False" } skipping: [sut] => { "changed": false } MSG: All items skipped TASK [fedora.linux_system_roles.firewall : Unmask firewalld service] *********** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:22 Saturday 09 December 2023 05:55:12 +0000 (0:00:00.024) 0:00:04.786 ***** ok: [sut] => { "changed": false, "name": "firewalld", "status": { "ActiveEnterTimestamp": "Sat 2023-12-09 05:54:49 UTC", "ActiveEnterTimestampMonotonic": "445505242", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "basic.target polkit.service system.slice dbus.service", "AllowIsolate": "no", "AmbientCapabilities": "0", "AssertResult": "yes", "AssertTimestamp": "Sat 2023-12-09 05:54:48 UTC", "AssertTimestampMonotonic": "445126489", "Before": "multi-user.target network-pre.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "18446744073709551615", "BusName": "org.fedoraproject.FirewallD1", "CPUAccounting": "no", "CPUQuotaPerSecUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "18446744073709551615", "CanIsolate": "no", "CanReload": "yes", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "18446744073709551615", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Sat 2023-12-09 05:54:48 UTC", "ConditionTimestampMonotonic": "445126487", "Conflicts": "ipset.service iptables.service ip6tables.service ebtables.service shutdown.target", "ControlGroup": "/system.slice/firewalld.service", "ControlPID": "0", "DefaultDependencies": "yes", "Delegate": "no", "Description": "firewalld - dynamic firewall daemon", "DevicePolicy": "auto", "Documentation": "man:firewalld(1)", "EnvironmentFile": "/etc/sysconfig/firewalld (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "4650", "ExecMainStartTimestamp": "Sat 2023-12-09 05:54:48 UTC", "ExecMainStartTimestampMonotonic": "445134979", "ExecMainStatus": "0", "ExecReload": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStart": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; ignore_errors=no ; start_time=[Sat 2023-12-09 05:54:48 UTC] ; stop_time=[n/a] ; pid=4650 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/firewalld.service", "GuessMainPID": "yes", "IOScheduling": "0", "Id": "firewalld.service", "IgnoreOnIsolate": "no", "IgnoreOnSnapshot": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Sat 2023-12-09 05:54:48 UTC", "InactiveExitTimestampMonotonic": "445135029", "JobTimeoutAction": "none", "JobTimeoutUSec": "0", "KillMode": "mixed", "KillSignal": "15", "LimitAS": "18446744073709551615", "LimitCORE": "18446744073709551615", "LimitCPU": "18446744073709551615", "LimitDATA": "18446744073709551615", "LimitFSIZE": "18446744073709551615", "LimitLOCKS": "18446744073709551615", "LimitMEMLOCK": "65536", "LimitMSGQUEUE": "819200", "LimitNICE": "0", "LimitNOFILE": "4096", "LimitNPROC": "14311", "LimitRSS": "18446744073709551615", "LimitRTPRIO": "0", "LimitRTTIME": "18446744073709551615", "LimitSIGPENDING": "14311", "LimitSTACK": "18446744073709551615", "LoadState": "loaded", "MainPID": "4650", "MemoryAccounting": "no", "MemoryCurrent": "30629888", "MemoryLimit": "18446744073709551615", "MountFlags": "0", "Names": "firewalld.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PermissionsStartOnly": "no", "PrivateDevices": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "ProtectHome": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "Requires": "system.slice basic.target", "Restart": "no", "RestartUSec": "100ms", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "null", "StandardInput": "null", "StandardOutput": "null", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitInterval": "10000000", "StartupBlockIOWeight": "18446744073709551615", "StartupCPUShares": "18446744073709551615", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "no", "TasksCurrent": "2", "TasksMax": "18446744073709551615", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UMask": "0022", "UnitFilePreset": "enabled", "UnitFileState": "enabled", "WantedBy": "multi-user.target", "Wants": "network-pre.target", "WatchdogTimestamp": "Sat 2023-12-09 05:54:49 UTC", "WatchdogTimestampMonotonic": "445505154", "WatchdogUSec": "0" } } TASK [fedora.linux_system_roles.firewall : Enable and start firewalld service] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:28 Saturday 09 December 2023 05:55:12 +0000 (0:00:00.235) 0:00:05.022 ***** ok: [sut] => { "changed": false, "enabled": true, "name": "firewalld", "state": "started", "status": { "ActiveEnterTimestamp": "Sat 2023-12-09 05:54:49 UTC", "ActiveEnterTimestampMonotonic": "445505242", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "basic.target polkit.service system.slice dbus.service", "AllowIsolate": "no", "AmbientCapabilities": "0", "AssertResult": "yes", "AssertTimestamp": "Sat 2023-12-09 05:54:48 UTC", "AssertTimestampMonotonic": "445126489", "Before": "multi-user.target network-pre.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "18446744073709551615", "BusName": "org.fedoraproject.FirewallD1", "CPUAccounting": "no", "CPUQuotaPerSecUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "18446744073709551615", "CanIsolate": "no", "CanReload": "yes", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "18446744073709551615", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Sat 2023-12-09 05:54:48 UTC", "ConditionTimestampMonotonic": "445126487", "Conflicts": "ipset.service iptables.service ip6tables.service ebtables.service shutdown.target", "ControlGroup": "/system.slice/firewalld.service", "ControlPID": "0", "DefaultDependencies": "yes", "Delegate": "no", "Description": "firewalld - dynamic firewall daemon", "DevicePolicy": "auto", "Documentation": "man:firewalld(1)", "EnvironmentFile": "/etc/sysconfig/firewalld (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "4650", "ExecMainStartTimestamp": "Sat 2023-12-09 05:54:48 UTC", "ExecMainStartTimestampMonotonic": "445134979", "ExecMainStatus": "0", "ExecReload": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStart": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; ignore_errors=no ; start_time=[Sat 2023-12-09 05:54:48 UTC] ; stop_time=[n/a] ; pid=4650 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/firewalld.service", "GuessMainPID": "yes", "IOScheduling": "0", "Id": "firewalld.service", "IgnoreOnIsolate": "no", "IgnoreOnSnapshot": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Sat 2023-12-09 05:54:48 UTC", "InactiveExitTimestampMonotonic": "445135029", "JobTimeoutAction": "none", "JobTimeoutUSec": "0", "KillMode": "mixed", "KillSignal": "15", "LimitAS": "18446744073709551615", "LimitCORE": "18446744073709551615", "LimitCPU": "18446744073709551615", "LimitDATA": "18446744073709551615", "LimitFSIZE": "18446744073709551615", "LimitLOCKS": "18446744073709551615", "LimitMEMLOCK": "65536", "LimitMSGQUEUE": "819200", "LimitNICE": "0", "LimitNOFILE": "4096", "LimitNPROC": "14311", "LimitRSS": "18446744073709551615", "LimitRTPRIO": "0", "LimitRTTIME": "18446744073709551615", "LimitSIGPENDING": "14311", "LimitSTACK": "18446744073709551615", "LoadState": "loaded", "MainPID": "4650", "MemoryAccounting": "no", "MemoryCurrent": "30629888", "MemoryLimit": "18446744073709551615", "MountFlags": "0", "Names": "firewalld.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PermissionsStartOnly": "no", "PrivateDevices": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "ProtectHome": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "Requires": "system.slice basic.target", "Restart": "no", "RestartUSec": "100ms", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "null", "StandardInput": "null", "StandardOutput": "null", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitInterval": "10000000", "StartupBlockIOWeight": "18446744073709551615", "StartupCPUShares": "18446744073709551615", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "no", "TasksCurrent": "2", "TasksMax": "18446744073709551615", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UMask": "0022", "UnitFilePreset": "enabled", "UnitFileState": "enabled", "WantedBy": "multi-user.target", "Wants": "network-pre.target", "WatchdogTimestamp": "Sat 2023-12-09 05:54:49 UTC", "WatchdogTimestampMonotonic": "445505154", "WatchdogUSec": "0" } } TASK [fedora.linux_system_roles.firewall : Check if previous replaced is defined] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:34 Saturday 09 December 2023 05:55:13 +0000 (0:00:00.242) 0:00:05.264 ***** ok: [sut] => { "ansible_facts": { "__firewall_previous_replaced": false, "__firewall_python_cmd": "/usr/bin/python2", "__firewall_report_changed": true }, "changed": false } TASK [fedora.linux_system_roles.firewall : Get config files, checksums before and remove] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:43 Saturday 09 December 2023 05:55:13 +0000 (0:00:00.034) 0:00:05.298 ***** skipping: [sut] => { "changed": false, "false_condition": "__firewall_previous_replaced | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Tell firewall module it is able to report changed] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:55 Saturday 09 December 2023 05:55:13 +0000 (0:00:00.018) 0:00:05.317 ***** skipping: [sut] => { "changed": false, "false_condition": "__firewall_previous_replaced | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Configure firewall] ***************** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:71 Saturday 09 December 2023 05:55:13 +0000 (0:00:00.017) 0:00:05.334 ***** changed: [sut] => (item={'ipset': 'customipset', 'ipset_type': 'hash:ip', 'ipset_entries': ['127.0.0.1', '8.8.8.8'], 'short': 'Custom', 'desciption': 'Custom IPSet for testing purposes', 'state': 'present', 'permanent': True}) => { "__firewall_changed": true, "ansible_loop_var": "item", "changed": true, "item": { "desciption": "Custom IPSet for testing purposes", "ipset": "customipset", "ipset_entries": [ "127.0.0.1", "8.8.8.8" ], "ipset_type": "hash:ip", "permanent": true, "short": "Custom", "state": "present" } } TASK [fedora.linux_system_roles.firewall : Gather firewall config information] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:120 Saturday 09 December 2023 05:55:13 +0000 (0:00:00.837) 0:00:06.171 ***** skipping: [sut] => (item={'ipset': 'customipset', 'ipset_type': 'hash:ip', 'ipset_entries': ['127.0.0.1', '8.8.8.8'], 'short': 'Custom', 'desciption': 'Custom IPSet for testing purposes', 'state': 'present', 'permanent': True}) => { "ansible_loop_var": "item", "changed": false, "false_condition": "'detailed' in fw[0]", "item": { "desciption": "Custom IPSet for testing purposes", "ipset": "customipset", "ipset_entries": [ "127.0.0.1", "8.8.8.8" ], "ipset_type": "hash:ip", "permanent": true, "short": "Custom", "state": "present" }, "skip_reason": "Conditional result was False" } skipping: [sut] => { "changed": false } MSG: All items skipped TASK [fedora.linux_system_roles.firewall : Update firewalld_config fact] ******* task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:130 Saturday 09 December 2023 05:55:13 +0000 (0:00:00.025) 0:00:06.197 ***** skipping: [sut] => { "changed": false, "false_condition": "'detailed' in fw[0]", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Gather firewall config if no arguments] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:139 Saturday 09 December 2023 05:55:14 +0000 (0:00:00.019) 0:00:06.217 ***** skipping: [sut] => { "changed": false, "false_condition": "firewall == None or firewall | length == 0", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Update firewalld_config fact] ******* task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:144 Saturday 09 December 2023 05:55:14 +0000 (0:00:00.015) 0:00:06.232 ***** skipping: [sut] => { "changed": false, "false_condition": "firewall == None or firewall | length == 0", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Get config files, checksums after] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:153 Saturday 09 December 2023 05:55:14 +0000 (0:00:00.018) 0:00:06.251 ***** skipping: [sut] => { "changed": false, "false_condition": "__firewall_previous_replaced | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Calculate what has changed] ********* task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:163 Saturday 09 December 2023 05:55:14 +0000 (0:00:00.023) 0:00:06.275 ***** skipping: [sut] => { "changed": false, "false_condition": "__firewall_previous_replaced | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Show diffs] ************************* task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:169 Saturday 09 December 2023 05:55:14 +0000 (0:00:00.016) 0:00:06.292 ***** skipping: [sut] => { "false_condition": "__firewall_previous_replaced | bool" } TASK [Fail if ipset not added] ************************************************* task path: /WORKDIR/git-weekly-cis_1i3qav/tests/tests_ipsets.yml:45 Saturday 09 December 2023 05:55:14 +0000 (0:00:00.026) 0:00:06.319 ***** ok: [sut] => { "changed": false, "cmd": "set -o pipefail\nfirewall-cmd --permanent --get-ipsets | grep \"customipset\"\n", "delta": "0:00:00.312557", "end": "2023-12-09 05:55:14.545933", "failed_when_result": false, "rc": 0, "start": "2023-12-09 05:55:14.233376" } STDOUT: customipset TASK [Fail if entry not added to ipset] **************************************** task path: /WORKDIR/git-weekly-cis_1i3qav/tests/tests_ipsets.yml:54 Saturday 09 December 2023 05:55:14 +0000 (0:00:00.470) 0:00:06.789 ***** ok: [sut] => { "changed": false, "cmd": [ "firewall-cmd", "--permanent", "--ipset", "customipset", "--query-entry", "8.8.8.8" ], "delta": "0:00:00.318107", "end": "2023-12-09 05:55:15.026351", "rc": 0, "start": "2023-12-09 05:55:14.708244" } STDOUT: yes TASK [Redefine new ipset] ****************************************************** task path: /WORKDIR/git-weekly-cis_1i3qav/tests/tests_ipsets.yml:59 Saturday 09 December 2023 05:55:15 +0000 (0:00:00.469) 0:00:07.259 ***** TASK [fedora.linux_system_roles.firewall : Setup firewalld] ******************** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:2 Saturday 09 December 2023 05:55:15 +0000 (0:00:00.046) 0:00:07.306 ***** included: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml for sut TASK [fedora.linux_system_roles.firewall : Ensure ansible_facts used by role] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:2 Saturday 09 December 2023 05:55:15 +0000 (0:00:00.016) 0:00:07.323 ***** skipping: [sut] => { "changed": false, "false_condition": "__firewall_required_facts | difference(ansible_facts.keys() | list) | length > 0", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Check if system is ostree] ********** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:10 Saturday 09 December 2023 05:55:15 +0000 (0:00:00.037) 0:00:07.360 ***** skipping: [sut] => { "changed": false, "false_condition": "not __firewall_is_ostree is defined", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Set flag to indicate system is ostree] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:15 Saturday 09 December 2023 05:55:15 +0000 (0:00:00.020) 0:00:07.381 ***** skipping: [sut] => { "changed": false, "false_condition": "not __firewall_is_ostree is defined", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Install firewalld] ****************** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:19 Saturday 09 December 2023 05:55:15 +0000 (0:00:00.014) 0:00:07.395 ***** ok: [sut] => { "changed": false, "rc": 0, "results": [ "firewalld-0.6.3-13.el7_9.noarch providing firewalld is already installed" ] } lsrpackages: firewalld TASK [fedora.linux_system_roles.firewall : Collect service facts] ************** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:5 Saturday 09 December 2023 05:55:15 +0000 (0:00:00.421) 0:00:07.817 ***** skipping: [sut] => { "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Attempt to stop and disable conflicting services] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:9 Saturday 09 December 2023 05:55:15 +0000 (0:00:00.016) 0:00:07.833 ***** skipping: [sut] => (item=nftables) => { "ansible_loop_var": "item", "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "item": "nftables", "skip_reason": "Conditional result was False" } skipping: [sut] => (item=iptables) => { "ansible_loop_var": "item", "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "item": "iptables", "skip_reason": "Conditional result was False" } skipping: [sut] => (item=ufw) => { "ansible_loop_var": "item", "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "item": "ufw", "skip_reason": "Conditional result was False" } skipping: [sut] => { "changed": false } MSG: All items skipped TASK [fedora.linux_system_roles.firewall : Unmask firewalld service] *********** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:22 Saturday 09 December 2023 05:55:15 +0000 (0:00:00.019) 0:00:07.853 ***** ok: [sut] => { "changed": false, "name": "firewalld", "status": { "ActiveEnterTimestamp": "Sat 2023-12-09 05:54:49 UTC", "ActiveEnterTimestampMonotonic": "445505242", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "basic.target polkit.service system.slice dbus.service", "AllowIsolate": "no", "AmbientCapabilities": "0", "AssertResult": "yes", "AssertTimestamp": "Sat 2023-12-09 05:54:48 UTC", "AssertTimestampMonotonic": "445126489", "Before": "multi-user.target network-pre.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "18446744073709551615", "BusName": "org.fedoraproject.FirewallD1", "CPUAccounting": "no", "CPUQuotaPerSecUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "18446744073709551615", "CanIsolate": "no", "CanReload": "yes", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "18446744073709551615", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Sat 2023-12-09 05:54:48 UTC", "ConditionTimestampMonotonic": "445126487", "Conflicts": "ipset.service iptables.service ip6tables.service ebtables.service shutdown.target", "ControlGroup": "/system.slice/firewalld.service", "ControlPID": "0", "DefaultDependencies": "yes", "Delegate": "no", "Description": "firewalld - dynamic firewall daemon", "DevicePolicy": "auto", "Documentation": "man:firewalld(1)", "EnvironmentFile": "/etc/sysconfig/firewalld (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "4650", "ExecMainStartTimestamp": "Sat 2023-12-09 05:54:48 UTC", "ExecMainStartTimestampMonotonic": "445134979", "ExecMainStatus": "0", "ExecReload": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStart": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; ignore_errors=no ; start_time=[Sat 2023-12-09 05:54:48 UTC] ; stop_time=[n/a] ; pid=4650 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/firewalld.service", "GuessMainPID": "yes", "IOScheduling": "0", "Id": "firewalld.service", "IgnoreOnIsolate": "no", "IgnoreOnSnapshot": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Sat 2023-12-09 05:54:48 UTC", "InactiveExitTimestampMonotonic": "445135029", "JobTimeoutAction": "none", "JobTimeoutUSec": "0", "KillMode": "mixed", "KillSignal": "15", "LimitAS": "18446744073709551615", "LimitCORE": "18446744073709551615", "LimitCPU": "18446744073709551615", "LimitDATA": "18446744073709551615", "LimitFSIZE": "18446744073709551615", "LimitLOCKS": "18446744073709551615", "LimitMEMLOCK": "65536", "LimitMSGQUEUE": "819200", "LimitNICE": "0", "LimitNOFILE": "4096", "LimitNPROC": "14311", "LimitRSS": "18446744073709551615", "LimitRTPRIO": "0", "LimitRTTIME": "18446744073709551615", "LimitSIGPENDING": "14311", "LimitSTACK": "18446744073709551615", "LoadState": "loaded", "MainPID": "4650", "MemoryAccounting": "no", "MemoryCurrent": "30646272", "MemoryLimit": "18446744073709551615", "MountFlags": "0", "Names": "firewalld.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PermissionsStartOnly": "no", "PrivateDevices": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "ProtectHome": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "Requires": "system.slice basic.target", "Restart": "no", "RestartUSec": "100ms", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "null", "StandardInput": "null", "StandardOutput": "null", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitInterval": "10000000", "StartupBlockIOWeight": "18446744073709551615", "StartupCPUShares": "18446744073709551615", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "no", "TasksCurrent": "2", "TasksMax": "18446744073709551615", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UMask": "0022", "UnitFilePreset": "enabled", "UnitFileState": "enabled", "WantedBy": "multi-user.target", "Wants": "network-pre.target", "WatchdogTimestamp": "Sat 2023-12-09 05:54:49 UTC", "WatchdogTimestampMonotonic": "445505154", "WatchdogUSec": "0" } } TASK [fedora.linux_system_roles.firewall : Enable and start firewalld service] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:28 Saturday 09 December 2023 05:55:15 +0000 (0:00:00.250) 0:00:08.103 ***** ok: [sut] => { "changed": false, "enabled": true, "name": "firewalld", "state": "started", "status": { "ActiveEnterTimestamp": "Sat 2023-12-09 05:54:49 UTC", "ActiveEnterTimestampMonotonic": "445505242", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "basic.target polkit.service system.slice dbus.service", "AllowIsolate": "no", "AmbientCapabilities": "0", "AssertResult": "yes", "AssertTimestamp": "Sat 2023-12-09 05:54:48 UTC", "AssertTimestampMonotonic": "445126489", "Before": "multi-user.target network-pre.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "18446744073709551615", "BusName": "org.fedoraproject.FirewallD1", "CPUAccounting": "no", "CPUQuotaPerSecUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "18446744073709551615", "CanIsolate": "no", "CanReload": "yes", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "18446744073709551615", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Sat 2023-12-09 05:54:48 UTC", "ConditionTimestampMonotonic": "445126487", "Conflicts": "ipset.service iptables.service ip6tables.service ebtables.service shutdown.target", "ControlGroup": "/system.slice/firewalld.service", "ControlPID": "0", "DefaultDependencies": "yes", "Delegate": "no", "Description": "firewalld - dynamic firewall daemon", "DevicePolicy": "auto", "Documentation": "man:firewalld(1)", "EnvironmentFile": "/etc/sysconfig/firewalld (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "4650", "ExecMainStartTimestamp": "Sat 2023-12-09 05:54:48 UTC", "ExecMainStartTimestampMonotonic": "445134979", "ExecMainStatus": "0", "ExecReload": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStart": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; ignore_errors=no ; start_time=[Sat 2023-12-09 05:54:48 UTC] ; stop_time=[n/a] ; pid=4650 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/firewalld.service", "GuessMainPID": "yes", "IOScheduling": "0", "Id": "firewalld.service", "IgnoreOnIsolate": "no", "IgnoreOnSnapshot": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Sat 2023-12-09 05:54:48 UTC", "InactiveExitTimestampMonotonic": "445135029", "JobTimeoutAction": "none", "JobTimeoutUSec": "0", "KillMode": "mixed", "KillSignal": "15", "LimitAS": "18446744073709551615", "LimitCORE": "18446744073709551615", "LimitCPU": "18446744073709551615", "LimitDATA": "18446744073709551615", "LimitFSIZE": "18446744073709551615", "LimitLOCKS": "18446744073709551615", "LimitMEMLOCK": "65536", "LimitMSGQUEUE": "819200", "LimitNICE": "0", "LimitNOFILE": "4096", "LimitNPROC": "14311", "LimitRSS": "18446744073709551615", "LimitRTPRIO": "0", "LimitRTTIME": "18446744073709551615", "LimitSIGPENDING": "14311", "LimitSTACK": "18446744073709551615", "LoadState": "loaded", "MainPID": "4650", "MemoryAccounting": "no", "MemoryCurrent": "30646272", "MemoryLimit": "18446744073709551615", "MountFlags": "0", "Names": "firewalld.