Automation Controller must be capable of reverting to the last known good configuration in the event of failed installations and upgrades.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-256904	APAS-AT-000044	SV-256904r902282_rule		Medium

Description
Any changes to the components of Automation Controller can have significant effects on the overall security of the system. In order to ensure a prompt response to failed application installations and application server upgrades, Automation Controller must provide an automated rollback capability that allows Automation Controller to be restored to a previous known good configuration state prior to the application installation or application server upgrade.

Description

Any changes to the components of Automation Controller can have significant effects on the overall security of the system. In order to ensure a prompt response to failed application installations and application server upgrades, Automation Controller must provide an automated rollback capability that allows Automation Controller to be restored to a previous known good configuration state prior to the application installation or application server upgrade.

STIG	Date
Red Hat Ansible Automation Controller Application Server Security Technical Implementation Guide	2023-08-29

Details

Check Text ( C-60579r902280_chk )
The administrator must make a backup of the last known good configuration of the Automation Controller on each host. Locate the installer bundle directory that contains the inventory file used to install Ansible Automation Platform. Verify a backup of the last known good configuration has been made and stored in accordance with the Automation Controller Documentation and organizationally defined policy: https://docs.ansible.com/automation-controller/latest/html/administration/backup_restore.html If no such backup has been made, this is a finding.

Check Text ( C-60579r902280_chk )

The administrator must make a backup of the last known good configuration of the Automation Controller on each host.

Locate the installer bundle directory that contains the inventory file used to install Ansible Automation Platform.

Verify a backup of the last known good configuration has been made and stored in accordance with the Automation Controller Documentation and organizationally defined policy:
https://docs.ansible.com/automation-controller/latest/html/administration/backup_restore.html

If no such backup has been made, this is a finding.

Fix Text (F-60521r902281_fix)
As System Administrator login to the Controller. Locate the installer bundle directory that contains the inventory file used to install Ansible Automation Platform. From there, run the setup.sh command with the "-b" option to perform a backup. Example: "[[installation directory]]/setup.sh -b" Note: To revert from a backup, refer to: https://docs.ansible.com/automation-controller/latest/html/administration/backup_restore.html

Fix Text (F-60521r902281_fix)

As System Administrator login to the Controller. Locate the installer bundle directory that contains the inventory file used to install Ansible Automation Platform. From there, run the setup.sh command with the "-b" option to perform a backup.
Example: "[[installation directory]]/setup.sh -b"

Note: To revert from a backup, refer to:
https://docs.ansible.com/automation-controller/latest/html/administration/backup_restore.html