UBUNTU22-CIS 'audit_bin' is undefined

[txsastre]

Describe the Issue
when trying to execute UBUNTU22-CIS with
/defaults/main.yml

# enable audits to run - this runs the audit and get the latest content
run_audit: true

The Ansible controller has installed goss VERSION v0.4.6

As the environment has a very restricted internet access, the idea is to copy goss from ansible controller to the clients, so the playbook can do the audit. Well I think this is how it's supposed to work, but is not.

The main.yml file (goss related modified)
/defaults/main.yml

##########################################
### Goss is required on the remote host ###
## Refer to vars/auditd.yml for any other settings ##

# Allow audit to setup the requirements including installing git (if option chosen and downloading and adding goss binary to system)
setup_audit: false

# enable audits to run - this runs the audit and get the latest content
run_audit: true

# Only run Audit do not remediate
audit_only: true
# As part of audit_only
# This will enable files to be copied back to control node
fetch_audit_files: true
# Path to copy the files to will create dir structure
audit_capture_files_dir:  /home/ansibleemer/ansible/hardening/log

# How to retrieve audit binary
# Options are copy or download - detailed settings at the bottom of this file
# you will need to access to either github or the file already dowmloaded
get_audit_binary_method: copy

## if get_audit_binary_method - copy the following needs to be updated for your environment
## it is expected that it will be copied from somewhere accessible to the control node
## e.g copy from ansible control node to remote host
audit_bin_copy_location: /usr/local/bin/goss

# how to get audit files onto host options
# options are git/copy/get_url other e.g. if you wish to run from already downloaded conf
audit_content: copy

# archive or copy:
audit_conf_copy: "some path to copy from"

# get_url:
audit_files_url: "some url maybe s3?"

# Run heavy tests - some tests can have more impact on a system enabling these can have greater impact on a system
audit_run_heavy_tests: true

# This variable specifies the timeout (in ms) for audit commands that
# take a very long time: if a command takes too long to complete,
# it will be forcefully terminated after the specified duration.
audit_cmd_timeout: 120000

### End Goss enablements ####

Expected Behavior
that the audit worked

Actual Behavior
getting this error

TASK [/home/ansibleemer/hardening/UBUNTU22-CIS-devel : Post Audit | Run post_remediation UBUNTU22-CIS audit] *****************************
fatal: [X-UBU-2]: FAILED! => {"msg": "The field 'environment' has an invalid value, which includes an undefined variable. The error was: 'audit_bin' is undefined. 'audit_bin' is undefined\n\nThe error appears to be in '/home/ansibleemer/hardening/UBUNTU22-CIS-devel/tasks/post_remediation_audit.yml': line 2, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n---\n- name: Post Audit | Run post_remediation {{ benchmark }} audit\n  ^ here\nWe could be wrong, but this one looks like it might be an issue with\nmissing quotes. Always quote template expression brackets when they\nstart a value. For instance:\n\n    with_items:\n      - {{ foo }}\n\nShould be written as:\n\n    with_items:\n      - \"{{ foo }}\"\n"}

Environment (please complete the following information):

• using UBUNTU22-CIS
• devel
• ansible [core 2.16.5]
• Python 3.10.12

Additional Notes
added this task in post_remediation_audit.yml to see the value, but none received

- name: Debug | Print audit_bin value
  ansible.builtin.debug:
    msg: "The value of audit_bin is {{ audit_bin }}"

Possible Solution
trace audit_bin if there's a mistake o maybe my configuration.

[uk-bolly]

hi @txsastre

Thank you for this and the discussions on discord, I hope the new branch issue_223, resolved this issue.

many thanks

uk-bolly