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PermissionsStartOnly": "no", "PrivateDevices": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "ProtectHome": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "Requires": "system.slice basic.target", "Restart": "no", "RestartUSec": "100ms", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "null", "StandardInput": "null", "StandardOutput": "null", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitInterval": "10000000", "StartupBlockIOWeight": "18446744073709551615", "StartupCPUShares": "18446744073709551615", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "no", "TasksCurrent": "2", "TasksMax": "18446744073709551615", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UMask": "0022", "UnitFilePreset": "enabled", "UnitFileState": "enabled", "WantedBy": "multi-user.target", "Wants": "network-pre.target", "WatchdogTimestamp": "Sat 2023-12-09 05:54:49 UTC", "WatchdogTimestampMonotonic": "445505154", "WatchdogUSec": "0" } } TASK [fedora.linux_system_roles.firewall : Check if previous replaced is defined] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:34 Saturday 09 December 2023 05:55:16 +0000 (0:00:00.247) 0:00:08.350 ***** ok: [sut] => { "ansible_facts": { "__firewall_previous_replaced": false, "__firewall_python_cmd": "/usr/bin/python2", "__firewall_report_changed": true }, "changed": false } TASK [fedora.linux_system_roles.firewall : Get config files, checksums before and remove] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:43 Saturday 09 December 2023 05:55:16 +0000 (0:00:00.024) 0:00:08.375 ***** skipping: [sut] => { "changed": false, "false_condition": "__firewall_previous_replaced | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Tell firewall module it is able to report changed] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:55 Saturday 09 December 2023 05:55:16 +0000 (0:00:00.016) 0:00:08.392 ***** skipping: [sut] => { "changed": false, "false_condition": "__firewall_previous_replaced | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Configure firewall] ***************** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:71 Saturday 09 December 2023 05:55:16 +0000 (0:00:00.016) 0:00:08.408 ***** ok: [sut] => (item={'ipset': 'customipset', 'short': 'Custom', 'desciption': 'Custom IPSet for testing purposes', 'state': 'present', 'permanent': True}) => { "__firewall_changed": false, "ansible_loop_var": "item", "changed": false, "item": { "desciption": "Custom IPSet for testing purposes", "ipset": "customipset", "permanent": true, "short": "Custom", "state": "present" } } TASK [fedora.linux_system_roles.firewall : Gather firewall config information] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:120 Saturday 09 December 2023 05:55:16 +0000 (0:00:00.470) 0:00:08.878 ***** skipping: [sut] => (item={'ipset': 'customipset', 'short': 'Custom', 'desciption': 'Custom IPSet for testing purposes', 'state': 'present', 'permanent': True}) => { "ansible_loop_var": "item", "changed": false, "false_condition": "'detailed' in fw[0]", "item": { "desciption": "Custom IPSet for testing purposes", "ipset": "customipset", "permanent": true, "short": "Custom", "state": "present" }, "skip_reason": "Conditional result was False" } skipping: [sut] => { "changed": false } MSG: All items skipped TASK [fedora.linux_system_roles.firewall : Update firewalld_config fact] ******* task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:130 Saturday 09 December 2023 05:55:16 +0000 (0:00:00.026) 0:00:08.905 ***** skipping: [sut] => { "changed": false, "false_condition": "'detailed' in fw[0]", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Gather firewall config if no arguments] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:139 Saturday 09 December 2023 05:55:16 +0000 (0:00:00.022) 0:00:08.928 ***** skipping: [sut] => { "changed": false, "false_condition": "firewall == None or firewall | length == 0", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Update firewalld_config fact] ******* task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:144 Saturday 09 December 2023 05:55:16 +0000 (0:00:00.017) 0:00:08.946 ***** skipping: [sut] => { "changed": false, "false_condition": "firewall == None or firewall | length == 0", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Get config files, checksums after] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:153 Saturday 09 December 2023 05:55:16 +0000 (0:00:00.016) 0:00:08.963 ***** skipping: [sut] => { "changed": false, "false_condition": "__firewall_previous_replaced | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Calculate what has changed] ********* task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:163 Saturday 09 December 2023 05:55:16 +0000 (0:00:00.015) 0:00:08.978 ***** skipping: [sut] => { "changed": false, "false_condition": "__firewall_previous_replaced | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Show diffs] ************************* task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:169 Saturday 09 December 2023 05:55:16 +0000 (0:00:00.016) 0:00:08.995 ***** skipping: [sut] => { "false_condition": "__firewall_previous_replaced | bool" } TASK [Fail if defining ipset not idempotent] *********************************** task path: /WORKDIR/git-weekly-cis_1i3qav/tests/tests_ipsets.yml:71 Saturday 09 December 2023 05:55:16 +0000 (0:00:00.016) 0:00:09.012 ***** skipping: [sut] => { "changed": false, "false_condition": "result.changed | bool", "skip_reason": "Conditional result was False" } TASK [Remove entries from ipset] *********************************************** task path: /WORKDIR/git-weekly-cis_1i3qav/tests/tests_ipsets.yml:76 Saturday 09 December 2023 05:55:16 +0000 (0:00:00.017) 0:00:09.029 ***** TASK [fedora.linux_system_roles.firewall : Setup firewalld] ******************** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:2 Saturday 09 December 2023 05:55:16 +0000 (0:00:00.040) 0:00:09.070 ***** included: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml for sut TASK [fedora.linux_system_roles.firewall : Ensure ansible_facts used by role] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:2 Saturday 09 December 2023 05:55:16 +0000 (0:00:00.012) 0:00:09.082 ***** skipping: [sut] => { "changed": false, "false_condition": "__firewall_required_facts | difference(ansible_facts.keys() | list) | length > 0", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Check if system is ostree] ********** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:10 Saturday 09 December 2023 05:55:16 +0000 (0:00:00.024) 0:00:09.107 ***** skipping: [sut] => { "changed": false, "false_condition": "not __firewall_is_ostree is defined", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Set flag to indicate system is ostree] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:15 Saturday 09 December 2023 05:55:16 +0000 (0:00:00.012) 0:00:09.119 ***** skipping: [sut] => { "changed": false, "false_condition": "not __firewall_is_ostree is defined", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Install firewalld] ****************** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:19 Saturday 09 December 2023 05:55:16 +0000 (0:00:00.011) 0:00:09.131 ***** ok: [sut] => { "changed": false, "rc": 0, "results": [ "firewalld-0.6.3-13.el7_9.noarch providing firewalld is already installed" ] } lsrpackages: firewalld TASK [fedora.linux_system_roles.firewall : Collect service facts] ************** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:5 Saturday 09 December 2023 05:55:17 +0000 (0:00:00.372) 0:00:09.503 ***** skipping: [sut] => { "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Attempt to stop and disable conflicting services] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:9 Saturday 09 December 2023 05:55:17 +0000 (0:00:00.016) 0:00:09.520 ***** skipping: [sut] => (item=nftables) => { "ansible_loop_var": "item", "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "item": "nftables", "skip_reason": "Conditional result was False" } skipping: [sut] => (item=iptables) => { "ansible_loop_var": "item", "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "item": "iptables", "skip_reason": "Conditional result was False" } skipping: [sut] => (item=ufw) => { "ansible_loop_var": "item", "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "item": "ufw", "skip_reason": "Conditional result was False" } skipping: [sut] => { "changed": false } MSG: All items skipped TASK [fedora.linux_system_roles.firewall : Unmask firewalld service] *********** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:22 Saturday 09 December 2023 05:55:17 +0000 (0:00:00.020) 0:00:09.540 ***** ok: [sut] => { "changed": false, "name": "firewalld", "status": { "ActiveEnterTimestamp": "Sat 2023-12-09 05:54:49 UTC", "ActiveEnterTimestampMonotonic": "445505242", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "basic.target polkit.service system.slice dbus.service", "AllowIsolate": "no", "AmbientCapabilities": "0", "AssertResult": "yes", "AssertTimestamp": "Sat 2023-12-09 05:54:48 UTC", "AssertTimestampMonotonic": "445126489", "Before": "multi-user.target network-pre.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "18446744073709551615", "BusName": "org.fedoraproject.FirewallD1", "CPUAccounting": "no", "CPUQuotaPerSecUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "18446744073709551615", "CanIsolate": "no", "CanReload": "yes", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "18446744073709551615", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Sat 2023-12-09 05:54:48 UTC", "ConditionTimestampMonotonic": "445126487", "Conflicts": "ipset.service iptables.service ip6tables.service ebtables.service shutdown.target", "ControlGroup": "/system.slice/firewalld.service", "ControlPID": "0", "DefaultDependencies": "yes", "Delegate": "no", "Description": "firewalld - dynamic firewall daemon", "DevicePolicy": "auto", "Documentation": "man:firewalld(1)", "EnvironmentFile": "/etc/sysconfig/firewalld (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "4650", "ExecMainStartTimestamp": "Sat 2023-12-09 05:54:48 UTC", "ExecMainStartTimestampMonotonic": "445134979", "ExecMainStatus": "0", "ExecReload": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStart": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; ignore_errors=no ; start_time=[Sat 2023-12-09 05:54:48 UTC] ; stop_time=[n/a] ; pid=4650 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/firewalld.service", "GuessMainPID": "yes", "IOScheduling": "0", "Id": "firewalld.service", "IgnoreOnIsolate": "no", "IgnoreOnSnapshot": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Sat 2023-12-09 05:54:48 UTC", "InactiveExitTimestampMonotonic": "445135029", "JobTimeoutAction": "none", "JobTimeoutUSec": "0", "KillMode": "mixed", "KillSignal": "15", "LimitAS": "18446744073709551615", "LimitCORE": "18446744073709551615", "LimitCPU": "18446744073709551615", "LimitDATA": "18446744073709551615", "LimitFSIZE": "18446744073709551615", "LimitLOCKS": "18446744073709551615", "LimitMEMLOCK": "65536", "LimitMSGQUEUE": "819200", "LimitNICE": "0", "LimitNOFILE": "4096", "LimitNPROC": "14311", "LimitRSS": "18446744073709551615", "LimitRTPRIO": "0", "LimitRTTIME": "18446744073709551615", "LimitSIGPENDING": "14311", "LimitSTACK": "18446744073709551615", "LoadState": "loaded", "MainPID": "4650", "MemoryAccounting": "no", "MemoryCurrent": "30732288", "MemoryLimit": "18446744073709551615", "MountFlags": "0", "Names": "firewalld.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PermissionsStartOnly": "no", "PrivateDevices": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "ProtectHome": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "Requires": "system.slice basic.target", "Restart": "no", "RestartUSec": "100ms", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "null", "StandardInput": "null", "StandardOutput": "null", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitInterval": "10000000", "StartupBlockIOWeight": "18446744073709551615", "StartupCPUShares": "18446744073709551615", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "no", "TasksCurrent": "2", "TasksMax": "18446744073709551615", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UMask": "0022", "UnitFilePreset": "enabled", "UnitFileState": "enabled", "WantedBy": "multi-user.target", "Wants": "network-pre.target", "WatchdogTimestamp": "Sat 2023-12-09 05:54:49 UTC", "WatchdogTimestampMonotonic": "445505154", "WatchdogUSec": "0" } } TASK [fedora.linux_system_roles.firewall : Enable and start firewalld service] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:28 Saturday 09 December 2023 05:55:17 +0000 (0:00:00.238) 0:00:09.779 ***** ok: [sut] => { "changed": false, "enabled": true, "name": "firewalld", "state": "started", "status": { "ActiveEnterTimestamp": "Sat 2023-12-09 05:54:49 UTC", "ActiveEnterTimestampMonotonic": "445505242", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "basic.target polkit.service system.slice dbus.service", "AllowIsolate": "no", "AmbientCapabilities": "0", "AssertResult": "yes", "AssertTimestamp": "Sat 2023-12-09 05:54:48 UTC", "AssertTimestampMonotonic": "445126489", "Before": "multi-user.target network-pre.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "18446744073709551615", "BusName": "org.fedoraproject.FirewallD1", "CPUAccounting": "no", "CPUQuotaPerSecUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "18446744073709551615", "CanIsolate": "no", "CanReload": "yes", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "18446744073709551615", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Sat 2023-12-09 05:54:48 UTC", "ConditionTimestampMonotonic": "445126487", "Conflicts": "ipset.service iptables.service ip6tables.service ebtables.service shutdown.target", "ControlGroup": "/system.slice/firewalld.service", "ControlPID": "0", "DefaultDependencies": "yes", "Delegate": "no", "Description": "firewalld - dynamic firewall daemon", "DevicePolicy": "auto", "Documentation": "man:firewalld(1)", "EnvironmentFile": "/etc/sysconfig/firewalld (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "4650", "ExecMainStartTimestamp": "Sat 2023-12-09 05:54:48 UTC", "ExecMainStartTimestampMonotonic": "445134979", "ExecMainStatus": "0", "ExecReload": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStart": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; ignore_errors=no ; start_time=[Sat 2023-12-09 05:54:48 UTC] ; stop_time=[n/a] ; pid=4650 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/firewalld.service", "GuessMainPID": "yes", "IOScheduling": "0", "Id": "firewalld.service", "IgnoreOnIsolate": "no", "IgnoreOnSnapshot": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Sat 2023-12-09 05:54:48 UTC", "InactiveExitTimestampMonotonic": "445135029", "JobTimeoutAction": "none", "JobTimeoutUSec": "0", "KillMode": "mixed", "KillSignal": "15", "LimitAS": "18446744073709551615", "LimitCORE": "18446744073709551615", "LimitCPU": "18446744073709551615", "LimitDATA": "18446744073709551615", "LimitFSIZE": "18446744073709551615", "LimitLOCKS": "18446744073709551615", "LimitMEMLOCK": "65536", "LimitMSGQUEUE": "819200", "LimitNICE": "0", "LimitNOFILE": "4096", "LimitNPROC": "14311", "LimitRSS": "18446744073709551615", "LimitRTPRIO": "0", "LimitRTTIME": "18446744073709551615", "LimitSIGPENDING": "14311", "LimitSTACK": "18446744073709551615", "LoadState": "loaded", "MainPID": "4650", "MemoryAccounting": "no", "MemoryCurrent": "30732288", "MemoryLimit": "18446744073709551615", "MountFlags": "0", "Names": "firewalld.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PermissionsStartOnly": "no", "PrivateDevices": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "ProtectHome": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "Requires": "system.slice basic.target", "Restart": "no", "RestartUSec": "100ms", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "null", "StandardInput": "null", "StandardOutput": "null", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitInterval": "10000000", "StartupBlockIOWeight": "18446744073709551615", "StartupCPUShares": "18446744073709551615", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "no", "TasksCurrent": "2", "TasksMax": "18446744073709551615", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UMask": "0022", "UnitFilePreset": "enabled", "UnitFileState": "enabled", "WantedBy": "multi-user.target", "Wants": "network-pre.target", "WatchdogTimestamp": "Sat 2023-12-09 05:54:49 UTC", "WatchdogTimestampMonotonic": "445505154", "WatchdogUSec": "0" } } TASK [fedora.linux_system_roles.firewall : Check if previous replaced is defined] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:34 Saturday 09 December 2023 05:55:17 +0000 (0:00:00.250) 0:00:10.029 ***** ok: [sut] => { "ansible_facts": { "__firewall_previous_replaced": false, "__firewall_python_cmd": "/usr/bin/python2", "__firewall_report_changed": true }, "changed": false } TASK [fedora.linux_system_roles.firewall : Get config files, checksums before and remove] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:43 Saturday 09 December 2023 05:55:17 +0000 (0:00:00.030) 0:00:10.059 ***** skipping: [sut] => { "changed": false, "false_condition": "__firewall_previous_replaced | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Tell firewall module it is able to report changed] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:55 Saturday 09 December 2023 05:55:17 +0000 (0:00:00.020) 0:00:10.080 ***** skipping: [sut] => { "changed": false, "false_condition": "__firewall_previous_replaced | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Configure firewall] ***************** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:71 Saturday 09 December 2023 05:55:17 +0000 (0:00:00.026) 0:00:10.107 ***** changed: [sut] => (item={'ipset': 'customipset', 'ipset_entries': ['8.8.8.8', '127.0.0.1'], 'state': 'absent', 'permanent': True}) => { "__firewall_changed": true, "ansible_loop_var": "item", "changed": true, "item": { "ipset": "customipset", "ipset_entries": [ "8.8.8.8", "127.0.0.1" ], "permanent": true, "state": "absent" } } TASK [fedora.linux_system_roles.firewall : Gather firewall config information] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:120 Saturday 09 December 2023 05:55:18 +0000 (0:00:00.727) 0:00:10.835 ***** skipping: [sut] => (item={'ipset': 'customipset', 'ipset_entries': ['8.8.8.8', '127.0.0.1'], 'state': 'absent', 'permanent': True}) => { "ansible_loop_var": "item", "changed": false, "false_condition": "'detailed' in fw[0]", "item": { "ipset": "customipset", "ipset_entries": [ "8.8.8.8", "127.0.0.1" ], "permanent": true, "state": "absent" }, "skip_reason": "Conditional result was False" } skipping: [sut] => { "changed": false } MSG: All items skipped TASK [fedora.linux_system_roles.firewall : Update firewalld_config fact] ******* task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:130 Saturday 09 December 2023 05:55:18 +0000 (0:00:00.025) 0:00:10.861 ***** skipping: [sut] => { "changed": false, "false_condition": "'detailed' in fw[0]", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Gather firewall config if no arguments] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:139 Saturday 09 December 2023 05:55:18 +0000 (0:00:00.020) 0:00:10.881 ***** skipping: [sut] => { "changed": false, "false_condition": "firewall == None or firewall | length == 0", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Update firewalld_config fact] ******* task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:144 Saturday 09 December 2023 05:55:18 +0000 (0:00:00.017) 0:00:10.898 ***** skipping: [sut] => { "changed": false, "false_condition": "firewall == None or firewall | length == 0", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Get config files, checksums after] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:153 Saturday 09 December 2023 05:55:18 +0000 (0:00:00.016) 0:00:10.915 ***** skipping: [sut] => { "changed": false, "false_condition": "__firewall_previous_replaced | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Calculate what has changed] ********* task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:163 Saturday 09 December 2023 05:55:18 +0000 (0:00:00.016) 0:00:10.932 ***** skipping: [sut] => { "changed": false, "false_condition": "__firewall_previous_replaced | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Show diffs] ************************* task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:169 Saturday 09 December 2023 05:55:18 +0000 (0:00:00.019) 0:00:10.952 ***** skipping: [sut] => { "false_condition": "__firewall_previous_replaced | bool" } TASK [Check that custom ipset not removed] ************************************* task path: /WORKDIR/git-weekly-cis_1i3qav/tests/tests_ipsets.yml:88 Saturday 09 December 2023 05:55:18 +0000 (0:00:00.019) 0:00:10.971 ***** ok: [sut] => { "changed": false, "cmd": "set -o pipefail\nfirewall-cmd --permanent --get-ipsets | grep customipset\n", "delta": "0:00:00.311485", "end": "2023-12-09 05:55:19.215412", "failed_when_result": false, "rc": 0, "start": "2023-12-09 05:55:18.903927" } STDOUT: customipset TASK [Check that entry has been removed] *************************************** task path: /WORKDIR/git-weekly-cis_1i3qav/tests/tests_ipsets.yml:97 Saturday 09 December 2023 05:55:19 +0000 (0:00:00.473) 0:00:11.445 ***** ok: [sut] => { "changed": false, "cmd": [ "firewall-cmd", "--permanent", "--ipset", "customipset", "--query-entry", "8.8.8.8" ], "delta": "0:00:00.317577", "end": "2023-12-09 05:55:19.678491", "failed_when_result": false, "rc": 1, "start": "2023-12-09 05:55:19.360914" } STDOUT: no MSG: non-zero return code TASK [Test update short and description] *************************************** task path: /WORKDIR/git-weekly-cis_1i3qav/tests/tests_ipsets.yml:104 Saturday 09 December 2023 05:55:19 +0000 (0:00:00.464) 0:00:11.910 ***** TASK [fedora.linux_system_roles.firewall : Setup firewalld] ******************** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:2 Saturday 09 December 2023 05:55:19 +0000 (0:00:00.052) 0:00:11.962 ***** included: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml for sut TASK [fedora.linux_system_roles.firewall : Ensure ansible_facts used by role] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:2 Saturday 09 December 2023 05:55:19 +0000 (0:00:00.014) 0:00:11.977 ***** skipping: [sut] => { "changed": false, "false_condition": "__firewall_required_facts | difference(ansible_facts.keys() | list) | length > 0", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Check if system is ostree] ********** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:10 Saturday 09 December 2023 05:55:19 +0000 (0:00:00.048) 0:00:12.025 ***** skipping: [sut] => { "changed": false, "false_condition": "not __firewall_is_ostree is defined", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Set flag to indicate system is ostree] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:15 Saturday 09 December 2023 05:55:19 +0000 (0:00:00.016) 0:00:12.042 ***** skipping: [sut] => { "changed": false, "false_condition": "not __firewall_is_ostree is defined", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Install firewalld] ****************** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:19 Saturday 09 December 2023 05:55:19 +0000 (0:00:00.026) 0:00:12.068 ***** ok: [sut] => { "changed": false, "rc": 0, "results": [ "firewalld-0.6.3-13.el7_9.noarch providing firewalld is already installed" ] } lsrpackages: firewalld TASK [fedora.linux_system_roles.firewall : Collect service facts] ************** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:5 Saturday 09 December 2023 05:55:20 +0000 (0:00:00.388) 0:00:12.457 ***** skipping: [sut] => { "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Attempt to stop and disable conflicting services] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:9 Saturday 09 December 2023 05:55:20 +0000 (0:00:00.016) 0:00:12.473 ***** skipping: [sut] => (item=nftables) => { "ansible_loop_var": "item", "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "item": "nftables", "skip_reason": "Conditional result was False" } skipping: [sut] => (item=iptables) => { "ansible_loop_var": "item", "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "item": "iptables", "skip_reason": "Conditional result was False" } skipping: [sut] => (item=ufw) => { "ansible_loop_var": "item", "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "item": "ufw", "skip_reason": "Conditional result was False" } skipping: [sut] => { "changed": false } MSG: All items skipped TASK [fedora.linux_system_roles.firewall : Unmask firewalld service] *********** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:22 Saturday 09 December 2023 05:55:20 +0000 (0:00:00.019) 0:00:12.493 ***** ok: [sut] => { "changed": false, "name": "firewalld", "status": { "ActiveEnterTimestamp": "Sat 2023-12-09 05:54:49 UTC", "ActiveEnterTimestampMonotonic": "445505242", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "basic.target polkit.service system.slice dbus.service", "AllowIsolate": "no", "AmbientCapabilities": "0", "AssertResult": "yes", "AssertTimestamp": "Sat 2023-12-09 05:54:48 UTC", "AssertTimestampMonotonic": "445126489", "Before": "multi-user.target network-pre.