Maybe some of the files are missing in the target. If that's the case, there is no "stat" for that file.
Maybe you should add "audit_tools.stat is defined and audit_tools.stat.mode != '0755'" El miércoles, 16 de diciembre de 2020 a la(s) 17:09:12 UTC-6, [email protected] escribió: > Hi all, > > I'm try to use the Loop and Stat modules instead Shell command with > Ansible playbook. > Whenever I run the playbook with --check, I always get the 'Pass' message. > > The error was: error while evaluating conditional (audit_tools.stat.mode > != '0755'): 'dict object' has no attribute 'stat'\n\n > > I need help. > > > Thanks > =========================================================== > > --- > > - set_fact: > stig_id: V-219195 > > stig_text: "FAILED. Audit tools aren't configured with mode of 0755 or > less permissive." > > > - local_action: lineinfile regexp='^V-219195' path="{{ output_path }}" > state=absent > > - name: Ensure audit tools have 0755 permissions. > block: > - name: check audit tools permissions. > become: true > stat: > path: "/sbin/{{ audit_loop }}" > loop: > - auditctl > - aureport > - ausearch > - autrace > - auditd > - audispd > - augenrules > loop_control: > loop_var: audit_loop > register: audit_tools > > - set_fact: > > stig_text: "{{ stig_id }} FAILED. Audit tools don't have 0755 > permissions." > when: audit_tools.stat.mode != '0755' > > - set_fact: > stig_text: "PASSED" > > > rescue: > > - name: change the audit tools' permissions to 0755. > become: true > file: > path: "/sbin/{{ item.audit_loop }}" > mode: 0755 > state: "{{ 'file' if item.stat.exists else 'touch' }}" > loop: "{{ audit_tools.results }}" > register: file_perms_rule > > - set_fact: > stig_text: "PASSED" > when: file_perms_rule.changed > > - debug: > msg: "{{ stig_id }} {{ stig_text }}" > > always: > > - local_action: lineinfile line="{{ stig_id }} {{ stig_text }}" path="{{ > output_path }}" create=yes > > > > > > > > > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/3138f57f-49a7-4537-92a5-9524f2feba24n%40googlegroups.com.
