Watchmaker

Latest version: v0.28.5

Safety actively analyzes 685670 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 17 of 40

2017.07.08

**Summary**:

* [[Issue 341][341]][[PR 342][342]] Manages selinux around salt state
execution. In some non-interactive execution scenarios, if selinux is
enforcing it can interfere with the execution of privileged commands (that
otherwise work fine when executed interactively). Watchmaker now detects if
selinux is enforcing and temporarily sets it to permissive for the duration
of the salt state execution

[342]: https://github.com/plus3it/watchmaker/pull/342
[341]: https://github.com/plus3it/watchmaker/issues/341

2017.06.27

**Summary**:

* [[Issue 331][331]][[PR 332][332]] Writes the `role` grain to the key
expected by the ash-windows formula. Fixes usage of the `--ash-role` option
in the salt worker
* [[Issue 329][329]][[PR 330][330]] Outputs watchmaker version at the debug
log level
* [[Issue 322][322]][[PR 323][323]][[PR 324][324]] Fixes py2/py3
compatibility bug in how the yum worker handles file opening to check the
Linux distro
* [[Issue 316][316]][[PR 320][320]] Improves logging when salt state
execution fails due to failed a state. The salt output is now returned to
the salt worker, which processes the output, identifies the failed state,
and raises an exception with the state failure
* join-domain-formula
* (Linux) Reworks the pbis config states to make the logged output more
readable

[332]: https://github.com/plus3it/watchmaker/pull/332
[331]: https://github.com/plus3it/watchmaker/issues/331
[330]: https://github.com/plus3it/watchmaker/pull/330
[329]: https://github.com/plus3it/watchmaker/issues/329
[324]: https://github.com/plus3it/watchmaker/pull/324
[323]: https://github.com/plus3it/watchmaker/pull/323
[322]: https://github.com/plus3it/watchmaker/issues/322
[320]: https://github.com/plus3it/watchmaker/pull/320
[316]: https://github.com/plus3it/watchmaker/issues/316

2017.05.30

**Summary**:

* join-domain-formula
* (Linux) Ignores a bad exit code from pbis config utility. The utility
will return exit code 5 when modifying the NssEnumerationEnabled
setting, but still sets the requested value. This exit code is now
ignored

2017.05.25

**Summary**:

* name-computer-formula
* (Linux) Uses an alternate method of working around a bad code-path in
salt that does not handle quoted values in /etc/sysconfig/network.

2017.05.19

**Summary**:

* [[PR 301][301]] Sets the grains for admin_groups and admin_users so the
keys are named as expected by the join-domain formula
* ash-linux-formula
* Adds a custom module that lists users from the shadow file
* Gets local users from the shadow file rather than `user.list_users`.
Prevents a domain-joined system from attempting to iterate over all
domain users (and potentially deadlocking on especially large domains)
* join-domain-formula
* Modifies PBIS install method to use RPMs directly, rather than the
SHAR installer
* Updates approaches to checking for collisions and current join status
to better handle various scenarios: not joined, no collision; not
joined, collision; joined, computer object present; joined, computer
object missing
* Disables NSS enumeration to prevent PBIS from querying user info from
the domain for every call to getent (or equivalents); domain-based
user authentication still works fine
* name-computer-formula
* (Linux) Does not attempt to retain network settings, to avoid a bug in
salt; will be revisited when a patched salt version has been released

[301]: https://github.com/plus3it/watchmaker/pull/301

2017.05.09

**Summary**:

* (EL7) Running _watchmaker_ against EL7 systems will now pin the resulting
configuration to the watchmaker version. See the updates to the two
formulas in this version. Previously, _ash-linux_ always used the content
from the `scap-security-guide` rpm, which was updated out-of-sync with
_watchmaker_, and so the resulting configuration could not be pinned by
pinning the _watchmaker_ version. With this version, _ash-linux_ uses
content distributed by _watchmaker_, via _scap-formula_, and so the
resulting configuration will always be same on EL7 for a given version of
_watchmaker_ (as has always been the case for the other supported
operating systems).
* ash-linux-formula
* Supports getting scap content locations from pillar
* scap-formula
* Updates stig content with latest benchmark versions
* Adds openscap ds.xml content, used to support remediate actions

Page 17 of 40

Links

Releases

Has known vulnerabilities

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.