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "18446744073709551615", "BusName": "org.fedoraproject.FirewallD1", "CPUAccounting": "no", "CPUQuotaPerSecUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "18446744073709551615", "CanIsolate": "no", "CanReload": "yes", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "18446744073709551615", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Sat 2023-12-09 05:54:48 UTC", "ConditionTimestampMonotonic": "445126487", "Conflicts": "ipset.service iptables.service ip6tables.service ebtables.service shutdown.target", "ControlGroup": "/system.slice/firewalld.service", "ControlPID": "0", "DefaultDependencies": "yes", "Delegate": "no", "Description": "firewalld - dynamic firewall daemon", "DevicePolicy": "auto", "Documentation": "man:firewalld(1)", "EnvironmentFile": "/etc/sysconfig/firewalld (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "4650", "ExecMainStartTimestamp": "Sat 2023-12-09 05:54:48 UTC", "ExecMainStartTimestampMonotonic": "445134979", "ExecMainStatus": "0", "ExecReload": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStart": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; ignore_errors=no ; start_time=[Sat 2023-12-09 05:54:48 UTC] ; stop_time=[n/a] ; pid=4650 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/firewalld.service", "GuessMainPID": "yes", "IOScheduling": "0", "Id": "firewalld.service", "IgnoreOnIsolate": "no", "IgnoreOnSnapshot": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Sat 2023-12-09 05:54:48 UTC", "InactiveExitTimestampMonotonic": "445135029", "JobTimeoutAction": "none", "JobTimeoutUSec": "0", "KillMode": "mixed", "KillSignal": "15", "LimitAS": "18446744073709551615", "LimitCORE": "18446744073709551615", "LimitCPU": "18446744073709551615", "LimitDATA": "18446744073709551615", "LimitFSIZE": "18446744073709551615", "LimitLOCKS": "18446744073709551615", "LimitMEMLOCK": "65536", "LimitMSGQUEUE": "819200", "LimitNICE": "0", "LimitNOFILE": "4096", "LimitNPROC": "14311", "LimitRSS": "18446744073709551615", "LimitRTPRIO": "0", "LimitRTTIME": "18446744073709551615", "LimitSIGPENDING": "14311", "LimitSTACK": "18446744073709551615", "LoadState": "loaded", "MainPID": "4650", "MemoryAccounting": "no", "MemoryCurrent": "30728192", "MemoryLimit": "18446744073709551615", "MountFlags": "0", "Names": "firewalld.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PermissionsStartOnly": "no", "PrivateDevices": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "ProtectHome": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "Requires": "system.slice basic.target", "Restart": "no", "RestartUSec": "100ms", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "null", "StandardInput": "null", "StandardOutput": "null", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitInterval": "10000000", "StartupBlockIOWeight": "18446744073709551615", "StartupCPUShares": "18446744073709551615", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "no", "TasksCurrent": "2", "TasksMax": "18446744073709551615", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UMask": "0022", "UnitFilePreset": "enabled", "UnitFileState": "enabled", "WantedBy": "multi-user.target", "Wants": "network-pre.target", "WatchdogTimestamp": "Sat 2023-12-09 05:54:49 UTC", "WatchdogTimestampMonotonic": "445505154", "WatchdogUSec": "0" } } TASK [fedora.linux_system_roles.firewall : Enable and start firewalld service] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:28 Saturday 09 December 2023 05:55:20 +0000 (0:00:00.286) 0:00:12.779 ***** ok: [sut] => { "changed": false, "enabled": true, "name": "firewalld", "state": "started", "status": { "ActiveEnterTimestamp": "Sat 2023-12-09 05:54:49 UTC", "ActiveEnterTimestampMonotonic": "445505242", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "basic.target polkit.service system.slice dbus.service", "AllowIsolate": "no", "AmbientCapabilities": "0", "AssertResult": "yes", "AssertTimestamp": "Sat 2023-12-09 05:54:48 UTC", "AssertTimestampMonotonic": "445126489", "Before": "multi-user.target network-pre.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "18446744073709551615", "BusName": "org.fedoraproject.FirewallD1", "CPUAccounting": "no", "CPUQuotaPerSecUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "18446744073709551615", "CanIsolate": "no", "CanReload": "yes", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "18446744073709551615", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Sat 2023-12-09 05:54:48 UTC", "ConditionTimestampMonotonic": "445126487", "Conflicts": "ipset.service iptables.service ip6tables.service ebtables.service shutdown.target", "ControlGroup": "/system.slice/firewalld.service", "ControlPID": "0", "DefaultDependencies": "yes", "Delegate": "no", "Description": "firewalld - dynamic firewall daemon", "DevicePolicy": "auto", "Documentation": "man:firewalld(1)", "EnvironmentFile": "/etc/sysconfig/firewalld (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "4650", "ExecMainStartTimestamp": "Sat 2023-12-09 05:54:48 UTC", "ExecMainStartTimestampMonotonic": "445134979", "ExecMainStatus": "0", "ExecReload": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStart": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; ignore_errors=no ; start_time=[Sat 2023-12-09 05:54:48 UTC] ; stop_time=[n/a] ; pid=4650 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/firewalld.service", "GuessMainPID": "yes", "IOScheduling": "0", "Id": "firewalld.service", "IgnoreOnIsolate": "no", "IgnoreOnSnapshot": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Sat 2023-12-09 05:54:48 UTC", "InactiveExitTimestampMonotonic": "445135029", "JobTimeoutAction": "none", "JobTimeoutUSec": "0", "KillMode": "mixed", "KillSignal": "15", "LimitAS": "18446744073709551615", "LimitCORE": "18446744073709551615", "LimitCPU": "18446744073709551615", "LimitDATA": "18446744073709551615", "LimitFSIZE": "18446744073709551615", "LimitLOCKS": "18446744073709551615", "LimitMEMLOCK": "65536", "LimitMSGQUEUE": "819200", "LimitNICE": "0", "LimitNOFILE": "4096", "LimitNPROC": "14311", "LimitRSS": "18446744073709551615", "LimitRTPRIO": "0", "LimitRTTIME": "18446744073709551615", "LimitSIGPENDING": "14311", "LimitSTACK": "18446744073709551615", "LoadState": "loaded", "MainPID": "4650", "MemoryAccounting": "no", "MemoryCurrent": "30728192", "MemoryLimit": "18446744073709551615", "MountFlags": "0", "Names": "firewalld.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PermissionsStartOnly": "no", "PrivateDevices": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "ProtectHome": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "Requires": "system.slice basic.target", "Restart": "no", "RestartUSec": "100ms", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "null", "StandardInput": "null", "StandardOutput": "null", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitInterval": "10000000", "StartupBlockIOWeight": "18446744073709551615", "StartupCPUShares": "18446744073709551615", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "no", "TasksCurrent": "2", "TasksMax": "18446744073709551615", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UMask": "0022", "UnitFilePreset": "enabled", "UnitFileState": "enabled", "WantedBy": "multi-user.target", "Wants": "network-pre.target", "WatchdogTimestamp": "Sat 2023-12-09 05:54:49 UTC", "WatchdogTimestampMonotonic": "445505154", "WatchdogUSec": "0" } } TASK [fedora.linux_system_roles.firewall : Check if previous replaced is defined] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:34 Saturday 09 December 2023 05:55:20 +0000 (0:00:00.247) 0:00:13.026 ***** ok: [sut] => { "ansible_facts": { "__firewall_previous_replaced": false, "__firewall_python_cmd": "/usr/bin/python2", "__firewall_report_changed": true }, "changed": false } TASK [fedora.linux_system_roles.firewall : Get config files, checksums before and remove] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:43 Saturday 09 December 2023 05:55:20 +0000 (0:00:00.024) 0:00:13.050 ***** skipping: [sut] => { "changed": false, "false_condition": "__firewall_previous_replaced | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Tell firewall module it is able to report changed] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:55 Saturday 09 December 2023 05:55:20 +0000 (0:00:00.015) 0:00:13.066 ***** skipping: [sut] => { "changed": false, "false_condition": "__firewall_previous_replaced | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Configure firewall] ***************** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:71 Saturday 09 December 2023 05:55:20 +0000 (0:00:00.015) 0:00:13.081 ***** changed: [sut] => (item={'ipset': 'customipset', 'short': 'CustomChanged', 'description': 'Custom IPSet for testing purposes (changed)', 'state': 'present', 'permanent': True}) => { "__firewall_changed": true, "ansible_loop_var": "item", "changed": true, "item": { "description": "Custom IPSet for testing purposes (changed)", "ipset": "customipset", "permanent": true, "short": "CustomChanged", "state": "present" } } TASK [fedora.linux_system_roles.firewall : Gather firewall config information] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:120 Saturday 09 December 2023 05:55:21 +0000 (0:00:00.711) 0:00:13.793 ***** skipping: [sut] => (item={'ipset': 'customipset', 'short': 'CustomChanged', 'description': 'Custom IPSet for testing purposes (changed)', 'state': 'present', 'permanent': True}) => { "ansible_loop_var": "item", "changed": false, "false_condition": "'detailed' in fw[0]", "item": { "description": "Custom IPSet for testing purposes (changed)", "ipset": "customipset", "permanent": true, "short": "CustomChanged", "state": "present" }, "skip_reason": "Conditional result was False" } skipping: [sut] => { "changed": false } MSG: All items skipped TASK [fedora.linux_system_roles.firewall : Update firewalld_config fact] ******* task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:130 Saturday 09 December 2023 05:55:21 +0000 (0:00:00.110) 0:00:13.903 ***** skipping: [sut] => { "changed": false, "false_condition": "'detailed' in fw[0]", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Gather firewall config if no arguments] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:139 Saturday 09 December 2023 05:55:21 +0000 (0:00:00.030) 0:00:13.934 ***** skipping: [sut] => { "changed": false, "false_condition": "firewall == None or firewall | length == 0", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Update firewalld_config fact] ******* task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:144 Saturday 09 December 2023 05:55:21 +0000 (0:00:00.027) 0:00:13.961 ***** skipping: [sut] => { "changed": false, "false_condition": "firewall == None or firewall | length == 0", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Get config files, checksums after] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:153 Saturday 09 December 2023 05:55:21 +0000 (0:00:00.073) 0:00:14.035 ***** skipping: [sut] => { "changed": false, "false_condition": "__firewall_previous_replaced | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Calculate what has changed] ********* task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:163 Saturday 09 December 2023 05:55:21 +0000 (0:00:00.040) 0:00:14.076 ***** skipping: [sut] => { "changed": false, "false_condition": "__firewall_previous_replaced | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Show diffs] ************************* task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:169 Saturday 09 December 2023 05:55:21 +0000 (0:00:00.059) 0:00:14.135 ***** skipping: [sut] => { "false_condition": "__firewall_previous_replaced | bool" } TASK [Verify changes] ********************************************************** task path: /WORKDIR/git-weekly-cis_1i3qav/tests/tests_ipsets.yml:115 Saturday 09 December 2023 05:55:21 +0000 (0:00:00.025) 0:00:14.161 ***** ok: [sut] => (item={'command': 'firewall-cmd --permanent --ipset customipset --get-description\n', 'expected': 'Custom IPSet for testing purposes (changed)'}) => { "ansible_loop_var": "item", "changed": false, "cmd": [ "firewall-cmd", "--permanent", "--ipset", "customipset", "--get-description" ], "delta": "0:00:00.319167", "end": "2023-12-09 05:55:22.449304", "failed_when_result": false, "item": { "command": "firewall-cmd --permanent --ipset customipset --get-description\n", "expected": "Custom IPSet for testing purposes (changed)" }, "rc": 0, "start": "2023-12-09 05:55:22.130137" } STDOUT: Custom IPSet for testing purposes (changed) ok: [sut] => (item={'command': 'firewall-cmd --permanent --ipset customipset --get-short\n', 'expected': 'CustomChanged'}) => { "ansible_loop_var": "item", "changed": false, "cmd": [ "firewall-cmd", "--permanent", "--ipset", "customipset", "--get-short" ], "delta": "0:00:00.318642", "end": "2023-12-09 05:55:22.902263", "failed_when_result": false, "item": { "command": "firewall-cmd --permanent --ipset customipset --get-short\n", "expected": "CustomChanged" }, "rc": 0, "start": "2023-12-09 05:55:22.583621" } STDOUT: CustomChanged TASK [Add ipset to default zone] *********************************************** task path: /WORKDIR/git-weekly-cis_1i3qav/tests/tests_ipsets.yml:129 Saturday 09 December 2023 05:55:22 +0000 (0:00:00.972) 0:00:15.133 ***** TASK [fedora.linux_system_roles.firewall : Setup firewalld] ******************** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:2 Saturday 09 December 2023 05:55:22 +0000 (0:00:00.059) 0:00:15.193 ***** included: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml for sut TASK [fedora.linux_system_roles.firewall : Ensure ansible_facts used by role] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:2 Saturday 09 December 2023 05:55:22 +0000 (0:00:00.013) 0:00:15.207 ***** skipping: [sut] => { "changed": false, "false_condition": "__firewall_required_facts | difference(ansible_facts.keys() | list) | length > 0", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Check if system is ostree] ********** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:10 Saturday 09 December 2023 05:55:23 +0000 (0:00:00.018) 0:00:15.225 ***** skipping: [sut] => { "changed": false, "false_condition": "not __firewall_is_ostree is defined", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Set flag to indicate system is ostree] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:15 Saturday 09 December 2023 05:55:23 +0000 (0:00:00.011) 0:00:15.237 ***** skipping: [sut] => { "changed": false, "false_condition": "not __firewall_is_ostree is defined", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Install firewalld] ****************** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:19 Saturday 09 December 2023 05:55:23 +0000 (0:00:00.011) 0:00:15.249 ***** ok: [sut] => { "changed": false, "rc": 0, "results": [ "firewalld-0.6.3-13.el7_9.noarch providing firewalld is already installed" ] } lsrpackages: firewalld TASK [fedora.linux_system_roles.firewall : Collect service facts] ************** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:5 Saturday 09 December 2023 05:55:23 +0000 (0:00:00.359) 0:00:15.608 ***** skipping: [sut] => { "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Attempt to stop and disable conflicting services] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:9 Saturday 09 December 2023 05:55:23 +0000 (0:00:00.019) 0:00:15.627 ***** skipping: [sut] => (item=nftables) => { "ansible_loop_var": "item", "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "item": "nftables", "skip_reason": "Conditional result was False" } skipping: [sut] => (item=iptables) => { "ansible_loop_var": "item", "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "item": "iptables", "skip_reason": "Conditional result was False" } skipping: [sut] => (item=ufw) => { "ansible_loop_var": "item", "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "item": "ufw", "skip_reason": "Conditional result was False" } skipping: [sut] => { "changed": false } MSG: All items skipped TASK [fedora.linux_system_roles.firewall : Unmask firewalld service] *********** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:22 Saturday 09 December 2023 05:55:23 +0000 (0:00:00.021) 0:00:15.649 ***** ok: [sut] => { "changed": false, "name": "firewalld", "status": { "ActiveEnterTimestamp": "Sat 2023-12-09 05:54:49 UTC", "ActiveEnterTimestampMonotonic": "445505242", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "basic.target polkit.service system.slice dbus.service", "AllowIsolate": "no", "AmbientCapabilities": "0", "AssertResult": "yes", "AssertTimestamp": "Sat 2023-12-09 05:54:48 UTC", "AssertTimestampMonotonic": "445126489", "Before": "multi-user.target network-pre.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "18446744073709551615", "BusName": "org.fedoraproject.FirewallD1", "CPUAccounting": "no", "CPUQuotaPerSecUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "18446744073709551615", "CanIsolate": "no", "CanReload": "yes", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "18446744073709551615", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Sat 2023-12-09 05:54:48 UTC", "ConditionTimestampMonotonic": "445126487", "Conflicts": "ipset.service iptables.service ip6tables.service ebtables.service shutdown.target", "ControlGroup": "/system.slice/firewalld.service", "ControlPID": "0", "DefaultDependencies": "yes", "Delegate": "no", "Description": "firewalld - dynamic firewall daemon", "DevicePolicy": "auto", "Documentation": "man:firewalld(1)", "EnvironmentFile": "/etc/sysconfig/firewalld (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "4650", "ExecMainStartTimestamp": "Sat 2023-12-09 05:54:48 UTC", "ExecMainStartTimestampMonotonic": "445134979", "ExecMainStatus": "0", "ExecReload": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStart": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; ignore_errors=no ; start_time=[Sat 2023-12-09 05:54:48 UTC] ; stop_time=[n/a] ; pid=4650 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/firewalld.service", "GuessMainPID": "yes", "IOScheduling": "0", "Id": "firewalld.service", "IgnoreOnIsolate": "no", "IgnoreOnSnapshot": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Sat 2023-12-09 05:54:48 UTC", "InactiveExitTimestampMonotonic": "445135029", "JobTimeoutAction": "none", "JobTimeoutUSec": "0", "KillMode": "mixed", "KillSignal": "15", "LimitAS": "18446744073709551615", "LimitCORE": "18446744073709551615", "LimitCPU": "18446744073709551615", "LimitDATA": "18446744073709551615", "LimitFSIZE": "18446744073709551615", "LimitLOCKS": "18446744073709551615", "LimitMEMLOCK": "65536", "LimitMSGQUEUE": "819200", "LimitNICE": "0", "LimitNOFILE": "4096", "LimitNPROC": "14311", "LimitRSS": "18446744073709551615", "LimitRTPRIO": "0", "LimitRTTIME": "18446744073709551615", "LimitSIGPENDING": "14311", "LimitSTACK": "18446744073709551615", "LoadState": "loaded", "MainPID": "4650", "MemoryAccounting": "no", "MemoryCurrent": "30650368", "MemoryLimit": "18446744073709551615", "MountFlags": "0", "Names": "firewalld.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PermissionsStartOnly": "no", "PrivateDevices": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "ProtectHome": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "Requires": "system.slice basic.target", "Restart": "no", "RestartUSec": "100ms", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "null", "StandardInput": "null", "StandardOutput": "null", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitInterval": "10000000", "StartupBlockIOWeight": "18446744073709551615", "StartupCPUShares": "18446744073709551615", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "no", "TasksCurrent": "2", "TasksMax": "18446744073709551615", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UMask": "0022", "UnitFilePreset": "enabled", "UnitFileState": "enabled", "WantedBy": "multi-user.target", "Wants": "network-pre.target", "WatchdogTimestamp": "Sat 2023-12-09 05:54:49 UTC", "WatchdogTimestampMonotonic": "445505154", "WatchdogUSec": "0" } } TASK [fedora.linux_system_roles.firewall : Enable and start firewalld service] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:28 Saturday 09 December 2023 05:55:23 +0000 (0:00:00.243) 0:00:15.892 ***** ok: [sut] => { "changed": false, "enabled": true, "name": "firewalld", "state": "started", "status": { "ActiveEnterTimestamp": "Sat 2023-12-09 05:54:49 UTC", "ActiveEnterTimestampMonotonic": "445505242", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "basic.target polkit.service system.slice dbus.service", "AllowIsolate": "no", "AmbientCapabilities": "0", "AssertResult": "yes", "AssertTimestamp": "Sat 2023-12-09 05:54:48 UTC", "AssertTimestampMonotonic": "445126489", "Before": "multi-user.target network-pre.