PowerStig icon indicating copy to clipboard operation
PowerStig copied to clipboard
verified publisher icon microsoft

RHEL STIG .mof file exceeds file size limit for OMI in default format

Open Fall3nSp0rk opened this issue 4 years ago • 1 comments

Describe the bug When using the powerstig for linux module, the default encoding for .mof files exceeds the maximum file size limit for OMI on the target machine - file size limit is 256kb, .mof file is !330kb, resulting in the following error:

2021/06/21 15:19:45 [14197,14197] WARNING: null(0): EventId=30110 Priority=WARNING Sock_WriteV: Error 32
2021/06/21 15:19:45 [14197,14197] WARNING: null(0): EventId=30114 Priority=WARNING (E)Socket: 0x1ccf840, Error: 1 while sending

To Reproduce

  1. on the DSC controller, execute the following:
configuration RHEL7Baseline
{
   param
   (
       [parameter()]
       [string]
       $NodeName = '<name-of-rhel-7-server>'
   )

   Import-DscResource -ModuleName PowerStig

   Node $NodeName
	{
	RHEL BaseLine
           {
               OsVersion = '7'
               StigVersion = '3.2'
               SkipRule = 'V-204447, V-204623'
       }
   }
}
  1. join rhel server to the same domain as DSC controller using realm join -U
  2. on dsc controller, execute the following in powershell:
$Node = "<name-of-rhel-7-server>"
$Credential = Get-Credential -UserName "root" -Message "Enter Password:"

#Ignore SSL certificate validation
$opt = New-CimSessionOption -UseSsl -SkipCACheck -SkipCNCheck -SkipRevocationCheck

#Options for a trusted SSL certificate
#$opt = New-CimSessionOption -UseSsl

$sessParams = @{
    Credential = $credential
    ComputerName = $Node
    Port = 5986
    Authentication = 'basic'
    SessionOption = $opt
    OperationTimeoutSec = 90
}

$Sess = New-CimSession @sessParams
Start-DscConfiguration -CimSession $Sess -Path "C:\DSC\RHEL7Baseline"  -Wait -Verbose -Force
  1. Receive the following error message on powershell:
VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = SendConfigurationApply,'className' = MSFT_DSCLocalConfigurationManager,'namespaceName' = root/Microsoft/Windows/DesiredStateConfiguration'.
A general error occurred, not covered by a more specific error code.
    + CategoryInfo          : NotSpecified: (root/Microsoft/...gurationManager:String) [], CimException
    + FullyQualifiedErrorId : OMI:MI_Result:1
    + PSComputerName        : <redacted>
  1. the following error message on the target:
2021/06/21 15:19:45 [14197,14197] WARNING: null(0): EventId=30016 Priority=WARNING (E)Protocol _RequestCallback: _RequestCallbackWrite fails for ProtocolSocket 0x1c563e0
2021/06/21 15:19:45 [14197,14197] WARNING: null(0): EventId=30110 Priority=WARNING Sock_WriteV: Error 32
2021/06/21 15:19:45 [14197,14197] WARNING: null(0): EventId=30114 Priority=WARNING (E)Socket: 0x1ccf840, Error: 1 while sending

Workaround: after generation of .mof file, change encoding to UTF-8, which reduces file size by half.

Expected behavior DSC Configuration to apply normally, or to give a more specific error messae.

Screenshots n/a

Additional context

Fall3nSp0rk avatar Jun 21 '21 15:06 Fall3nSp0rk

Hello @Fall3nSp0rk ,

This is a limitation with a resource outside of PowerSTIG that has been documented in our wiki : https://github.com/Microsoft/PowerStig/wiki/PowerSTIG-&-Desired-State-Configuration-for-Linux#mof-file-size-limitation

Thanks,

Eric

erjenkin avatar Aug 20 '21 12:08 erjenkin