Ubuntu 22 CIS Hardened Image Fails to Build

[Rovinovic]

Trying to build the this image from Image template with the below details,

Publisher: center-for-internet-security-inc
SKU: cis-ubuntu-linux-2204-l1-gen2
Offer: cis-ubuntu-linux-2204-l1

This is reproducible by other members of my team.
Build fails with packer error logs. Attaching the packer error logs for more details.

Could you provide any guidelines on how to build the latest CIS hardened images from Marketplace?

customization(1).log
customization.log

[Poltergeisen]

We are also running into this issue @Rovinovic, did you ever figure out a solution?

[inaun]

Did anyone ever find a resolution to this? We have been successfully deploying the stig hardened image, but now that has been removed from the marketplace so can no longer be used. The level 1 images will not deploy with image builder, resulting in errors in the packer logs. From what I can tell, the level 1 hardening turns off ssh, which is required for successful deployment.

[ThierryJones21]

I am also running into the CIS issue: chmod +x /tmp/script_4100.sh; sudo '/tmp/script_4100.sh' with this Image Template specs:

"type": "PlatformImage", "publisher": "Canonical", "offer": "0001-com-ubuntu-server-jammy", "sku": "22_04-lts", "version": "latest"
Trying to install az cli in the customizer script:
"customize": [ { "type": "Shell", "name": "Download Azure Client", "inline": [ "set -e", "set -x", "export DEBIAN_FRONTEND=noninteractive", "echo 'Updating package lists...'", "for i in {1..3}; do timeout 300s sudo apt-get update && break || echo \"Attempt $i failed. Retrying...\"; if [ \"$i\" -eq 3 ]; then echo \"apt-get update failed after 3 attempts. Exiting.\"; exit 1; fi; done", "echo 'Installing required packages...'", "for i in {1..3}; do timeout 300s sudo apt-get install --assume-yes --no-install-recommends apt-transport-https ca-certificates curl gnupg lsb-release && break || echo \"Attempt $i failed. Retrying...\"; if [ \"$i\" -eq 3 ]; then echo \"apt-get install failed after 3 attempts. Exiting.\"; exit 1; fi; done", "echo 'Setting up Azure CLI...'", "sudo mkdir -p /etc/apt/keyrings", "timeout 300s curl -sLS https://packages.microsoft.com/keys/microsoft.asc | sudo gpg --dearmor > /etc/apt/keyrings/microsoft.gpg || { echo 'Failed to download Microsoft key'; exit 1; }", "sudo chmod go+r /etc/apt/keyrings/microsoft.gpg", "echo 'Configuring Azure CLI repository...'", "echo 'Types: deb\nURIs: https://packages.microsoft.com/repos/azure-cli/\nSuites: jammy\nComponents: main\nArchitectures: amd64\nSigned-by: /etc/apt/keyrings/microsoft.gpg' | sudo tee /etc/apt/sources.list.d/azure-cli.sources", "echo 'Updating package lists (Azure CLI)...'", "for i in {1..3}; do timeout 300s sudo apt-get update && break || echo \"Attempt $i failed. Retrying...\"; if [ \"$i\" -eq 3 ]; then echo \"apt-get update (Azure CLI) failed after 3 attempts. Exiting.\"; exit 1; fi; done", "echo 'Installing Azure CLI...'", "for i in {1..3}; do timeout 300s sudo apt-get install --assume-yes azure-cli && break || echo \"Attempt $i failed. Retrying...\"; if [ \"$i\" -eq 3 ]; then echo \"Azure CLI installation failed after 3 attempts. Exiting.\"; exit 1; fi; done", "echo 'Adding Azure DevOps extension to Azure CLI...'", } ]