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "18446744073709551615", "BusName": "org.fedoraproject.FirewallD1", "CPUAccounting": "no", "CPUQuotaPerSecUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "18446744073709551615", "CanIsolate": "no", "CanReload": "yes", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "18446744073709551615", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Sat 2023-12-09 05:54:48 UTC", "ConditionTimestampMonotonic": "445126487", "Conflicts": "ipset.service iptables.service ip6tables.service ebtables.service shutdown.target", "ControlGroup": "/system.slice/firewalld.service", "ControlPID": "0", "DefaultDependencies": "yes", "Delegate": "no", "Description": "firewalld - dynamic firewall daemon", "DevicePolicy": "auto", "Documentation": "man:firewalld(1)", "EnvironmentFile": "/etc/sysconfig/firewalld (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "4650", "ExecMainStartTimestamp": "Sat 2023-12-09 05:54:48 UTC", "ExecMainStartTimestampMonotonic": "445134979", "ExecMainStatus": "0", "ExecReload": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStart": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; ignore_errors=no ; start_time=[Sat 2023-12-09 05:54:48 UTC] ; stop_time=[n/a] ; pid=4650 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/firewalld.service", "GuessMainPID": "yes", "IOScheduling": "0", "Id": "firewalld.service", "IgnoreOnIsolate": "no", "IgnoreOnSnapshot": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Sat 2023-12-09 05:54:48 UTC", "InactiveExitTimestampMonotonic": "445135029", "JobTimeoutAction": "none", "JobTimeoutUSec": "0", "KillMode": "mixed", "KillSignal": "15", "LimitAS": "18446744073709551615", "LimitCORE": "18446744073709551615", "LimitCPU": "18446744073709551615", "LimitDATA": "18446744073709551615", "LimitFSIZE": "18446744073709551615", "LimitLOCKS": "18446744073709551615", "LimitMEMLOCK": "65536", "LimitMSGQUEUE": "819200", "LimitNICE": "0", "LimitNOFILE": "4096", "LimitNPROC": "14311", "LimitRSS": "18446744073709551615", "LimitRTPRIO": "0", "LimitRTTIME": "18446744073709551615", "LimitSIGPENDING": "14311", "LimitSTACK": "18446744073709551615", "LoadState": "loaded", "MainPID": "4650", "MemoryAccounting": "no", "MemoryCurrent": "30650368", "MemoryLimit": "18446744073709551615", "MountFlags": "0", "Names": "firewalld.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PermissionsStartOnly": "no", "PrivateDevices": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "ProtectHome": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "Requires": "system.slice basic.target", "Restart": "no", "RestartUSec": "100ms", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "null", "StandardInput": "null", "StandardOutput": "null", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitInterval": "10000000", "StartupBlockIOWeight": "18446744073709551615", "StartupCPUShares": "18446744073709551615", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "no", "TasksCurrent": "2", "TasksMax": "18446744073709551615", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UMask": "0022", "UnitFilePreset": "enabled", "UnitFileState": "enabled", "WantedBy": "multi-user.target", "Wants": "network-pre.target", "WatchdogTimestamp": "Sat 2023-12-09 05:54:49 UTC", "WatchdogTimestampMonotonic": "445505154", "WatchdogUSec": "0" } } TASK [fedora.linux_system_roles.firewall : Check if previous replaced is defined] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:34 Saturday 09 December 2023 05:55:23 +0000 (0:00:00.237) 0:00:16.130 ***** ok: [sut] => { "ansible_facts": { "__firewall_previous_replaced": false, "__firewall_python_cmd": "/usr/bin/python2", "__firewall_report_changed": true }, "changed": false } TASK [fedora.linux_system_roles.firewall : Get config files, checksums before and remove] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:43 Saturday 09 December 2023 05:55:23 +0000 (0:00:00.025) 0:00:16.156 ***** skipping: [sut] => { "changed": false, "false_condition": "__firewall_previous_replaced | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Tell firewall module it is able to report changed] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:55 Saturday 09 December 2023 05:55:23 +0000 (0:00:00.043) 0:00:16.200 ***** skipping: [sut] => { "changed": false, "false_condition": "__firewall_previous_replaced | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Configure firewall] ***************** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:71 Saturday 09 December 2023 05:55:24 +0000 (0:00:00.018) 0:00:16.218 ***** changed: [sut] => (item={'source': 'ipset:customipset', 'state': 'enabled', 'runtime': True}) => { "__firewall_changed": true, "ansible_loop_var": "item", "changed": true, "item": { "runtime": true, "source": "ipset:customipset", "state": "enabled" } } TASK [fedora.linux_system_roles.firewall : Gather firewall config information] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:120 Saturday 09 December 2023 05:55:24 +0000 (0:00:00.446) 0:00:16.664 ***** skipping: [sut] => (item={'source': 'ipset:customipset', 'state': 'enabled', 'runtime': True}) => { "ansible_loop_var": "item", "changed": false, "false_condition": "'detailed' in fw[0]", "item": { "runtime": true, "source": "ipset:customipset", "state": "enabled" }, "skip_reason": "Conditional result was False" } skipping: [sut] => { "changed": false } MSG: All items skipped TASK [fedora.linux_system_roles.firewall : Update firewalld_config fact] ******* task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:130 Saturday 09 December 2023 05:55:24 +0000 (0:00:00.031) 0:00:16.696 ***** skipping: [sut] => { "changed": false, "false_condition": "'detailed' in fw[0]", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Gather firewall config if no arguments] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:139 Saturday 09 December 2023 05:55:24 +0000 (0:00:00.030) 0:00:16.726 ***** skipping: [sut] => { "changed": false, "false_condition": "firewall == None or firewall | length == 0", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Update firewalld_config fact] ******* task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:144 Saturday 09 December 2023 05:55:24 +0000 (0:00:00.036) 0:00:16.763 ***** skipping: [sut] => { "changed": false, "false_condition": "firewall == None or firewall | length == 0", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Get config files, checksums after] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:153 Saturday 09 December 2023 05:55:24 +0000 (0:00:00.038) 0:00:16.802 ***** skipping: [sut] => { "changed": false, "false_condition": "__firewall_previous_replaced | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Calculate what has changed] ********* task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:163 Saturday 09 December 2023 05:55:24 +0000 (0:00:00.016) 0:00:16.818 ***** skipping: [sut] => { "changed": false, "false_condition": "__firewall_previous_replaced | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Show diffs] ************************* task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:169 Saturday 09 December 2023 05:55:24 +0000 (0:00:00.025) 0:00:16.844 ***** skipping: [sut] => { "false_condition": "__firewall_previous_replaced | bool" } TASK [Add ipset to default zone again] ***************************************** task path: /WORKDIR/git-weekly-cis_1i3qav/tests/tests_ipsets.yml:138 Saturday 09 December 2023 05:55:24 +0000 (0:00:00.044) 0:00:16.889 ***** TASK [fedora.linux_system_roles.firewall : Setup firewalld] ******************** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:2 Saturday 09 December 2023 05:55:24 +0000 (0:00:00.089) 0:00:16.978 ***** included: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml for sut TASK [fedora.linux_system_roles.firewall : Ensure ansible_facts used by role] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:2 Saturday 09 December 2023 05:55:24 +0000 (0:00:00.015) 0:00:16.993 ***** skipping: [sut] => { "changed": false, "false_condition": "__firewall_required_facts | difference(ansible_facts.keys() | list) | length > 0", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Check if system is ostree] ********** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:10 Saturday 09 December 2023 05:55:24 +0000 (0:00:00.026) 0:00:17.020 ***** skipping: [sut] => { "changed": false, "false_condition": "not __firewall_is_ostree is defined", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Set flag to indicate system is ostree] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:15 Saturday 09 December 2023 05:55:24 +0000 (0:00:00.017) 0:00:17.038 ***** skipping: [sut] => { "changed": false, "false_condition": "not __firewall_is_ostree is defined", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Install firewalld] ****************** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:19 Saturday 09 December 2023 05:55:24 +0000 (0:00:00.030) 0:00:17.069 ***** ok: [sut] => { "changed": false, "rc": 0, "results": [ "firewalld-0.6.3-13.el7_9.noarch providing firewalld is already installed" ] } lsrpackages: firewalld TASK [fedora.linux_system_roles.firewall : Collect service facts] ************** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:5 Saturday 09 December 2023 05:55:25 +0000 (0:00:00.521) 0:00:17.590 ***** skipping: [sut] => { "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Attempt to stop and disable conflicting services] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:9 Saturday 09 December 2023 05:55:25 +0000 (0:00:00.018) 0:00:17.609 ***** skipping: [sut] => (item=nftables) => { "ansible_loop_var": "item", "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "item": "nftables", "skip_reason": "Conditional result was False" } skipping: [sut] => (item=iptables) => { "ansible_loop_var": "item", "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "item": "iptables", "skip_reason": "Conditional result was False" } skipping: [sut] => (item=ufw) => { "ansible_loop_var": "item", "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "item": "ufw", "skip_reason": "Conditional result was False" } skipping: [sut] => { "changed": false } MSG: All items skipped TASK [fedora.linux_system_roles.firewall : Unmask firewalld service] *********** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:22 Saturday 09 December 2023 05:55:25 +0000 (0:00:00.030) 0:00:17.640 ***** ok: [sut] => { "changed": false, "name": "firewalld", "status": { "ActiveEnterTimestamp": "Sat 2023-12-09 05:54:49 UTC", "ActiveEnterTimestampMonotonic": "445505242", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "basic.target polkit.service system.slice dbus.service", "AllowIsolate": "no", "AmbientCapabilities": "0", "AssertResult": "yes", "AssertTimestamp": "Sat 2023-12-09 05:54:48 UTC", "AssertTimestampMonotonic": "445126489", "Before": "multi-user.target network-pre.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "18446744073709551615", "BusName": "org.fedoraproject.FirewallD1", "CPUAccounting": "no", "CPUQuotaPerSecUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "18446744073709551615", "CanIsolate": "no", "CanReload": "yes", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "18446744073709551615", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Sat 2023-12-09 05:54:48 UTC", "ConditionTimestampMonotonic": "445126487", "Conflicts": "ipset.service iptables.service ip6tables.service ebtables.service shutdown.target", "ControlGroup": "/system.slice/firewalld.service", "ControlPID": "0", "DefaultDependencies": "yes", "Delegate": "no", "Description": "firewalld - dynamic firewall daemon", "DevicePolicy": "auto", "Documentation": "man:firewalld(1)", "EnvironmentFile": "/etc/sysconfig/firewalld (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "4650", "ExecMainStartTimestamp": "Sat 2023-12-09 05:54:48 UTC", "ExecMainStartTimestampMonotonic": "445134979", "ExecMainStatus": "0", "ExecReload": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStart": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; ignore_errors=no ; start_time=[Sat 2023-12-09 05:54:48 UTC] ; stop_time=[n/a] ; pid=4650 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/firewalld.service", "GuessMainPID": "yes", "IOScheduling": "0", "Id": "firewalld.service", "IgnoreOnIsolate": "no", "IgnoreOnSnapshot": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Sat 2023-12-09 05:54:48 UTC", "InactiveExitTimestampMonotonic": "445135029", "JobTimeoutAction": "none", "JobTimeoutUSec": "0", "KillMode": "mixed", "KillSignal": "15", "LimitAS": "18446744073709551615", "LimitCORE": "18446744073709551615", "LimitCPU": "18446744073709551615", "LimitDATA": "18446744073709551615", "LimitFSIZE": "18446744073709551615", "LimitLOCKS": "18446744073709551615", "LimitMEMLOCK": "65536", "LimitMSGQUEUE": "819200", "LimitNICE": "0", "LimitNOFILE": "4096", "LimitNPROC": "14311", "LimitRSS": "18446744073709551615", "LimitRTPRIO": "0", "LimitRTTIME": "18446744073709551615", "LimitSIGPENDING": "14311", "LimitSTACK": "18446744073709551615", "LoadState": "loaded", "MainPID": "4650", "MemoryAccounting": "no", "MemoryCurrent": "30756864", "MemoryLimit": "18446744073709551615", "MountFlags": "0", "Names": "firewalld.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PermissionsStartOnly": "no", "PrivateDevices": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "ProtectHome": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "Requires": "system.slice basic.target", "Restart": "no", "RestartUSec": "100ms", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "null", "StandardInput": "null", "StandardOutput": "null", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitInterval": "10000000", "StartupBlockIOWeight": "18446744073709551615", "StartupCPUShares": "18446744073709551615", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "no", "TasksCurrent": "2", "TasksMax": "18446744073709551615", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UMask": "0022", "UnitFilePreset": "enabled", "UnitFileState": "enabled", "WantedBy": "multi-user.target", "Wants": "network-pre.target", "WatchdogTimestamp": "Sat 2023-12-09 05:54:49 UTC", "WatchdogTimestampMonotonic": "445505154", "WatchdogUSec": "0" } } TASK [fedora.linux_system_roles.firewall : Enable and start firewalld service] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:28 Saturday 09 December 2023 05:55:25 +0000 (0:00:00.251) 0:00:17.892 ***** ok: [sut] => { "changed": false, "enabled": true, "name": "firewalld", "state": "started", "status": { "ActiveEnterTimestamp": "Sat 2023-12-09 05:54:49 UTC", "ActiveEnterTimestampMonotonic": "445505242", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "basic.target polkit.service system.slice dbus.service", "AllowIsolate": "no", "AmbientCapabilities": "0", "AssertResult": "yes", "AssertTimestamp": "Sat 2023-12-09 05:54:48 UTC", "AssertTimestampMonotonic": "445126489", "Before": "multi-user.target network-pre.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "18446744073709551615", "BusName": "org.fedoraproject.FirewallD1", "CPUAccounting": "no", "CPUQuotaPerSecUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "18446744073709551615", "CanIsolate": "no", "CanReload": "yes", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "18446744073709551615", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Sat 2023-12-09 05:54:48 UTC", "ConditionTimestampMonotonic": "445126487", "Conflicts": "ipset.service iptables.service ip6tables.service ebtables.service shutdown.target", "ControlGroup": "/system.slice/firewalld.service", "ControlPID": "0", "DefaultDependencies": "yes", "Delegate": "no", "Description": "firewalld - dynamic firewall daemon", "DevicePolicy": "auto", "Documentation": "man:firewalld(1)", "EnvironmentFile": "/etc/sysconfig/firewalld (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "4650", "ExecMainStartTimestamp": "Sat 2023-12-09 05:54:48 UTC", "ExecMainStartTimestampMonotonic": "445134979", "ExecMainStatus": "0", "ExecReload": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStart": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; ignore_errors=no ; start_time=[Sat 2023-12-09 05:54:48 UTC] ; stop_time=[n/a] ; pid=4650 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/firewalld.service", "GuessMainPID": "yes", "IOScheduling": "0", "Id": "firewalld.service", "IgnoreOnIsolate": "no", "IgnoreOnSnapshot": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Sat 2023-12-09 05:54:48 UTC", "InactiveExitTimestampMonotonic": "445135029", "JobTimeoutAction": "none", "JobTimeoutUSec": "0", "KillMode": "mixed", "KillSignal": "15", "LimitAS": "18446744073709551615", "LimitCORE": "18446744073709551615", "LimitCPU": "18446744073709551615", "LimitDATA": "18446744073709551615", "LimitFSIZE": "18446744073709551615", "LimitLOCKS": "18446744073709551615", "LimitMEMLOCK": "65536", "LimitMSGQUEUE": "819200", "LimitNICE": "0", "LimitNOFILE": "4096", "LimitNPROC": "14311", "LimitRSS": "18446744073709551615", "LimitRTPRIO": "0", "LimitRTTIME": "18446744073709551615", "LimitSIGPENDING": "14311", "LimitSTACK": "18446744073709551615", "LoadState": "loaded", "MainPID": "4650", "MemoryAccounting": "no", "MemoryCurrent": "30756864", "MemoryLimit": "18446744073709551615", "MountFlags": "0", "Names": "firewalld.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PermissionsStartOnly": "no", "PrivateDevices": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "ProtectHome": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "Requires": "system.slice basic.target", "Restart": "no", "RestartUSec": "100ms", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "null", "StandardInput": "null", "StandardOutput": "null", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitInterval": "10000000", "StartupBlockIOWeight": "18446744073709551615", "StartupCPUShares": "18446744073709551615", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "no", "TasksCurrent": "2", "TasksMax": "18446744073709551615", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UMask": "0022", "UnitFilePreset": "enabled", "UnitFileState": "enabled", "WantedBy": "multi-user.target", "Wants": "network-pre.target", "WatchdogTimestamp": "Sat 2023-12-09 05:54:49 UTC", "WatchdogTimestampMonotonic": "445505154", "WatchdogUSec": "0" } } TASK [fedora.linux_system_roles.firewall : Check if previous replaced is defined] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:34 Saturday 09 December 2023 05:55:25 +0000 (0:00:00.278) 0:00:18.170 ***** ok: [sut] => { "ansible_facts": { "__firewall_previous_replaced": false, "__firewall_python_cmd": "/usr/bin/python2", "__firewall_report_changed": true }, "changed": false } TASK [fedora.linux_system_roles.firewall : Get config files, checksums before and remove] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:43 Saturday 09 December 2023 05:55:25 +0000 (0:00:00.031) 0:00:18.201 ***** skipping: [sut] => { "changed": false, "false_condition": "__firewall_previous_replaced | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Tell firewall module it is able to report changed] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:55 Saturday 09 December 2023 05:55:26 +0000 (0:00:00.028) 0:00:18.230 ***** skipping: [sut] => { "changed": false, "false_condition": "__firewall_previous_replaced | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Configure firewall] ***************** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:71 Saturday 09 December 2023 05:55:26 +0000 (0:00:00.017) 0:00:18.247 ***** ok: [sut] => (item={'source': 'ipset:customipset', 'state': 'enabled', 'runtime': True}) => { "__firewall_changed": false, "ansible_loop_var": "item", "changed": false, "item": { "runtime": true, "source": "ipset:customipset", "state": "enabled" } } TASK [fedora.linux_system_roles.firewall : Gather firewall config information] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:120 Saturday 09 December 2023 05:55:26 +0000 (0:00:00.464) 0:00:18.712 ***** skipping: [sut] => (item={'source': 'ipset:customipset', 'state': 'enabled', 'runtime': True}) => { "ansible_loop_var": "item", "changed": false, "false_condition": "'detailed' in fw[0]", "item": { "runtime": true, "source": "ipset:customipset", "state": "enabled" }, "skip_reason": "Conditional result was False" } skipping: [sut] => { "changed": false } MSG: All items skipped TASK [fedora.linux_system_roles.firewall : Update firewalld_config fact] ******* task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:130 Saturday 09 December 2023 05:55:26 +0000 (0:00:00.048) 0:00:18.760 ***** skipping: [sut] => { "changed": false, "false_condition": "'detailed' in fw[0]", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Gather firewall config if no arguments] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:139 Saturday 09 December 2023 05:55:26 +0000 (0:00:00.022) 0:00:18.782 ***** skipping: [sut] => { "changed": false, "false_condition": "firewall == None or firewall | length == 0", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Update firewalld_config fact] ******* task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:144 Saturday 09 December 2023 05:55:26 +0000 (0:00:00.024) 0:00:18.807 ***** skipping: [sut] => { "changed": false, "false_condition": "firewall == None or firewall | length == 0", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Get config files, checksums after] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:153 Saturday 09 December 2023 05:55:26 +0000 (0:00:00.135) 0:00:18.943 ***** skipping: [sut] => { "changed": false, "false_condition": "__firewall_previous_replaced | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Calculate what has changed] ********* task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:163 Saturday 09 December 2023 05:55:26 +0000 (0:00:00.072) 0:00:19.015 ***** skipping: [sut] => { "changed": false, "false_condition": "__firewall_previous_replaced | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Show diffs] ************************* task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:169 Saturday 09 December 2023 05:55:26 +0000 (0:00:00.044) 0:00:19.059 ***** skipping: [sut] => { "false_condition": "__firewall_previous_replaced | bool" } TASK [Fail if adding ipset is not idempotent (runtime)] ************************ task path: /WORKDIR/git-weekly-cis_1i3qav/tests/tests_ipsets.yml:148 Saturday 09 December 2023 05:55:26 +0000 (0:00:00.065) 0:00:19.125 ***** skipping: [sut] => { "changed": false, "false_condition": "result.changed | bool", "skip_reason": "Conditional result was False" } TASK [Add ipset to default zone (permanent)] *********************************** task path: /WORKDIR/git-weekly-cis_1i3qav/tests/tests_ipsets.yml:153 Saturday 09 December 2023 05:55:26 +0000 (0:00:00.016) 0:00:19.141 ***** TASK [fedora.linux_system_roles.firewall : Setup firewalld] ******************** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:2 Saturday 09 December 2023 05:55:26 +0000 (0:00:00.060) 0:00:19.202 ***** included: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml for sut TASK [fedora.linux_system_roles.firewall : Ensure ansible_facts used by role] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:2 Saturday 09 December 2023 05:55:27 +0000 (0:00:00.012) 0:00:19.214 ***** skipping: [sut] => { "changed": false, "false_condition": "__firewall_required_facts | difference(ansible_facts.keys() | list) | length > 0", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Check if system is ostree] ********** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:10 Saturday 09 December 2023 05:55:27 +0000 (0:00:00.024) 0:00:19.238 ***** skipping: [sut] => { "changed": false, "false_condition": "not __firewall_is_ostree is defined", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Set flag to indicate system is ostree] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:15 Saturday 09 December 2023 05:55:27 +0000 (0:00:00.013) 0:00:19.251 ***** skipping: [sut] => { "changed": false, "false_condition": "not __firewall_is_ostree is defined", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Install firewalld] ****************** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:19 Saturday 09 December 2023 05:55:27 +0000 (0:00:00.012) 0:00:19.263 ***** ok: [sut] => { "changed": false, "rc": 0, "results": [ "firewalld-0.6.3-13.el7_9.noarch providing firewalld is already installed" ] } lsrpackages: firewalld TASK [fedora.linux_system_roles.firewall : Collect service facts] ************** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:5 Saturday 09 December 2023 05:55:27 +0000 (0:00:00.374) 0:00:19.638 ***** skipping: [sut] => { "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Attempt to stop and disable conflicting services] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:9 Saturday 09 December 2023 05:55:27 +0000 (0:00:00.023) 0:00:19.661 ***** skipping: [sut] => (item=nftables) => { "ansible_loop_var": "item", "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "item": "nftables", "skip_reason": "Conditional result was False" } skipping: [sut] => (item=iptables) => { "ansible_loop_var": "item", "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "item": "iptables", "skip_reason": "Conditional result was False" } skipping: [sut] => (item=ufw) => { "ansible_loop_var": "item", "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "item": "ufw", "skip_reason": "Conditional result was False" } skipping: [sut] => { "changed": false } MSG: All items skipped TASK [fedora.linux_system_roles.firewall : Unmask firewalld service] *********** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:22 Saturday 09 December 2023 05:55:27 +0000 (0:00:00.040) 0:00:19.702 ***** ok: [sut] => { "changed": false, "name": "firewalld", "status": { "ActiveEnterTimestamp": "Sat 2023-12-09 05:54:49 UTC", "ActiveEnterTimestampMonotonic": "445505242", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "basic.target polkit.service system.slice dbus.service", "AllowIsolate": "no", "AmbientCapabilities": "0", "AssertResult": "yes", "AssertTimestamp": "Sat 2023-12-09 05:54:48 UTC", "AssertTimestampMonotonic": "445126489", "Before": "multi-user.target network-pre.