Another issue, when all the files have proper permissions, then the
playbook would give me the result as 'Failed.'
This is the opposite of what I want.
TASK [debug]
***********************************************************************************************
ok: [localhost] => {
"msg": "V-219195 FAILED. Audit tools aren't configured with mode of
0755 or less permissive."
On Thursday, December 17, 2020 at 3:21:07 PM UTC-5 Thuan wrote:
> Hi all,
>
> So I made a slight chance, I added "failed_when: audit_tools.stat.mode !=
> '0755'' below 'register' module and the error message went away.
> By the way, all files are exist.
> I changed two files chmod to 0640 for testing purpose.
> However, I still get the 'Passed' as a result when I ran the --check mode.
>
>
>
> On Thursday, December 17, 2020 at 11:31:00 AM UTC-5 [email protected]
> wrote:
>
>> On 12/17/20 5:05 PM, Roberto Paz wrote:
>> > Maybe some of the files are missing in the target. If that's the case,
>> there is no "stat" for that file.
>> >
>>
>> That's not true. If a file is missing you have stat.exists = false in the
>> result.
>>
>> The problem here is that the stat task is called in a loop, while
>> set_fact is called without a loop.
>>
>> Regards
>> Racke
>>
>> > Maybe you should add "audit_tools.stat is defined and
>> audit_tools.stat.mode != '0755'"
>> > El miércoles, 16 de diciembre de 2020 a la(s) 17:09:12 UTC-6,
>> [email protected] escribió:
>> >
>> > Hi all,
>> >
>> > I'm try to use the Loop and Stat modules instead Shell command with
>> Ansible playbook.
>> > Whenever I run the playbook with --check, I always get the 'Pass'
>> message.
>> >
>> > The error was: error while evaluating conditional
>> (audit_tools.stat.mode != '0755'): 'dict object' has no attribute
>> > 'stat'\n\n
>> >
>> > I need help.
>> >
>> >
>> > Thanks
>> > ===========================================================
>> >
>> > ---
>> >
>> > - set_fact:
>> > stig_id: V-219195
>> >
>> stig_text: "FAILED. Audit tools aren't configured with mode of 0755 or
>> less permissive."
>>
>> >
>> >
>> - local_action: lineinfile regexp='^V-219195' path="{{ output_path }}"
>> state=absent
>>
>> >
>> > - name: Ensure audit tools have 0755 permissions.
>> > block:
>> > - name: check audit tools permissions.
>> > become: true
>> > stat:
>> > path: "/sbin/{{ audit_loop }}"
>> > loop:
>> > - auditctl
>> > - aureport
>> > - ausearch
>> > - autrace
>> > - auditd
>> > - audispd
>> > - augenrules
>> > loop_control:
>> > loop_var: audit_loop
>> > register: audit_tools
>> >
>> > - set_fact:
>> >
>> stig_text: "{{ stig_id }} FAILED. Audit tools don't have 0755
>> permissions."
>>
>> > when: audit_tools.stat.mode != '0755'
>> >
>> > - set_fact:
>> > stig_text: "PASSED"
>> >
>> >
>> > rescue:
>> >
>> > - name: change the audit tools' permissions to 0755.
>> > become: true
>> > file:
>> > path: "/sbin/{{ item.audit_loop }}"
>> > mode: 0755
>> > state: "{{ 'file' if item.stat.exists else 'touch' }}"
>> > loop: "{{ audit_tools.results }}"
>> > register: file_perms_rule
>> >
>> > - set_fact:
>> > stig_text: "PASSED"
>> > when: file_perms_rule.changed
>> >
>> > - debug:
>> > msg: "{{ stig_id }} {{ stig_text }}"
>> >
>> > always:
>> >
>> - local_action: lineinfile line="{{ stig_id }} {{ stig_text }}" path="{{
>> output_path }}" create=yes
>>
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> > --
>> > You received this message because you are subscribed to the Google
>> Groups "Ansible Project" group.
>> > To unsubscribe from this group and stop receiving emails from it, send
>> an email to
>> > [email protected] <mailto:
>> [email protected]>.
>> > To view this discussion on the web visit
>> >
>> https://groups.google.com/d/msgid/ansible-project/3138f57f-49a7-4537-92a5-9524f2feba24n%40googlegroups.com
>>
>> > <
>> https://groups.google.com/d/msgid/ansible-project/3138f57f-49a7-4537-92a5-9524f2feba24n%40googlegroups.com?utm_medium=email&utm_source=footer>.
>>
>>
>>
>>
>> --
>> Ecommerce and Linux consulting + Perl and web application programming.
>> Debian and Sympa administration. Provisioning with Ansible.
>>
>>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/32579219-1eb1-4238-8e68-501c15f359f7n%40googlegroups.com.
