On 12/17/20 5:05 PM, Roberto Paz wrote: > Maybe some of the files are missing in the target. If that's the case, there > is no "stat" for that file. >
That's not true. If a file is missing you have stat.exists = false in the
result.
The problem here is that the stat task is called in a loop, while set_fact is
called without a loop.
Regards
Racke
> Maybe you should add "audit_tools.stat is defined and audit_tools.stat.mode
> != '0755'"
> El miércoles, 16 de diciembre de 2020 a la(s) 17:09:12 UTC-6,
> [email protected] escribió:
>
> Hi all,
>
> I'm try to use the Loop and Stat modules instead Shell command with
> Ansible playbook.
> Whenever I run the playbook with --check, I always get the 'Pass'
> message.
>
> The error was: error while evaluating conditional (audit_tools.stat.mode
> != '0755'): 'dict object' has no attribute
> 'stat'\n\n
>
> I need help.
>
>
> Thanks
> ===========================================================
>
> ---
>
> - set_fact:
> stig_id: V-219195
> stig_text: "FAILED. Audit tools aren't configured with mode of 0755
> or less permissive."
>
> - local_action: lineinfile regexp='^V-219195' path="{{ output_path }}"
> state=absent
>
> - name: Ensure audit tools have 0755 permissions.
> block:
> - name: check audit tools permissions.
> become: true
> stat:
> path: "/sbin/{{ audit_loop }}"
> loop:
> - auditctl
> - aureport
> - ausearch
> - autrace
> - auditd
> - audispd
> - augenrules
> loop_control:
> loop_var: audit_loop
> register: audit_tools
>
> - set_fact:
> stig_text: "{{ stig_id }} FAILED. Audit tools don't have 0755
> permissions."
> when: audit_tools.stat.mode != '0755'
>
> - set_fact:
> stig_text: "PASSED"
>
>
> rescue:
>
> - name: change the audit tools' permissions to 0755.
> become: true
> file:
> path: "/sbin/{{ item.audit_loop }}"
> mode: 0755
> state: "{{ 'file' if item.stat.exists else 'touch' }}"
> loop: "{{ audit_tools.results }}"
> register: file_perms_rule
>
> - set_fact:
> stig_text: "PASSED"
> when: file_perms_rule.changed
>
> - debug:
> msg: "{{ stig_id }} {{ stig_text }}"
>
> always:
> - local_action: lineinfile line="{{ stig_id }} {{ stig_text }}"
> path="{{ output_path }}" create=yes
>
>
>
>
>
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to
> [email protected]
> <mailto:[email protected]>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/3138f57f-49a7-4537-92a5-9524f2feba24n%40googlegroups.com
> <https://groups.google.com/d/msgid/ansible-project/3138f57f-49a7-4537-92a5-9524f2feba24n%40googlegroups.com?utm_medium=email&utm_source=footer>.
--
Ecommerce and Linux consulting + Perl and web application programming.
Debian and Sympa administration. Provisioning with Ansible.
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/d58f5254-c2b2-6459-0df3-1a159c7661c7%40linuxia.de.
OpenPGP_signature
Description: OpenPGP digital signature