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "18446744073709551615", "BusName": "org.fedoraproject.FirewallD1", "CPUAccounting": "no", "CPUQuotaPerSecUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "18446744073709551615", "CanIsolate": "no", "CanReload": "yes", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "18446744073709551615", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Sat 2023-12-09 05:54:48 UTC", "ConditionTimestampMonotonic": "445126487", "Conflicts": "ipset.service iptables.service ip6tables.service ebtables.service shutdown.target", "ControlGroup": "/system.slice/firewalld.service", "ControlPID": "0", "DefaultDependencies": "yes", "Delegate": "no", "Description": "firewalld - dynamic firewall daemon", "DevicePolicy": "auto", "Documentation": "man:firewalld(1)", "EnvironmentFile": "/etc/sysconfig/firewalld (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "4650", "ExecMainStartTimestamp": "Sat 2023-12-09 05:54:48 UTC", "ExecMainStartTimestampMonotonic": "445134979", "ExecMainStatus": "0", "ExecReload": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStart": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; ignore_errors=no ; start_time=[Sat 2023-12-09 05:54:48 UTC] ; stop_time=[n/a] ; pid=4650 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/firewalld.service", "GuessMainPID": "yes", "IOScheduling": "0", "Id": "firewalld.service", "IgnoreOnIsolate": "no", "IgnoreOnSnapshot": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Sat 2023-12-09 05:54:48 UTC", "InactiveExitTimestampMonotonic": "445135029", "JobTimeoutAction": "none", "JobTimeoutUSec": "0", "KillMode": "mixed", "KillSignal": "15", "LimitAS": "18446744073709551615", "LimitCORE": "18446744073709551615", "LimitCPU": "18446744073709551615", "LimitDATA": "18446744073709551615", "LimitFSIZE": "18446744073709551615", "LimitLOCKS": "18446744073709551615", "LimitMEMLOCK": "65536", "LimitMSGQUEUE": "819200", "LimitNICE": "0", "LimitNOFILE": "4096", "LimitNPROC": "14311", "LimitRSS": "18446744073709551615", "LimitRTPRIO": "0", "LimitRTTIME": "18446744073709551615", "LimitSIGPENDING": "14311", "LimitSTACK": "18446744073709551615", "LoadState": "loaded", "MainPID": "4650", "MemoryAccounting": "no", "MemoryCurrent": "30760960", "MemoryLimit": "18446744073709551615", "MountFlags": "0", "Names": "firewalld.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PermissionsStartOnly": "no", "PrivateDevices": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "ProtectHome": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "Requires": "system.slice basic.target", "Restart": "no", "RestartUSec": "100ms", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "null", "StandardInput": "null", "StandardOutput": "null", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitInterval": "10000000", "StartupBlockIOWeight": "18446744073709551615", "StartupCPUShares": "18446744073709551615", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "no", "TasksCurrent": "2", "TasksMax": "18446744073709551615", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UMask": "0022", "UnitFilePreset": "enabled", "UnitFileState": "enabled", "WantedBy": "multi-user.target", "Wants": "network-pre.target", "WatchdogTimestamp": "Sat 2023-12-09 05:54:49 UTC", "WatchdogTimestampMonotonic": "445505154", "WatchdogUSec": "0" } } TASK [fedora.linux_system_roles.firewall : Enable and start firewalld service] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:28 Saturday 09 December 2023 05:55:27 +0000 (0:00:00.247) 0:00:19.950 ***** ok: [sut] => { "changed": false, "enabled": true, "name": "firewalld", "state": "started", "status": { "ActiveEnterTimestamp": "Sat 2023-12-09 05:54:49 UTC", "ActiveEnterTimestampMonotonic": "445505242", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "basic.target polkit.service system.slice dbus.service", "AllowIsolate": "no", "AmbientCapabilities": "0", "AssertResult": "yes", "AssertTimestamp": "Sat 2023-12-09 05:54:48 UTC", "AssertTimestampMonotonic": "445126489", "Before": "multi-user.target network-pre.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "18446744073709551615", "BusName": "org.fedoraproject.FirewallD1", "CPUAccounting": "no", "CPUQuotaPerSecUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "18446744073709551615", "CanIsolate": "no", "CanReload": "yes", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "18446744073709551615", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Sat 2023-12-09 05:54:48 UTC", "ConditionTimestampMonotonic": "445126487", "Conflicts": "ipset.service iptables.service ip6tables.service ebtables.service shutdown.target", "ControlGroup": "/system.slice/firewalld.service", "ControlPID": "0", "DefaultDependencies": "yes", "Delegate": "no", "Description": "firewalld - dynamic firewall daemon", "DevicePolicy": "auto", "Documentation": "man:firewalld(1)", "EnvironmentFile": "/etc/sysconfig/firewalld (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "4650", "ExecMainStartTimestamp": "Sat 2023-12-09 05:54:48 UTC", "ExecMainStartTimestampMonotonic": "445134979", "ExecMainStatus": "0", "ExecReload": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStart": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; ignore_errors=no ; start_time=[Sat 2023-12-09 05:54:48 UTC] ; stop_time=[n/a] ; pid=4650 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/firewalld.service", "GuessMainPID": "yes", "IOScheduling": "0", "Id": "firewalld.service", "IgnoreOnIsolate": "no", "IgnoreOnSnapshot": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Sat 2023-12-09 05:54:48 UTC", "InactiveExitTimestampMonotonic": "445135029", "JobTimeoutAction": "none", "JobTimeoutUSec": "0", "KillMode": "mixed", "KillSignal": "15", "LimitAS": "18446744073709551615", "LimitCORE": "18446744073709551615", "LimitCPU": "18446744073709551615", "LimitDATA": "18446744073709551615", "LimitFSIZE": "18446744073709551615", "LimitLOCKS": "18446744073709551615", "LimitMEMLOCK": "65536", "LimitMSGQUEUE": "819200", "LimitNICE": "0", "LimitNOFILE": "4096", "LimitNPROC": "14311", "LimitRSS": "18446744073709551615", "LimitRTPRIO": "0", "LimitRTTIME": "18446744073709551615", "LimitSIGPENDING": "14311", "LimitSTACK": "18446744073709551615", "LoadState": "loaded", "MainPID": "4650", "MemoryAccounting": "no", "MemoryCurrent": "30760960", "MemoryLimit": "18446744073709551615", "MountFlags": "0", "Names": "firewalld.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PermissionsStartOnly": "no", "PrivateDevices": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "ProtectHome": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "Requires": "system.slice basic.target", "Restart": "no", "RestartUSec": "100ms", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "null", "StandardInput": "null", "StandardOutput": "null", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitInterval": "10000000", "StartupBlockIOWeight": "18446744073709551615", "StartupCPUShares": "18446744073709551615", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "no", "TasksCurrent": "2", "TasksMax": "18446744073709551615", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UMask": "0022", "UnitFilePreset": "enabled", "UnitFileState": "enabled", "WantedBy": "multi-user.target", "Wants": "network-pre.target", "WatchdogTimestamp": "Sat 2023-12-09 05:54:49 UTC", "WatchdogTimestampMonotonic": "445505154", "WatchdogUSec": "0" } } TASK [fedora.linux_system_roles.firewall : Check if previous replaced is defined] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:34 Saturday 09 December 2023 05:55:27 +0000 (0:00:00.251) 0:00:20.201 ***** ok: [sut] => { "ansible_facts": { "__firewall_previous_replaced": false, "__firewall_python_cmd": "/usr/bin/python2", "__firewall_report_changed": true }, "changed": false } TASK [fedora.linux_system_roles.firewall : Get config files, checksums before and remove] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:43 Saturday 09 December 2023 05:55:28 +0000 (0:00:00.034) 0:00:20.235 ***** skipping: [sut] => { "changed": false, "false_condition": "__firewall_previous_replaced | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Tell firewall module it is able to report changed] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:55 Saturday 09 December 2023 05:55:28 +0000 (0:00:00.031) 0:00:20.266 ***** skipping: [sut] => { "changed": false, "false_condition": "__firewall_previous_replaced | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Configure firewall] ***************** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:71 Saturday 09 December 2023 05:55:28 +0000 (0:00:00.023) 0:00:20.290 ***** ok: [sut] => (item={'source': 'ipset:customipset', 'state': 'enabled', 'runtime': True}) => { "__firewall_changed": false, "ansible_loop_var": "item", "changed": false, "item": { "runtime": true, "source": "ipset:customipset", "state": "enabled" } } TASK [fedora.linux_system_roles.firewall : Gather firewall config information] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:120 Saturday 09 December 2023 05:55:28 +0000 (0:00:00.456) 0:00:20.747 ***** skipping: [sut] => (item={'source': 'ipset:customipset', 'state': 'enabled', 'runtime': True}) => { "ansible_loop_var": "item", "changed": false, "false_condition": "'detailed' in fw[0]", "item": { "runtime": true, "source": "ipset:customipset", "state": "enabled" }, "skip_reason": "Conditional result was False" } skipping: [sut] => { "changed": false } MSG: All items skipped TASK [fedora.linux_system_roles.firewall : Update firewalld_config fact] ******* task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:130 Saturday 09 December 2023 05:55:28 +0000 (0:00:00.031) 0:00:20.778 ***** skipping: [sut] => { "changed": false, "false_condition": "'detailed' in fw[0]", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Gather firewall config if no arguments] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:139 Saturday 09 December 2023 05:55:28 +0000 (0:00:00.032) 0:00:20.810 ***** skipping: [sut] => { "changed": false, "false_condition": "firewall == None or firewall | length == 0", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Update firewalld_config fact] ******* task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:144 Saturday 09 December 2023 05:55:28 +0000 (0:00:00.031) 0:00:20.842 ***** skipping: [sut] => { "changed": false, "false_condition": "firewall == None or firewall | length == 0", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Get config files, checksums after] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:153 Saturday 09 December 2023 05:55:28 +0000 (0:00:00.031) 0:00:20.874 ***** skipping: [sut] => { "changed": false, "false_condition": "__firewall_previous_replaced | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Calculate what has changed] ********* task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:163 Saturday 09 December 2023 05:55:28 +0000 (0:00:00.052) 0:00:20.926 ***** skipping: [sut] => { "changed": false, "false_condition": "__firewall_previous_replaced | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Show diffs] ************************* task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:169 Saturday 09 December 2023 05:55:28 +0000 (0:00:00.048) 0:00:20.975 ***** skipping: [sut] => { "false_condition": "__firewall_previous_replaced | bool" } TASK [Add ipset to default zone again (permanent)] ***************************** task path: /WORKDIR/git-weekly-cis_1i3qav/tests/tests_ipsets.yml:162 Saturday 09 December 2023 05:55:28 +0000 (0:00:00.030) 0:00:21.006 ***** TASK [fedora.linux_system_roles.firewall : Setup firewalld] ******************** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:2 Saturday 09 December 2023 05:55:28 +0000 (0:00:00.094) 0:00:21.101 ***** included: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml for sut TASK [fedora.linux_system_roles.firewall : Ensure ansible_facts used by role] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:2 Saturday 09 December 2023 05:55:28 +0000 (0:00:00.014) 0:00:21.115 ***** skipping: [sut] => { "changed": false, "false_condition": "__firewall_required_facts | difference(ansible_facts.keys() | list) | length > 0", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Check if system is ostree] ********** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:10 Saturday 09 December 2023 05:55:28 +0000 (0:00:00.031) 0:00:21.146 ***** skipping: [sut] => { "changed": false, "false_condition": "not __firewall_is_ostree is defined", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Set flag to indicate system is ostree] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:15 Saturday 09 December 2023 05:55:28 +0000 (0:00:00.021) 0:00:21.168 ***** skipping: [sut] => { "changed": false, "false_condition": "not __firewall_is_ostree is defined", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Install firewalld] ****************** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:19 Saturday 09 December 2023 05:55:28 +0000 (0:00:00.013) 0:00:21.182 ***** ok: [sut] => { "changed": false, "rc": 0, "results": [ "firewalld-0.6.3-13.el7_9.noarch providing firewalld is already installed" ] } lsrpackages: firewalld TASK [fedora.linux_system_roles.firewall : Collect service facts] ************** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:5 Saturday 09 December 2023 05:55:29 +0000 (0:00:00.373) 0:00:21.556 ***** skipping: [sut] => { "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Attempt to stop and disable conflicting services] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:9 Saturday 09 December 2023 05:55:29 +0000 (0:00:00.018) 0:00:21.574 ***** skipping: [sut] => (item=nftables) => { "ansible_loop_var": "item", "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "item": "nftables", "skip_reason": "Conditional result was False" } skipping: [sut] => (item=iptables) => { "ansible_loop_var": "item", "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "item": "iptables", "skip_reason": "Conditional result was False" } skipping: [sut] => (item=ufw) => { "ansible_loop_var": "item", "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "item": "ufw", "skip_reason": "Conditional result was False" } skipping: [sut] => { "changed": false } MSG: All items skipped TASK [fedora.linux_system_roles.firewall : Unmask firewalld service] *********** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:22 Saturday 09 December 2023 05:55:29 +0000 (0:00:00.021) 0:00:21.596 ***** ok: [sut] => { "changed": false, "name": "firewalld", "status": { "ActiveEnterTimestamp": "Sat 2023-12-09 05:54:49 UTC", "ActiveEnterTimestampMonotonic": "445505242", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "basic.target polkit.service system.slice dbus.service", "AllowIsolate": "no", "AmbientCapabilities": "0", "AssertResult": "yes", "AssertTimestamp": "Sat 2023-12-09 05:54:48 UTC", "AssertTimestampMonotonic": "445126489", "Before": "multi-user.target network-pre.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "18446744073709551615", "BusName": "org.fedoraproject.FirewallD1", "CPUAccounting": "no", "CPUQuotaPerSecUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "18446744073709551615", "CanIsolate": "no", "CanReload": "yes", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "18446744073709551615", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Sat 2023-12-09 05:54:48 UTC", "ConditionTimestampMonotonic": "445126487", "Conflicts": "ipset.service iptables.service ip6tables.service ebtables.service shutdown.target", "ControlGroup": "/system.slice/firewalld.service", "ControlPID": "0", "DefaultDependencies": "yes", "Delegate": "no", "Description": "firewalld - dynamic firewall daemon", "DevicePolicy": "auto", "Documentation": "man:firewalld(1)", "EnvironmentFile": "/etc/sysconfig/firewalld (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "4650", "ExecMainStartTimestamp": "Sat 2023-12-09 05:54:48 UTC", "ExecMainStartTimestampMonotonic": "445134979", "ExecMainStatus": "0", "ExecReload": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStart": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; ignore_errors=no ; start_time=[Sat 2023-12-09 05:54:48 UTC] ; stop_time=[n/a] ; pid=4650 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/firewalld.service", "GuessMainPID": "yes", "IOScheduling": "0", "Id": "firewalld.service", "IgnoreOnIsolate": "no", "IgnoreOnSnapshot": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Sat 2023-12-09 05:54:48 UTC", "InactiveExitTimestampMonotonic": "445135029", "JobTimeoutAction": "none", "JobTimeoutUSec": "0", "KillMode": "mixed", "KillSignal": "15", "LimitAS": "18446744073709551615", "LimitCORE": "18446744073709551615", "LimitCPU": "18446744073709551615", "LimitDATA": "18446744073709551615", "LimitFSIZE": "18446744073709551615", "LimitLOCKS": "18446744073709551615", "LimitMEMLOCK": "65536", "LimitMSGQUEUE": "819200", "LimitNICE": "0", "LimitNOFILE": "4096", "LimitNPROC": "14311", "LimitRSS": "18446744073709551615", "LimitRTPRIO": "0", "LimitRTTIME": "18446744073709551615", "LimitSIGPENDING": "14311", "LimitSTACK": "18446744073709551615", "LoadState": "loaded", "MainPID": "4650", "MemoryAccounting": "no", "MemoryCurrent": "30760960", "MemoryLimit": "18446744073709551615", "MountFlags": "0", "Names": "firewalld.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PermissionsStartOnly": "no", "PrivateDevices": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "ProtectHome": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "Requires": "system.slice basic.target", "Restart": "no", "RestartUSec": "100ms", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "null", "StandardInput": "null", "StandardOutput": "null", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitInterval": "10000000", "StartupBlockIOWeight": "18446744073709551615", "StartupCPUShares": "18446744073709551615", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "no", "TasksCurrent": "2", "TasksMax": "18446744073709551615", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UMask": "0022", "UnitFilePreset": "enabled", "UnitFileState": "enabled", "WantedBy": "multi-user.target", "Wants": "network-pre.target", "WatchdogTimestamp": "Sat 2023-12-09 05:54:49 UTC", "WatchdogTimestampMonotonic": "445505154", "WatchdogUSec": "0" } } TASK [fedora.linux_system_roles.firewall : Enable and start firewalld service] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:28 Saturday 09 December 2023 05:55:29 +0000 (0:00:00.245) 0:00:21.841 ***** ok: [sut] => { "changed": false, "enabled": true, "name": "firewalld", "state": "started", "status": { "ActiveEnterTimestamp": "Sat 2023-12-09 05:54:49 UTC", "ActiveEnterTimestampMonotonic": "445505242", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "basic.target polkit.service system.slice dbus.service", "AllowIsolate": "no", "AmbientCapabilities": "0", "AssertResult": "yes", "AssertTimestamp": "Sat 2023-12-09 05:54:48 UTC", "AssertTimestampMonotonic": "445126489", "Before": "multi-user.target network-pre.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "18446744073709551615", "BusName": "org.fedoraproject.FirewallD1", "CPUAccounting": "no", "CPUQuotaPerSecUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "18446744073709551615", "CanIsolate": "no", "CanReload": "yes", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "18446744073709551615", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Sat 2023-12-09 05:54:48 UTC", "ConditionTimestampMonotonic": "445126487", "Conflicts": "ipset.service iptables.service ip6tables.service ebtables.service shutdown.target", "ControlGroup": "/system.slice/firewalld.service", "ControlPID": "0", "DefaultDependencies": "yes", "Delegate": "no", "Description": "firewalld - dynamic firewall daemon", "DevicePolicy": "auto", "Documentation": "man:firewalld(1)", "EnvironmentFile": "/etc/sysconfig/firewalld (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "4650", "ExecMainStartTimestamp": "Sat 2023-12-09 05:54:48 UTC", "ExecMainStartTimestampMonotonic": "445134979", "ExecMainStatus": "0", "ExecReload": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStart": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; ignore_errors=no ; start_time=[Sat 2023-12-09 05:54:48 UTC] ; stop_time=[n/a] ; pid=4650 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/firewalld.service", "GuessMainPID": "yes", "IOScheduling": "0", "Id": "firewalld.service", "IgnoreOnIsolate": "no", "IgnoreOnSnapshot": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Sat 2023-12-09 05:54:48 UTC", "InactiveExitTimestampMonotonic": "445135029", "JobTimeoutAction": "none", "JobTimeoutUSec": "0", "KillMode": "mixed", "KillSignal": "15", "LimitAS": "18446744073709551615", "LimitCORE": "18446744073709551615", "LimitCPU": "18446744073709551615", "LimitDATA": "18446744073709551615", "LimitFSIZE": "18446744073709551615", "LimitLOCKS": "18446744073709551615", "LimitMEMLOCK": "65536", "LimitMSGQUEUE": "819200", "LimitNICE": "0", "LimitNOFILE": "4096", "LimitNPROC": "14311", "LimitRSS": "18446744073709551615", "LimitRTPRIO": "0", "LimitRTTIME": "18446744073709551615", "LimitSIGPENDING": "14311", "LimitSTACK": "18446744073709551615", "LoadState": "loaded", "MainPID": "4650", "MemoryAccounting": "no", "MemoryCurrent": "30760960", "MemoryLimit": "18446744073709551615", "MountFlags": "0", "Names": "firewalld.