OS version checking

[vds]

Is the following line supposed to stop the playbook if applied to something different than Debian stretch?

https://github.com/florianutz/Debian9-CIS/blob/master/tasks/main.yml#L8

I'm running the playbook against Debian 10, Buster, there are a few weird things that I still need to triage, but the playbook gets applied.

I run the task through the debug, that's what I get:

ASK [Debian9-CIS : Check OS version and family] ***********************************************************************
task path: /home/debian/Debian9_CIS/Debian9-CIS/tasks/main.yml:3                                                       
ok: [localhost] => {
    "msg": "ansible_distribution = Debian, ansible_distribution_release = buster"                                      
}

Probably the code should look like:

- name: Check OS version and family
  fail:
      msg: "This role can only be run against Debian stretch. {{ ansible_distribution }} {{ ansible_distribution_release }} is not supported."
  when: (ansible_distribution != "Debian") or
        (ansible_distribution_release != "stretch")
  tags:
      - always
          

[rmbleeker]

No, this Ansible role is tailored specifically to Debian 9 "Stretch". Sure it may work on Buster, but that needs to be tested thoroughly and also the CIS-CAT requirements for Buster may have changed. I suggest forking this repo and then tailoring the fork to Debian 10 "Buster".

[vds]

@rmbleeker, thanks for your reply. I tried to apply to playbook to Debian 10 Buster, I was expecting it to fail, but the playbook was actually applied.
What I'm saying is that the current check does not seem to work.
With the changes I proposed, when I try to apply the playbook to Debian 10 Buster, it fails and return a message.

[rmbleeker]

I see what you mean now, also the message still speaks of Ubuntu while the checks are for Debian. So I agree with your changes, you should probably make a pull request.

[vds]

Will do ASAP, thanks.