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PermissionsStartOnly": "no", "PrivateDevices": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "ProtectHome": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "Requires": "system.slice basic.target", "Restart": "no", "RestartUSec": "100ms", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "null", "StandardInput": "null", "StandardOutput": "null", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitInterval": "10000000", "StartupBlockIOWeight": "18446744073709551615", "StartupCPUShares": "18446744073709551615", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "no", "TasksCurrent": "2", "TasksMax": "18446744073709551615", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UMask": "0022", "UnitFilePreset": "enabled", "UnitFileState": "enabled", "WantedBy": "multi-user.target", "Wants": "network-pre.target", "WatchdogTimestamp": "Sat 2023-12-09 05:54:49 UTC", "WatchdogTimestampMonotonic": "445505154", "WatchdogUSec": "0" } } TASK [fedora.linux_system_roles.firewall : Check if previous replaced is defined] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:34 Saturday 09 December 2023 05:55:29 +0000 (0:00:00.237) 0:00:22.079 ***** ok: [sut] => { "ansible_facts": { "__firewall_previous_replaced": false, "__firewall_python_cmd": "/usr/bin/python2", "__firewall_report_changed": true }, "changed": false } TASK [fedora.linux_system_roles.firewall : Get config files, checksums before and remove] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:43 Saturday 09 December 2023 05:55:29 +0000 (0:00:00.025) 0:00:22.105 ***** skipping: [sut] => { "changed": false, "false_condition": "__firewall_previous_replaced | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Tell firewall module it is able to report changed] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:55 Saturday 09 December 2023 05:55:29 +0000 (0:00:00.023) 0:00:22.129 ***** skipping: [sut] => { "changed": false, "false_condition": "__firewall_previous_replaced | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Configure firewall] ***************** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:71 Saturday 09 December 2023 05:55:29 +0000 (0:00:00.018) 0:00:22.147 ***** ok: [sut] => (item={'source': 'ipset:customipset', 'state': 'enabled', 'runtime': True}) => { "__firewall_changed": false, "ansible_loop_var": "item", "changed": false, "item": { "runtime": true, "source": "ipset:customipset", "state": "enabled" } } TASK [fedora.linux_system_roles.firewall : Gather firewall config information] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:120 Saturday 09 December 2023 05:55:30 +0000 (0:00:00.461) 0:00:22.609 ***** skipping: [sut] => (item={'source': 'ipset:customipset', 'state': 'enabled', 'runtime': True}) => { "ansible_loop_var": "item", "changed": false, "false_condition": "'detailed' in fw[0]", "item": { "runtime": true, "source": "ipset:customipset", "state": "enabled" }, "skip_reason": "Conditional result was False" } skipping: [sut] => { "changed": false } MSG: All items skipped TASK [fedora.linux_system_roles.firewall : Update firewalld_config fact] ******* task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:130 Saturday 09 December 2023 05:55:30 +0000 (0:00:00.027) 0:00:22.637 ***** skipping: [sut] => { "changed": false, "false_condition": "'detailed' in fw[0]", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Gather firewall config if no arguments] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:139 Saturday 09 December 2023 05:55:30 +0000 (0:00:00.023) 0:00:22.661 ***** skipping: [sut] => { "changed": false, "false_condition": "firewall == None or firewall | length == 0", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Update firewalld_config fact] ******* task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:144 Saturday 09 December 2023 05:55:30 +0000 (0:00:00.042) 0:00:22.703 ***** skipping: [sut] => { "changed": false, "false_condition": "firewall == None or firewall | length == 0", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Get config files, checksums after] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:153 Saturday 09 December 2023 05:55:30 +0000 (0:00:00.030) 0:00:22.733 ***** skipping: [sut] => { "changed": false, "false_condition": "__firewall_previous_replaced | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Calculate what has changed] ********* task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:163 Saturday 09 December 2023 05:55:30 +0000 (0:00:00.058) 0:00:22.792 ***** skipping: [sut] => { "changed": false, "false_condition": "__firewall_previous_replaced | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Show diffs] ************************* task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:169 Saturday 09 December 2023 05:55:30 +0000 (0:00:00.030) 0:00:22.822 ***** skipping: [sut] => { "false_condition": "__firewall_previous_replaced | bool" } TASK [Fail if adding ipset is not idempotent (permanent)] ********************** task path: /WORKDIR/git-weekly-cis_1i3qav/tests/tests_ipsets.yml:172 Saturday 09 December 2023 05:55:30 +0000 (0:00:00.025) 0:00:22.848 ***** skipping: [sut] => { "changed": false, "false_condition": "result.changed | bool", "skip_reason": "Conditional result was False" } TASK [Add ipset to default zone] *********************************************** task path: /WORKDIR/git-weekly-cis_1i3qav/tests/tests_ipsets.yml:177 Saturday 09 December 2023 05:55:30 +0000 (0:00:00.029) 0:00:22.878 ***** TASK [fedora.linux_system_roles.firewall : Setup firewalld] ******************** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:2 Saturday 09 December 2023 05:55:30 +0000 (0:00:00.081) 0:00:22.959 ***** included: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml for sut TASK [fedora.linux_system_roles.firewall : Ensure ansible_facts used by role] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:2 Saturday 09 December 2023 05:55:30 +0000 (0:00:00.015) 0:00:22.975 ***** skipping: [sut] => { "changed": false, "false_condition": "__firewall_required_facts | difference(ansible_facts.keys() | list) | length > 0", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Check if system is ostree] ********** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:10 Saturday 09 December 2023 05:55:30 +0000 (0:00:00.019) 0:00:22.995 ***** skipping: [sut] => { "changed": false, "false_condition": "not __firewall_is_ostree is defined", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Set flag to indicate system is ostree] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:15 Saturday 09 December 2023 05:55:30 +0000 (0:00:00.013) 0:00:23.008 ***** skipping: [sut] => { "changed": false, "false_condition": "not __firewall_is_ostree is defined", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Install firewalld] ****************** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:19 Saturday 09 December 2023 05:55:30 +0000 (0:00:00.016) 0:00:23.025 ***** ok: [sut] => { "changed": false, "rc": 0, "results": [ "firewalld-0.6.3-13.el7_9.noarch providing firewalld is already installed" ] } lsrpackages: firewalld TASK [fedora.linux_system_roles.firewall : Collect service facts] ************** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:5 Saturday 09 December 2023 05:55:31 +0000 (0:00:00.405) 0:00:23.431 ***** skipping: [sut] => { "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Attempt to stop and disable conflicting services] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:9 Saturday 09 December 2023 05:55:31 +0000 (0:00:00.039) 0:00:23.470 ***** skipping: [sut] => (item=nftables) => { "ansible_loop_var": "item", "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "item": "nftables", "skip_reason": "Conditional result was False" } skipping: [sut] => (item=iptables) => { "ansible_loop_var": "item", "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "item": "iptables", "skip_reason": "Conditional result was False" } skipping: [sut] => (item=ufw) => { "ansible_loop_var": "item", "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "item": "ufw", "skip_reason": "Conditional result was False" } skipping: [sut] => { "changed": false } MSG: All items skipped TASK [fedora.linux_system_roles.firewall : Unmask firewalld service] *********** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:22 Saturday 09 December 2023 05:55:31 +0000 (0:00:00.039) 0:00:23.510 ***** ok: [sut] => { "changed": false, "name": "firewalld", "status": { "ActiveEnterTimestamp": "Sat 2023-12-09 05:54:49 UTC", "ActiveEnterTimestampMonotonic": "445505242", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "basic.target polkit.service system.slice dbus.service", "AllowIsolate": "no", "AmbientCapabilities": "0", "AssertResult": "yes", "AssertTimestamp": "Sat 2023-12-09 05:54:48 UTC", "AssertTimestampMonotonic": "445126489", "Before": "multi-user.target network-pre.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "18446744073709551615", "BusName": "org.fedoraproject.FirewallD1", "CPUAccounting": "no", "CPUQuotaPerSecUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "18446744073709551615", "CanIsolate": "no", "CanReload": "yes", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "18446744073709551615", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Sat 2023-12-09 05:54:48 UTC", "ConditionTimestampMonotonic": "445126487", "Conflicts": "ipset.service iptables.service ip6tables.service ebtables.service shutdown.target", "ControlGroup": "/system.slice/firewalld.service", "ControlPID": "0", "DefaultDependencies": "yes", "Delegate": "no", "Description": "firewalld - dynamic firewall daemon", "DevicePolicy": "auto", "Documentation": "man:firewalld(1)", "EnvironmentFile": "/etc/sysconfig/firewalld (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "4650", "ExecMainStartTimestamp": "Sat 2023-12-09 05:54:48 UTC", "ExecMainStartTimestampMonotonic": "445134979", "ExecMainStatus": "0", "ExecReload": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStart": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; ignore_errors=no ; start_time=[Sat 2023-12-09 05:54:48 UTC] ; stop_time=[n/a] ; pid=4650 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/firewalld.service", "GuessMainPID": "yes", "IOScheduling": "0", "Id": "firewalld.service", "IgnoreOnIsolate": "no", "IgnoreOnSnapshot": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Sat 2023-12-09 05:54:48 UTC", "InactiveExitTimestampMonotonic": "445135029", "JobTimeoutAction": "none", "JobTimeoutUSec": "0", "KillMode": "mixed", "KillSignal": "15", "LimitAS": "18446744073709551615", "LimitCORE": "18446744073709551615", "LimitCPU": "18446744073709551615", "LimitDATA": "18446744073709551615", "LimitFSIZE": "18446744073709551615", "LimitLOCKS": "18446744073709551615", "LimitMEMLOCK": "65536", "LimitMSGQUEUE": "819200", "LimitNICE": "0", "LimitNOFILE": "4096", "LimitNPROC": "14311", "LimitRSS": "18446744073709551615", "LimitRTPRIO": "0", "LimitRTTIME": "18446744073709551615", "LimitSIGPENDING": "14311", "LimitSTACK": "18446744073709551615", "LoadState": "loaded", "MainPID": "4650", "MemoryAccounting": "no", "MemoryCurrent": "30760960", "MemoryLimit": "18446744073709551615", "MountFlags": "0", "Names": "firewalld.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PermissionsStartOnly": "no", "PrivateDevices": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "ProtectHome": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "Requires": "system.slice basic.target", "Restart": "no", "RestartUSec": "100ms", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "null", "StandardInput": "null", "StandardOutput": "null", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitInterval": "10000000", "StartupBlockIOWeight": "18446744073709551615", "StartupCPUShares": "18446744073709551615", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "no", "TasksCurrent": "2", "TasksMax": "18446744073709551615", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UMask": "0022", "UnitFilePreset": "enabled", "UnitFileState": "enabled", "WantedBy": "multi-user.target", "Wants": "network-pre.target", "WatchdogTimestamp": "Sat 2023-12-09 05:54:49 UTC", "WatchdogTimestampMonotonic": "445505154", "WatchdogUSec": "0" } } TASK [fedora.linux_system_roles.firewall : Enable and start firewalld service] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:28 Saturday 09 December 2023 05:55:31 +0000 (0:00:00.270) 0:00:23.781 ***** ok: [sut] => { "changed": false, "enabled": true, "name": "firewalld", "state": "started", "status": { "ActiveEnterTimestamp": "Sat 2023-12-09 05:54:49 UTC", "ActiveEnterTimestampMonotonic": "445505242", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "basic.target polkit.service system.slice dbus.service", "AllowIsolate": "no", "AmbientCapabilities": "0", "AssertResult": "yes", "AssertTimestamp": "Sat 2023-12-09 05:54:48 UTC", "AssertTimestampMonotonic": "445126489", "Before": "multi-user.target network-pre.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "18446744073709551615", "BusName": "org.fedoraproject.FirewallD1", "CPUAccounting": "no", "CPUQuotaPerSecUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "18446744073709551615", "CanIsolate": "no", "CanReload": "yes", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "18446744073709551615", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Sat 2023-12-09 05:54:48 UTC", "ConditionTimestampMonotonic": "445126487", "Conflicts": "ipset.service iptables.service ip6tables.service ebtables.service shutdown.target", "ControlGroup": "/system.slice/firewalld.service", "ControlPID": "0", "DefaultDependencies": "yes", "Delegate": "no", "Description": "firewalld - dynamic firewall daemon", "DevicePolicy": "auto", "Documentation": "man:firewalld(1)", "EnvironmentFile": "/etc/sysconfig/firewalld (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "4650", "ExecMainStartTimestamp": "Sat 2023-12-09 05:54:48 UTC", "ExecMainStartTimestampMonotonic": "445134979", "ExecMainStatus": "0", "ExecReload": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStart": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; ignore_errors=no ; start_time=[Sat 2023-12-09 05:54:48 UTC] ; stop_time=[n/a] ; pid=4650 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/firewalld.service", "GuessMainPID": "yes", "IOScheduling": "0", "Id": "firewalld.service", "IgnoreOnIsolate": "no", "IgnoreOnSnapshot": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Sat 2023-12-09 05:54:48 UTC", "InactiveExitTimestampMonotonic": "445135029", "JobTimeoutAction": "none", "JobTimeoutUSec": "0", "KillMode": "mixed", "KillSignal": "15", "LimitAS": "18446744073709551615", "LimitCORE": "18446744073709551615", "LimitCPU": "18446744073709551615", "LimitDATA": "18446744073709551615", "LimitFSIZE": "18446744073709551615", "LimitLOCKS": "18446744073709551615", "LimitMEMLOCK": "65536", "LimitMSGQUEUE": "819200", "LimitNICE": "0", "LimitNOFILE": "4096", "LimitNPROC": "14311", "LimitRSS": "18446744073709551615", "LimitRTPRIO": "0", "LimitRTTIME": "18446744073709551615", "LimitSIGPENDING": "14311", "LimitSTACK": "18446744073709551615", "LoadState": "loaded", "MainPID": "4650", "MemoryAccounting": "no", "MemoryCurrent": "30760960", "MemoryLimit": "18446744073709551615", "MountFlags": "0", "Names": "firewalld.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PermissionsStartOnly": "no", "PrivateDevices": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "ProtectHome": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "Requires": "system.slice basic.target", "Restart": "no", "RestartUSec": "100ms", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "null", "StandardInput": "null", "StandardOutput": "null", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitInterval": "10000000", "StartupBlockIOWeight": "18446744073709551615", "StartupCPUShares": "18446744073709551615", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "no", "TasksCurrent": "2", "TasksMax": "18446744073709551615", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UMask": "0022", "UnitFilePreset": "enabled", "UnitFileState": "enabled", "WantedBy": "multi-user.target", "Wants": "network-pre.target", "WatchdogTimestamp": "Sat 2023-12-09 05:54:49 UTC", "WatchdogTimestampMonotonic": "445505154", "WatchdogUSec": "0" } } TASK [fedora.linux_system_roles.firewall : Check if previous replaced is defined] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:34 Saturday 09 December 2023 05:55:31 +0000 (0:00:00.254) 0:00:24.035 ***** ok: [sut] => { "ansible_facts": { "__firewall_previous_replaced": false, "__firewall_python_cmd": "/usr/bin/python2", "__firewall_report_changed": true }, "changed": false } TASK [fedora.linux_system_roles.firewall : Get config files, checksums before and remove] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:43 Saturday 09 December 2023 05:55:31 +0000 (0:00:00.049) 0:00:24.085 ***** skipping: [sut] => { "changed": false, "false_condition": "__firewall_previous_replaced | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Tell firewall module it is able to report changed] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:55 Saturday 09 December 2023 05:55:31 +0000 (0:00:00.028) 0:00:24.113 ***** skipping: [sut] => { "changed": false, "false_condition": "__firewall_previous_replaced | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Configure firewall] ***************** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:71 Saturday 09 December 2023 05:55:31 +0000 (0:00:00.024) 0:00:24.138 ***** changed: [sut] => (item={'source': 'ipset:customipset', 'state': 'disabled', 'permanent': True}) => { "__firewall_changed": true, "ansible_loop_var": "item", "changed": true, "item": { "permanent": true, "source": "ipset:customipset", "state": "disabled" } } TASK [fedora.linux_system_roles.firewall : Gather firewall config information] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:120 Saturday 09 December 2023 05:55:32 +0000 (0:00:00.479) 0:00:24.617 ***** skipping: [sut] => (item={'source': 'ipset:customipset', 'state': 'disabled', 'permanent': True}) => { "ansible_loop_var": "item", "changed": false, "false_condition": "'detailed' in fw[0]", "item": { "permanent": true, "source": "ipset:customipset", "state": "disabled" }, "skip_reason": "Conditional result was False" } skipping: [sut] => { "changed": false } MSG: All items skipped TASK [fedora.linux_system_roles.firewall : Update firewalld_config fact] ******* task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:130 Saturday 09 December 2023 05:55:32 +0000 (0:00:00.029) 0:00:24.646 ***** skipping: [sut] => { "changed": false, "false_condition": "'detailed' in fw[0]", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Gather firewall config if no arguments] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:139 Saturday 09 December 2023 05:55:32 +0000 (0:00:00.021) 0:00:24.667 ***** skipping: [sut] => { "changed": false, "false_condition": "firewall == None or firewall | length == 0", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Update firewalld_config fact] ******* task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:144 Saturday 09 December 2023 05:55:32 +0000 (0:00:00.019) 0:00:24.687 ***** skipping: [sut] => { "changed": false, "false_condition": "firewall == None or firewall | length == 0", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Get config files, checksums after] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:153 Saturday 09 December 2023 05:55:32 +0000 (0:00:00.016) 0:00:24.704 ***** skipping: [sut] => { "changed": false, "false_condition": "__firewall_previous_replaced | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Calculate what has changed] ********* task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:163 Saturday 09 December 2023 05:55:32 +0000 (0:00:00.015) 0:00:24.719 ***** skipping: [sut] => { "changed": false, "false_condition": "__firewall_previous_replaced | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Show diffs] ************************* task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:169 Saturday 09 December 2023 05:55:32 +0000 (0:00:00.016) 0:00:24.736 ***** skipping: [sut] => { "false_condition": "__firewall_previous_replaced | bool" } TASK [Remove custom ipset] ***************************************************** task path: /WORKDIR/git-weekly-cis_1i3qav/tests/tests_ipsets.yml:186 Saturday 09 December 2023 05:55:32 +0000 (0:00:00.020) 0:00:24.756 ***** TASK [fedora.linux_system_roles.firewall : Setup firewalld] ******************** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:2 Saturday 09 December 2023 05:55:32 +0000 (0:00:00.080) 0:00:24.836 ***** included: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml for sut TASK [fedora.linux_system_roles.firewall : Ensure ansible_facts used by role] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:2 Saturday 09 December 2023 05:55:32 +0000 (0:00:00.012) 0:00:24.849 ***** skipping: [sut] => { "changed": false, "false_condition": "__firewall_required_facts | difference(ansible_facts.keys() | list) | length > 0", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Check if system is ostree] ********** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:10 Saturday 09 December 2023 05:55:32 +0000 (0:00:00.018) 0:00:24.868 ***** skipping: [sut] => { "changed": false, "false_condition": "not __firewall_is_ostree is defined", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Set flag to indicate system is ostree] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:15 Saturday 09 December 2023 05:55:32 +0000 (0:00:00.011) 0:00:24.879 ***** skipping: [sut] => { "changed": false, "false_condition": "not __firewall_is_ostree is defined", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Install firewalld] ****************** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:19 Saturday 09 December 2023 05:55:32 +0000 (0:00:00.011) 0:00:24.891 ***** ok: [sut] => { "changed": false, "rc": 0, "results": [ "firewalld-0.6.3-13.el7_9.noarch providing firewalld is already installed" ] } lsrpackages: firewalld TASK [fedora.linux_system_roles.firewall : Collect service facts] ************** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:5 Saturday 09 December 2023 05:55:33 +0000 (0:00:00.373) 0:00:25.265 ***** skipping: [sut] => { "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Attempt to stop and disable conflicting services] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:9 Saturday 09 December 2023 05:55:33 +0000 (0:00:00.020) 0:00:25.285 ***** skipping: [sut] => (item=nftables) => { "ansible_loop_var": "item", "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "item": "nftables", "skip_reason": "Conditional result was False" } skipping: [sut] => (item=iptables) => { "ansible_loop_var": "item", "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "item": "iptables", "skip_reason": "Conditional result was False" } skipping: [sut] => (item=ufw) => { "ansible_loop_var": "item", "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "item": "ufw", "skip_reason": "Conditional result was False" } skipping: [sut] => { "changed": false } MSG: All items skipped TASK [fedora.linux_system_roles.firewall : Unmask firewalld service] *********** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:22 Saturday 09 December 2023 05:55:33 +0000 (0:00:00.048) 0:00:25.334 ***** ok: [sut] => { "changed": false, "name": "firewalld", "status": { "ActiveEnterTimestamp": "Sat 2023-12-09 05:54:49 UTC", "ActiveEnterTimestampMonotonic": "445505242", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "basic.target polkit.service system.slice dbus.service", "AllowIsolate": "no", "AmbientCapabilities": "0", "AssertResult": "yes", "AssertTimestamp": "Sat 2023-12-09 05:54:48 UTC", "AssertTimestampMonotonic": "445126489", "Before": "multi-user.target network-pre.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "18446744073709551615", "BusName": "org.fedoraproject.FirewallD1", "CPUAccounting": "no", "CPUQuotaPerSecUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "18446744073709551615", "CanIsolate": "no", "CanReload": "yes", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "18446744073709551615", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Sat 2023-12-09 05:54:48 UTC", "ConditionTimestampMonotonic": "445126487", "Conflicts": "ipset.service iptables.service ip6tables.service ebtables.service shutdown.target", "ControlGroup": "/system.slice/firewalld.service", "ControlPID": "0", "DefaultDependencies": "yes", "Delegate": "no", "Description": "firewalld - dynamic firewall daemon", "DevicePolicy": "auto", "Documentation": "man:firewalld(1)", "EnvironmentFile": "/etc/sysconfig/firewalld (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "4650", "ExecMainStartTimestamp": "Sat 2023-12-09 05:54:48 UTC", "ExecMainStartTimestampMonotonic": "445134979", "ExecMainStatus": "0", "ExecReload": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStart": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; ignore_errors=no ; start_time=[Sat 2023-12-09 05:54:48 UTC] ; stop_time=[n/a] ; pid=4650 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/firewalld.service", "GuessMainPID": "yes", "IOScheduling": "0", "Id": "firewalld.service", "IgnoreOnIsolate": "no", "IgnoreOnSnapshot": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Sat 2023-12-09 05:54:48 UTC", "InactiveExitTimestampMonotonic": "445135029", "JobTimeoutAction": "none", "JobTimeoutUSec": "0", "KillMode": "mixed", "KillSignal": "15", "LimitAS": "18446744073709551615", "LimitCORE": "18446744073709551615", "LimitCPU": "18446744073709551615", "LimitDATA": "18446744073709551615", "LimitFSIZE": "18446744073709551615", "LimitLOCKS": "18446744073709551615", "LimitMEMLOCK": "65536", "LimitMSGQUEUE": "819200", "LimitNICE": "0", "LimitNOFILE": "4096", "LimitNPROC": "14311", "LimitRSS": "18446744073709551615", "LimitRTPRIO": "0", "LimitRTTIME": "18446744073709551615", "LimitSIGPENDING": "14311", "LimitSTACK": "18446744073709551615", "LoadState": "loaded", "MainPID": "4650", "MemoryAccounting": "no", "MemoryCurrent": "30756864", "MemoryLimit": "18446744073709551615", "MountFlags": "0", "Names": "firewalld.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PermissionsStartOnly": "no", "PrivateDevices": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "ProtectHome": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "Requires": "system.slice basic.target", "Restart": "no", "RestartUSec": "100ms", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "null", "StandardInput": "null", "StandardOutput": "null", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitInterval": "10000000", "StartupBlockIOWeight": "18446744073709551615", "StartupCPUShares": "18446744073709551615", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "no", "TasksCurrent": "2", "TasksMax": "18446744073709551615", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UMask": "0022", "UnitFilePreset": "enabled", "UnitFileState": "enabled", "WantedBy": "multi-user.target", "Wants": "network-pre.target", "WatchdogTimestamp": "Sat 2023-12-09 05:54:49 UTC", "WatchdogTimestampMonotonic": "445505154", "WatchdogUSec": "0" } } TASK [fedora.linux_system_roles.firewall : Enable and start firewalld service] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:28 Saturday 09 December 2023 05:55:33 +0000 (0:00:00.243) 0:00:25.578 ***** ok: [sut] => { "changed": false, "enabled": true, "name": "firewalld", "state": "started", "status": { "ActiveEnterTimestamp": "Sat 2023-12-09 05:54:49 UTC", "ActiveEnterTimestampMonotonic": "445505242", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "basic.target polkit.service system.slice dbus.service", "AllowIsolate": "no", "AmbientCapabilities": "0", "AssertResult": "yes", "AssertTimestamp": "Sat 2023-12-09 05:54:48 UTC", "AssertTimestampMonotonic": "445126489", "Before": "multi-user.target network-pre.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "18446744073709551615", "BusName": "org.fedoraproject.FirewallD1", "CPUAccounting": "no", "CPUQuotaPerSecUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "18446744073709551615", "CanIsolate": "no", "CanReload": "yes", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "18446744073709551615", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Sat 2023-12-09 05:54:48 UTC", "ConditionTimestampMonotonic": "445126487", "Conflicts": "ipset.service iptables.service ip6tables.service ebtables.service shutdown.target", "ControlGroup": "/system.slice/firewalld.service", "ControlPID": "0", "DefaultDependencies": "yes", "Delegate": "no", "Description": "firewalld - dynamic firewall daemon", "DevicePolicy": "auto", "Documentation": "man:firewalld(1)", "EnvironmentFile": "/etc/sysconfig/firewalld (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "4650", "ExecMainStartTimestamp": "Sat 2023-12-09 05:54:48 UTC", "ExecMainStartTimestampMonotonic": "445134979", "ExecMainStatus": "0", "ExecReload": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStart": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; ignore_errors=no ; start_time=[Sat 2023-12-09 05:54:48 UTC] ; stop_time=[n/a] ; pid=4650 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/firewalld.service", "GuessMainPID": "yes", "IOScheduling": "0", "Id": "firewalld.service", "IgnoreOnIsolate": "no", "IgnoreOnSnapshot": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Sat 2023-12-09 05:54:48 UTC", "InactiveExitTimestampMonotonic": "445135029", "JobTimeoutAction": "none", "JobTimeoutUSec": "0", "KillMode": "mixed", "KillSignal": "15", "LimitAS": "18446744073709551615", "LimitCORE": "18446744073709551615", "LimitCPU": "18446744073709551615", "LimitDATA": "18446744073709551615", "LimitFSIZE": "18446744073709551615", "LimitLOCKS": "18446744073709551615", "LimitMEMLOCK": "65536", "LimitMSGQUEUE": "819200", "LimitNICE": "0", "LimitNOFILE": "4096", "LimitNPROC": "14311", "LimitRSS": "18446744073709551615", "LimitRTPRIO": "0", "LimitRTTIME": "18446744073709551615", "LimitSIGPENDING": "14311", "LimitSTACK": "18446744073709551615", "LoadState": "loaded", "MainPID": "4650", "MemoryAccounting": "no", "MemoryCurrent": "30756864", "MemoryLimit": "18446744073709551615", "MountFlags": "0", "Names": "firewalld.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PermissionsStartOnly": "no", "PrivateDevices": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "ProtectHome": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "Requires": "system.slice basic.target", "Restart": "no", "RestartUSec": "100ms", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "null", "StandardInput": "null", "StandardOutput": "null", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitInterval": "10000000", "StartupBlockIOWeight": "18446744073709551615", "StartupCPUShares": "18446744073709551615", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "no", "TasksCurrent": "2", "TasksMax": "18446744073709551615", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UMask": "0022", "UnitFilePreset": "enabled", "UnitFileState": "enabled", "WantedBy": "multi-user.target", "Wants": "network-pre.target", "WatchdogTimestamp": "Sat 2023-12-09 05:54:49 UTC", "WatchdogTimestampMonotonic": "445505154", "WatchdogUSec": "0" } } TASK [fedora.linux_system_roles.firewall : Check if previous replaced is defined] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:34 Saturday 09 December 2023 05:55:33 +0000 (0:00:00.246) 0:00:25.824 ***** ok: [sut] => { "ansible_facts": { "__firewall_previous_replaced": false, "__firewall_python_cmd": "/usr/bin/python2", "__firewall_report_changed": true }, "changed": false } TASK [fedora.linux_system_roles.firewall : Get config files, checksums before and remove] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:43 Saturday 09 December 2023 05:55:33 +0000 (0:00:00.026) 0:00:25.850 ***** skipping: [sut] => { "changed": false, "false_condition": "__firewall_previous_replaced | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Tell firewall module it is able to report changed] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:55 Saturday 09 December 2023 05:55:33 +0000 (0:00:00.017) 0:00:25.868 ***** skipping: [sut] => { "changed": false, "false_condition": "__firewall_previous_replaced | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Configure firewall] ***************** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:71 Saturday 09 December 2023 05:55:33 +0000 (0:00:00.016) 0:00:25.885 ***** changed: [sut] => (item={'ipset': 'customipset', 'state': 'absent', 'permanent': True}) => { "__firewall_changed": true, "ansible_loop_var": "item", "changed": true, "item": { "ipset": "customipset", "permanent": true, "state": "absent" } } TASK [fedora.linux_system_roles.firewall : Gather firewall config information] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:120 Saturday 09 December 2023 05:55:34 +0000 (0:00:00.697) 0:00:26.582 ***** skipping: [sut] => (item={'ipset': 'customipset', 'state': 'absent', 'permanent': True}) => { "ansible_loop_var": "item", "changed": false, "false_condition": "'detailed' in fw[0]", "item": { "ipset": "customipset", "permanent": true, "state": "absent" }, "skip_reason": "Conditional result was False" } skipping: [sut] => { "changed": false } MSG: All items skipped TASK [fedora.linux_system_roles.firewall : Update firewalld_config fact] ******* task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:130 Saturday 09 December 2023 05:55:34 +0000 (0:00:00.028) 0:00:26.610 ***** skipping: [sut] => { "changed": false, "false_condition": "'detailed' in fw[0]", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Gather firewall config if no arguments] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:139 Saturday 09 December 2023 05:55:34 +0000 (0:00:00.021) 0:00:26.632 ***** skipping: [sut] => { "changed": false, "false_condition": "firewall == None or firewall | length == 0", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Update firewalld_config fact] ******* task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:144 Saturday 09 December 2023 05:55:34 +0000 (0:00:00.018) 0:00:26.650 ***** skipping: [sut] => { "changed": false, "false_condition": "firewall == None or firewall | length == 0", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Get config files, checksums after] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:153 Saturday 09 December 2023 05:55:34 +0000 (0:00:00.017) 0:00:26.668 ***** skipping: [sut] => { "changed": false, "false_condition": "__firewall_previous_replaced | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Calculate what has changed] ********* task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:163 Saturday 09 December 2023 05:55:34 +0000 (0:00:00.016) 0:00:26.684 ***** skipping: [sut] => { "changed": false, "false_condition": "__firewall_previous_replaced | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Show diffs] ************************* task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:169 Saturday 09 December 2023 05:55:34 +0000 (0:00:00.017) 0:00:26.702 ***** skipping: [sut] => { "false_condition": "__firewall_previous_replaced | bool" } TASK [Fail if ipset not removed] *********************************************** task path: /WORKDIR/git-weekly-cis_1i3qav/tests/tests_ipsets.yml:195 Saturday 09 December 2023 05:55:34 +0000 (0:00:00.017) 0:00:26.719 ***** ok: [sut] => { "changed": false, "cmd": "set -o pipefail\nfirewall-cmd --permanent --get-ipsets | grep \"customipset\"\n", "delta": "0:00:00.311885", "end": "2023-12-09 05:55:34.949265", "failed_when_result": false, "rc": 1, "start": "2023-12-09 05:55:34.637380" } MSG: non-zero return code TASK [Remove custom ipset again] *********************************************** task path: /WORKDIR/git-weekly-cis_1i3qav/tests/tests_ipsets.yml:204 Saturday 09 December 2023 05:55:34 +0000 (0:00:00.472) 0:00:27.192 ***** TASK [fedora.linux_system_roles.firewall : Setup firewalld] ******************** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:2 Saturday 09 December 2023 05:55:35 +0000 (0:00:00.098) 0:00:27.291 ***** included: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml for sut TASK [fedora.linux_system_roles.firewall : Ensure ansible_facts used by role] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:2 Saturday 09 December 2023 05:55:35 +0000 (0:00:00.022) 0:00:27.313 ***** skipping: [sut] => { "changed": false, "false_condition": "__firewall_required_facts | difference(ansible_facts.keys() | list) | length > 0", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Check if system is ostree] ********** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:10 Saturday 09 December 2023 05:55:35 +0000 (0:00:00.021) 0:00:27.335 ***** skipping: [sut] => { "changed": false, "false_condition": "not __firewall_is_ostree is defined", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Set flag to indicate system is ostree] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:15 Saturday 09 December 2023 05:55:35 +0000 (0:00:00.022) 0:00:27.357 ***** skipping: [sut] => { "changed": false, "false_condition": "not __firewall_is_ostree is defined", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Install firewalld] ****************** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:19 Saturday 09 December 2023 05:55:35 +0000 (0:00:00.011) 0:00:27.369 ***** ok: [sut] => { "changed": false, "rc": 0, "results": [ "firewalld-0.6.3-13.el7_9.noarch providing firewalld is already installed" ] } lsrpackages: firewalld TASK [fedora.linux_system_roles.firewall : Collect service facts] ************** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:5 Saturday 09 December 2023 05:55:35 +0000 (0:00:00.362) 0:00:27.731 ***** skipping: [sut] => { "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Attempt to stop and disable conflicting services] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:9 Saturday 09 December 2023 05:55:35 +0000 (0:00:00.019) 0:00:27.750 ***** skipping: [sut] => (item=nftables) => { "ansible_loop_var": "item", "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "item": "nftables", "skip_reason": "Conditional result was False" } skipping: [sut] => (item=iptables) => { "ansible_loop_var": "item", "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "item": "iptables", "skip_reason": "Conditional result was False" } skipping: [sut] => (item=ufw) => { "ansible_loop_var": "item", "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "item": "ufw", "skip_reason": "Conditional result was False" } skipping: [sut] => { "changed": false } MSG: All items skipped TASK [fedora.linux_system_roles.firewall : Unmask firewalld service] *********** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:22 Saturday 09 December 2023 05:55:35 +0000 (0:00:00.024) 0:00:27.774 ***** ok: [sut] => { "changed": false, "name": "firewalld", "status": { "ActiveEnterTimestamp": "Sat 2023-12-09 05:54:49 UTC", "ActiveEnterTimestampMonotonic": "445505242", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "basic.target polkit.service system.slice dbus.service", "AllowIsolate": "no", "AmbientCapabilities": "0", "AssertResult": "yes", "AssertTimestamp": "Sat 2023-12-09 05:54:48 UTC", "AssertTimestampMonotonic": "445126489", "Before": "multi-user.target network-pre.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "18446744073709551615", "BusName": "org.fedoraproject.FirewallD1", "CPUAccounting": "no", "CPUQuotaPerSecUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "18446744073709551615", "CanIsolate": "no", "CanReload": "yes", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "18446744073709551615", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Sat 2023-12-09 05:54:48 UTC", "ConditionTimestampMonotonic": "445126487", "Conflicts": "ipset.service iptables.service ip6tables.service ebtables.service shutdown.target", "ControlGroup": "/system.slice/firewalld.service", "ControlPID": "0", "DefaultDependencies": "yes", "Delegate": "no", "Description": "firewalld - dynamic firewall daemon", "DevicePolicy": "auto", "Documentation": "man:firewalld(1)", "EnvironmentFile": "/etc/sysconfig/firewalld (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "4650", "ExecMainStartTimestamp": "Sat 2023-12-09 05:54:48 UTC", "ExecMainStartTimestampMonotonic": "445134979", "ExecMainStatus": "0", "ExecReload": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStart": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; ignore_errors=no ; start_time=[Sat 2023-12-09 05:54:48 UTC] ; stop_time=[n/a] ; pid=4650 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/firewalld.service", "GuessMainPID": "yes", "IOScheduling": "0", "Id": "firewalld.service", "IgnoreOnIsolate": "no", "IgnoreOnSnapshot": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Sat 2023-12-09 05:54:48 UTC", "InactiveExitTimestampMonotonic": "445135029", "JobTimeoutAction": "none", "JobTimeoutUSec": "0", "KillMode": "mixed", "KillSignal": "15", "LimitAS": "18446744073709551615", "LimitCORE": "18446744073709551615", "LimitCPU": "18446744073709551615", "LimitDATA": "18446744073709551615", "LimitFSIZE": "18446744073709551615", "LimitLOCKS": "18446744073709551615", "LimitMEMLOCK": "65536", "LimitMSGQUEUE": "819200", "LimitNICE": "0", "LimitNOFILE": "4096", "LimitNPROC": "14311", "LimitRSS": "18446744073709551615", "LimitRTPRIO": "0", "LimitRTTIME": "18446744073709551615", "LimitSIGPENDING": "14311", "LimitSTACK": "18446744073709551615", "LoadState": "loaded", "MainPID": "4650", "MemoryAccounting": "no", "MemoryCurrent": "30760960", "MemoryLimit": "18446744073709551615", "MountFlags": "0", "Names": "firewalld.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PermissionsStartOnly": "no", "PrivateDevices": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "ProtectHome": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "Requires": "system.slice basic.target", "Restart": "no", "RestartUSec": "100ms", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "null", "StandardInput": "null", "StandardOutput": "null", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitInterval": "10000000", "StartupBlockIOWeight": "18446744073709551615", "StartupCPUShares": "18446744073709551615", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "no", "TasksCurrent": "2", "TasksMax": "18446744073709551615", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UMask": "0022", "UnitFilePreset": "enabled", "UnitFileState": "enabled", "WantedBy": "multi-user.target", "Wants": "network-pre.target", "WatchdogTimestamp": "Sat 2023-12-09 05:54:49 UTC", "WatchdogTimestampMonotonic": "445505154", "WatchdogUSec": "0" } } TASK [fedora.linux_system_roles.firewall : Enable and start firewalld service] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:28 Saturday 09 December 2023 05:55:35 +0000 (0:00:00.248) 0:00:28.023 ***** ok: [sut] => { "changed": false, "enabled": true, "name": "firewalld", "state": "started", "status": { "ActiveEnterTimestamp": "Sat 2023-12-09 05:54:49 UTC", "ActiveEnterTimestampMonotonic": "445505242", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "basic.target polkit.service system.slice dbus.service", "AllowIsolate": "no", "AmbientCapabilities": "0", "AssertResult": "yes", "AssertTimestamp": "Sat 2023-12-09 05:54:48 UTC", "AssertTimestampMonotonic": "445126489", "Before": "multi-user.target network-pre.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "18446744073709551615", "BusName": "org.fedoraproject.FirewallD1", "CPUAccounting": "no", "CPUQuotaPerSecUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "18446744073709551615", "CanIsolate": "no", "CanReload": "yes", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "18446744073709551615", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Sat 2023-12-09 05:54:48 UTC", "ConditionTimestampMonotonic": "445126487", "Conflicts": "ipset.service iptables.service ip6tables.service ebtables.service shutdown.target", "ControlGroup": "/system.slice/firewalld.service", "ControlPID": "0", "DefaultDependencies": "yes", "Delegate": "no", "Description": "firewalld - dynamic firewall daemon", "DevicePolicy": "auto", "Documentation": "man:firewalld(1)", "EnvironmentFile": "/etc/sysconfig/firewalld (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "4650", "ExecMainStartTimestamp": "Sat 2023-12-09 05:54:48 UTC", "ExecMainStartTimestampMonotonic": "445134979", "ExecMainStatus": "0", "ExecReload": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStart": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; ignore_errors=no ; start_time=[Sat 2023-12-09 05:54:48 UTC] ; stop_time=[n/a] ; pid=4650 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/firewalld.service", "GuessMainPID": "yes", "IOScheduling": "0", "Id": "firewalld.service", "IgnoreOnIsolate": "no", "IgnoreOnSnapshot": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Sat 2023-12-09 05:54:48 UTC", "InactiveExitTimestampMonotonic": "445135029", "JobTimeoutAction": "none", "JobTimeoutUSec": "0", "KillMode": "mixed", "KillSignal": "15", "LimitAS": "18446744073709551615", "LimitCORE": "18446744073709551615", "LimitCPU": "18446744073709551615", "LimitDATA": "18446744073709551615", "LimitFSIZE": "18446744073709551615", "LimitLOCKS": "18446744073709551615", "LimitMEMLOCK": "65536", "LimitMSGQUEUE": "819200", "LimitNICE": "0", "LimitNOFILE": "4096", "LimitNPROC": "14311", "LimitRSS": "18446744073709551615", "LimitRTPRIO": "0", "LimitRTTIME": "18446744073709551615", "LimitSIGPENDING": "14311", "LimitSTACK": "18446744073709551615", "LoadState": "loaded", "MainPID": "4650", "MemoryAccounting": "no", "MemoryCurrent": "30760960", "MemoryLimit": "18446744073709551615", "MountFlags": "0", "Names": "firewalld.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PermissionsStartOnly": "no", "PrivateDevices": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "ProtectHome": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "Requires": "system.slice basic.target", "Restart": "no", "RestartUSec": "100ms", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "null", "StandardInput": "null", "StandardOutput": "null", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitInterval": "10000000", "StartupBlockIOWeight": "18446744073709551615", "StartupCPUShares": "18446744073709551615", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "no", "TasksCurrent": "2", "TasksMax": "18446744073709551615", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UMask": "0022", "UnitFilePreset": "enabled", "UnitFileState": "enabled", "WantedBy": "multi-user.target", "Wants": "network-pre.target", "WatchdogTimestamp": "Sat 2023-12-09 05:54:49 UTC", "WatchdogTimestampMonotonic": "445505154", "WatchdogUSec": "0" } } TASK [fedora.linux_system_roles.firewall : Check if previous replaced is defined] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:34 Saturday 09 December 2023 05:55:36 +0000 (0:00:00.253) 0:00:28.277 ***** ok: [sut] => { "ansible_facts": { "__firewall_previous_replaced": false, "__firewall_python_cmd": "/usr/bin/python2", "__firewall_report_changed": true }, "changed": false } TASK [fedora.linux_system_roles.firewall : Get config files, checksums before and remove] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:43 Saturday 09 December 2023 05:55:36 +0000 (0:00:00.025) 0:00:28.303 ***** skipping: [sut] => { "changed": false, "false_condition": "__firewall_previous_replaced | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Tell firewall module it is able to report changed] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:55 Saturday 09 December 2023 05:55:36 +0000 (0:00:00.017) 0:00:28.320 ***** skipping: [sut] => { "changed": false, "false_condition": "__firewall_previous_replaced | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Configure firewall] ***************** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:71 Saturday 09 December 2023 05:55:36 +0000 (0:00:00.016) 0:00:28.337 ***** ok: [sut] => (item={'ipset': 'customipset', 'state': 'absent', 'permanent': True}) => { "__firewall_changed": false, "ansible_loop_var": "item", "changed": false, "item": { "ipset": "customipset", "permanent": true, "state": "absent" } } TASK [fedora.linux_system_roles.firewall : Gather firewall config information] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:120 Saturday 09 December 2023 05:55:36 +0000 (0:00:00.441) 0:00:28.778 ***** skipping: [sut] => (item={'ipset': 'customipset', 'state': 'absent', 'permanent': True}) => { "ansible_loop_var": "item", "changed": false, "false_condition": "'detailed' in fw[0]", "item": { "ipset": "customipset", "permanent": true, "state": "absent" }, "skip_reason": "Conditional result was False" } skipping: [sut] => { "changed": false } MSG: All items skipped TASK [fedora.linux_system_roles.firewall : Update firewalld_config fact] ******* task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:130 Saturday 09 December 2023 05:55:36 +0000 (0:00:00.037) 0:00:28.815 ***** skipping: [sut] => { "changed": false, "false_condition": "'detailed' in fw[0]", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Gather firewall config if no arguments] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:139 Saturday 09 December 2023 05:55:36 +0000 (0:00:00.031) 0:00:28.847 ***** skipping: [sut] => { "changed": false, "false_condition": "firewall == None or firewall | length == 0", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Update firewalld_config fact] ******* task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:144 Saturday 09 December 2023 05:55:36 +0000 (0:00:00.022) 0:00:28.869 ***** skipping: [sut] => { "changed": false, "false_condition": "firewall == None or firewall | length == 0", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Get config files, checksums after] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:153 Saturday 09 December 2023 05:55:36 +0000 (0:00:00.020) 0:00:28.890 ***** skipping: [sut] => { "changed": false, "false_condition": "__firewall_previous_replaced | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Calculate what has changed] ********* task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:163 Saturday 09 December 2023 05:55:36 +0000 (0:00:00.017) 0:00:28.908 ***** skipping: [sut] => { "changed": false, "false_condition": "__firewall_previous_replaced | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Show diffs] ************************* task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:169 Saturday 09 December 2023 05:55:36 +0000 (0:00:00.016) 0:00:28.925 ***** skipping: [sut] => { "false_condition": "__firewall_previous_replaced | bool" } TASK [Fail if not idempotent] ************************************************** task path: /WORKDIR/git-weekly-cis_1i3qav/tests/tests_ipsets.yml:214 Saturday 09 December 2023 05:55:36 +0000 (0:00:00.019) 0:00:28.944 ***** skipping: [sut] => { "changed": false, "false_condition": "result.changed | bool", "skip_reason": "Conditional result was False" } TASK [Cleanup] ***************************************************************** task path: /WORKDIR/git-weekly-cis_1i3qav/tests/tests_ipsets.yml:221 Saturday 09 December 2023 05:55:36 +0000 (0:00:00.017) 0:00:28.962 ***** TASK [fedora.linux_system_roles.firewall : Setup firewalld] ******************** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:2 Saturday 09 December 2023 05:55:36 +0000 (0:00:00.134) 0:00:29.097 ***** included: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml for sut TASK [fedora.linux_system_roles.firewall : Ensure ansible_facts used by role] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:2 Saturday 09 December 2023 05:55:36 +0000 (0:00:00.025) 0:00:29.122 ***** skipping: [sut] => { "changed": false, "false_condition": "__firewall_required_facts | difference(ansible_facts.keys() | list) | length > 0", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Check if system is ostree] ********** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:10 Saturday 09 December 2023 05:55:36 +0000 (0:00:00.021) 0:00:29.144 ***** skipping: [sut] => { "changed": false, "false_condition": "not __firewall_is_ostree is defined", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Set flag to indicate system is ostree] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:15 Saturday 09 December 2023 05:55:36 +0000 (0:00:00.015) 0:00:29.159 ***** skipping: [sut] => { "changed": false, "false_condition": "not __firewall_is_ostree is defined", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Install firewalld] ****************** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:19 Saturday 09 December 2023 05:55:36 +0000 (0:00:00.022) 0:00:29.181 ***** ok: [sut] => { "changed": false, "rc": 0, "results": [ "firewalld-0.6.3-13.el7_9.noarch providing firewalld is already installed" ] } lsrpackages: firewalld TASK [fedora.linux_system_roles.firewall : Collect service facts] ************** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:5 Saturday 09 December 2023 05:55:37 +0000 (0:00:00.400) 0:00:29.581 ***** skipping: [sut] => { "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Attempt to stop and disable conflicting services] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:9 Saturday 09 December 2023 05:55:37 +0000 (0:00:00.018) 0:00:29.600 ***** skipping: [sut] => (item=nftables) => { "ansible_loop_var": "item", "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "item": "nftables", "skip_reason": "Conditional result was False" } skipping: [sut] => (item=iptables) => { "ansible_loop_var": "item", "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "item": "iptables", "skip_reason": "Conditional result was False" } skipping: [sut] => (item=ufw) => { "ansible_loop_var": "item", "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "item": "ufw", "skip_reason": "Conditional result was False" } skipping: [sut] => { "changed": false } MSG: All items skipped TASK [fedora.linux_system_roles.firewall : Unmask firewalld service] *********** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:22 Saturday 09 December 2023 05:55:37 +0000 (0:00:00.021) 0:00:29.621 ***** ok: [sut] => { "changed": false, "name": "firewalld", "status": { "ActiveEnterTimestamp": "Sat 2023-12-09 05:54:49 UTC", "ActiveEnterTimestampMonotonic": "445505242", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "basic.target polkit.service system.slice dbus.service", "AllowIsolate": "no", "AmbientCapabilities": "0", "AssertResult": "yes", "AssertTimestamp": "Sat 2023-12-09 05:54:48 UTC", "AssertTimestampMonotonic": "445126489", "Before": "multi-user.target network-pre.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "18446744073709551615", "BusName": "org.fedoraproject.FirewallD1", "CPUAccounting": "no", "CPUQuotaPerSecUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "18446744073709551615", "CanIsolate": "no", "CanReload": "yes", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "18446744073709551615", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Sat 2023-12-09 05:54:48 UTC", "ConditionTimestampMonotonic": "445126487", "Conflicts": "ipset.service iptables.service ip6tables.service ebtables.service shutdown.target", "ControlGroup": "/system.slice/firewalld.service", "ControlPID": "0", "DefaultDependencies": "yes", "Delegate": "no", "Description": "firewalld - dynamic firewall daemon", "DevicePolicy": "auto", "Documentation": "man:firewalld(1)", "EnvironmentFile": "/etc/sysconfig/firewalld (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "4650", "ExecMainStartTimestamp": "Sat 2023-12-09 05:54:48 UTC", "ExecMainStartTimestampMonotonic": "445134979", "ExecMainStatus": "0", "ExecReload": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStart": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; ignore_errors=no ; start_time=[Sat 2023-12-09 05:54:48 UTC] ; stop_time=[n/a] ; pid=4650 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/firewalld.service", "GuessMainPID": "yes", "IOScheduling": "0", "Id": "firewalld.service", "IgnoreOnIsolate": "no", "IgnoreOnSnapshot": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Sat 2023-12-09 05:54:48 UTC", "InactiveExitTimestampMonotonic": "445135029", "JobTimeoutAction": "none", "JobTimeoutUSec": "0", "KillMode": "mixed", "KillSignal": "15", "LimitAS": "18446744073709551615", "LimitCORE": "18446744073709551615", "LimitCPU": "18446744073709551615", "LimitDATA": "18446744073709551615", "LimitFSIZE": "18446744073709551615", "LimitLOCKS": "18446744073709551615", "LimitMEMLOCK": "65536", "LimitMSGQUEUE": "819200", "LimitNICE": "0", "LimitNOFILE": "4096", "LimitNPROC": "14311", "LimitRSS": "18446744073709551615", "LimitRTPRIO": "0", "LimitRTTIME": "18446744073709551615", "LimitSIGPENDING": "14311", "LimitSTACK": "18446744073709551615", "LoadState": "loaded", "MainPID": "4650", "MemoryAccounting": "no", "MemoryCurrent": "30760960", "MemoryLimit": "18446744073709551615", "MountFlags": "0", "Names": "firewalld.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PermissionsStartOnly": "no", "PrivateDevices": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "ProtectHome": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "Requires": "system.slice basic.target", "Restart": "no", "RestartUSec": "100ms", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "null", "StandardInput": "null", "StandardOutput": "null", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitInterval": "10000000", "StartupBlockIOWeight": "18446744073709551615", "StartupCPUShares": "18446744073709551615", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "no", "TasksCurrent": "2", "TasksMax": "18446744073709551615", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UMask": "0022", "UnitFilePreset": "enabled", "UnitFileState": "enabled", "WantedBy": "multi-user.target", "Wants": "network-pre.target", "WatchdogTimestamp": "Sat 2023-12-09 05:54:49 UTC", "WatchdogTimestampMonotonic": "445505154", "WatchdogUSec": "0" } } TASK [fedora.linux_system_roles.firewall : Enable and start firewalld service] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:28 Saturday 09 December 2023 05:55:37 +0000 (0:00:00.236) 0:00:29.858 ***** ok: [sut] => { "changed": false, "enabled": true, "name": "firewalld", "state": "started", "status": { "ActiveEnterTimestamp": "Sat 2023-12-09 05:54:49 UTC", "ActiveEnterTimestampMonotonic": "445505242", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "basic.target polkit.service system.slice dbus.service", "AllowIsolate": "no", "AmbientCapabilities": "0", "AssertResult": "yes", "AssertTimestamp": "Sat 2023-12-09 05:54:48 UTC", "AssertTimestampMonotonic": "445126489", "Before": "multi-user.target network-pre.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "18446744073709551615", "BusName": "org.fedoraproject.FirewallD1", "CPUAccounting": "no", "CPUQuotaPerSecUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "18446744073709551615", "CanIsolate": "no", "CanReload": "yes", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "18446744073709551615", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Sat 2023-12-09 05:54:48 UTC", "ConditionTimestampMonotonic": "445126487", "Conflicts": "ipset.service iptables.service ip6tables.service ebtables.service shutdown.target", "ControlGroup": "/system.slice/firewalld.service", "ControlPID": "0", "DefaultDependencies": "yes", "Delegate": "no", "Description": "firewalld - dynamic firewall daemon", "DevicePolicy": "auto", "Documentation": "man:firewalld(1)", "EnvironmentFile": "/etc/sysconfig/firewalld (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "4650", "ExecMainStartTimestamp": "Sat 2023-12-09 05:54:48 UTC", "ExecMainStartTimestampMonotonic": "445134979", "ExecMainStatus": "0", "ExecReload": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStart": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; ignore_errors=no ; start_time=[Sat 2023-12-09 05:54:48 UTC] ; stop_time=[n/a] ; pid=4650 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/firewalld.service", "GuessMainPID": "yes", "IOScheduling": "0", "Id": "firewalld.service", "IgnoreOnIsolate": "no", "IgnoreOnSnapshot": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Sat 2023-12-09 05:54:48 UTC", "InactiveExitTimestampMonotonic": "445135029", "JobTimeoutAction": "none", "JobTimeoutUSec": "0", "KillMode": "mixed", "KillSignal": "15", "LimitAS": "18446744073709551615", "LimitCORE": "18446744073709551615", "LimitCPU": "18446744073709551615", "LimitDATA": "18446744073709551615", "LimitFSIZE": "18446744073709551615", "LimitLOCKS": "18446744073709551615", "LimitMEMLOCK": "65536", "LimitMSGQUEUE": "819200", "LimitNICE": "0", "LimitNOFILE": "4096", "LimitNPROC": "14311", "LimitRSS": "18446744073709551615", "LimitRTPRIO": "0", "LimitRTTIME": "18446744073709551615", "LimitSIGPENDING": "14311", "LimitSTACK": "18446744073709551615", "LoadState": "loaded", "MainPID": "4650", "MemoryAccounting": "no", "MemoryCurrent": "30760960", "MemoryLimit": "18446744073709551615", "MountFlags": "0", "Names": "firewalld.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PermissionsStartOnly": "no", "PrivateDevices": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "ProtectHome": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "Requires": "system.slice basic.target", "Restart": "no", "RestartUSec": "100ms", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "null", "StandardInput": "null", "StandardOutput": "null", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitInterval": "10000000", "StartupBlockIOWeight": "18446744073709551615", "StartupCPUShares": "18446744073709551615", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "no", "TasksCurrent": "2", "TasksMax": "18446744073709551615", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UMask": "0022", "UnitFilePreset": "enabled", "UnitFileState": "enabled", "WantedBy": "multi-user.target", "Wants": "network-pre.target", "WatchdogTimestamp": "Sat 2023-12-09 05:54:49 UTC", "WatchdogTimestampMonotonic": "445505154", "WatchdogUSec": "0" } } TASK [fedora.linux_system_roles.firewall : Check if previous replaced is defined] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:34 Saturday 09 December 2023 05:55:37 +0000 (0:00:00.238) 0:00:30.096 ***** ok: [sut] => { "ansible_facts": { "__firewall_previous_replaced": true, "__firewall_python_cmd": "/usr/bin/python2", "__firewall_report_changed": true }, "changed": false } TASK [fedora.linux_system_roles.firewall : Get config files, checksums before and remove] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:43 Saturday 09 December 2023 05:55:37 +0000 (0:00:00.046) 0:00:30.143 ***** ok: [sut] => { "changed": false, "rc": 0 } STDERR: Shared connection to 10.31.43.224 closed. TASK [fedora.linux_system_roles.firewall : Tell firewall module it is able to report changed] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:55 Saturday 09 December 2023 05:55:38 +0000 (0:00:00.295) 0:00:30.439 ***** ok: [sut] => { "ansible_facts": { "__firewall_report_changed": true }, "changed": false } TASK [fedora.linux_system_roles.firewall : Configure firewall] ***************** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:71 Saturday 09 December 2023 05:55:38 +0000 (0:00:00.025) 0:00:30.464 ***** skipping: [sut] => { "changed": false, "skipped_reason": "No items in the list" } TASK [fedora.linux_system_roles.firewall : Gather firewall config information] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:120 Saturday 09 December 2023 05:55:38 +0000 (0:00:00.034) 0:00:30.498 ***** skipping: [sut] => { "changed": false, "skipped_reason": "No items in the list" } TASK [fedora.linux_system_roles.firewall : Update firewalld_config fact] ******* task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:130 Saturday 09 December 2023 05:55:38 +0000 (0:00:00.038) 0:00:30.536 ***** skipping: [sut] => { "changed": false, "false_condition": "'detailed' in fw[0]", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Gather firewall config if no arguments] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:139 Saturday 09 December 2023 05:55:38 +0000 (0:00:00.041) 0:00:30.578 ***** skipping: [sut] => { "changed": false, "false_condition": "firewall == None or firewall | length == 0", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Update firewalld_config fact] ******* task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:144 Saturday 09 December 2023 05:55:38 +0000 (0:00:00.028) 0:00:30.607 ***** skipping: [sut] => { "changed": false, "false_condition": "firewall == None or firewall | length == 0", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Get config files, checksums after] *** task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:153 Saturday 09 December 2023 05:55:38 +0000 (0:00:00.032) 0:00:30.640 ***** ok: [sut] => { "changed": false, "rc": 0 } STDERR: Shared connection to 10.31.43.224 closed. TASK [fedora.linux_system_roles.firewall : Calculate what has changed] ********* task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:163 Saturday 09 December 2023 05:55:38 +0000 (0:00:00.290) 0:00:30.930 ***** ok: [sut] => { "ansible_facts": { "firewall_lib_result": { "changed": false } }, "changed": false } TASK [fedora.linux_system_roles.firewall : Show diffs] ************************* task path: /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:169 Saturday 09 December 2023 05:55:38 +0000 (0:00:00.025) 0:00:30.956 ***** skipping: [sut] => { "false_condition": "__firewall_debug | d(false)" } PLAY RECAP ********************************************************************* sut : ok=94 changed=7 unreachable=0 failed=0 skipped=178 rescued=0 ignored=0 Saturday 09 December 2023 05:55:38 +0000 (0:00:00.034) 0:00:30.991 ***** =============================================================================== Verify changes ---------------------------------------------------------- 0.97s /WORKDIR/git-weekly-cis_1i3qav/tests/tests_ipsets.yml:115 --------------------- fedora.linux_system_roles.firewall : Get config files, checksums before and remove --- 0.84s /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:43 fedora.linux_system_roles.firewall : Configure firewall ----------------- 0.84s /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:71 Gathering Facts --------------------------------------------------------- 0.83s /WORKDIR/git-weekly-cis_1i3qav/tests/tests_ipsets.yml:2 ----------------------- fedora.linux_system_roles.firewall : Configure firewall ----------------- 0.73s /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:71 fedora.linux_system_roles.firewall : Configure firewall ----------------- 0.71s /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:71 fedora.linux_system_roles.firewall : Configure firewall ----------------- 0.70s /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:71 Get all ipsets ---------------------------------------------------------- 0.54s /WORKDIR/git-weekly-cis_1i3qav/tests/tests_ipsets.yml:19 ---------------------- fedora.linux_system_roles.firewall : Install firewalld ------------------ 0.52s /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:19 fedora.linux_system_roles.firewall : Configure firewall ----------------- 0.48s /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:71 Check that custom ipset not removed ------------------------------------- 0.47s /WORKDIR/git-weekly-cis_1i3qav/tests/tests_ipsets.yml:88 ---------------------- Fail if ipset not removed ----------------------------------------------- 0.47s /WORKDIR/git-weekly-cis_1i3qav/tests/tests_ipsets.yml:195 --------------------- Fail if ipset not added ------------------------------------------------- 0.47s /WORKDIR/git-weekly-cis_1i3qav/tests/tests_ipsets.yml:45 ---------------------- fedora.linux_system_roles.firewall : Configure firewall ----------------- 0.47s /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:71 Fail if entry not added to ipset ---------------------------------------- 0.47s /WORKDIR/git-weekly-cis_1i3qav/tests/tests_ipsets.yml:54 ---------------------- fedora.linux_system_roles.firewall : Install firewalld ------------------ 0.47s /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:19 Check that entry has been removed --------------------------------------- 0.46s /WORKDIR/git-weekly-cis_1i3qav/tests/tests_ipsets.yml:97 ---------------------- fedora.linux_system_roles.firewall : Configure firewall ----------------- 0.46s /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:71 fedora.linux_system_roles.firewall : Configure firewall ----------------- 0.46s /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:71 fedora.linux_system_roles.firewall : Configure firewall ----------------- 0.46s /WORKDIR/git-weekly-cis_1i3qav/.collection/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:71 ---^---^---^---^---^--- # STDERR: ---v---v---v---v---v--- [DEPRECATION WARNING]: ANSIBLE_COLLECTIONS_PATHS option, does not fit var naming standard, use the singular form ANSIBLE_COLLECTIONS_PATH instead. This feature will be removed from ansible-core in version 2.19. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. ---^---^---^---^---^---