Hi all,
My playbook is working for single files but not for directories.
It doesn't check the folders permissions recursively.
============================================================
- name: Ensure system directories are own by root group.
block:
- name: Verify the command directories are exists.
become: true
stat:
path: "{{ item }}"
loop:
- /bin/
- /sbin/
- /usr/bin/
- /usr/sbin/
- /usr/local/bin
- /usr/local/sbin
register: command_directories
- name: Verify the ownership of command directories are belong to root.
loop: |
{{ command_directories.results | map(attribute='item')|
zip(command_directories.results | map(attribute='stat.gr_name'))|list }}
assert:
that: item.1 == 'root'
loop_control:
label: "{{ item.0 }}"
- set_fact:
stig_text: "PASSED"
rescue:
- name: configure the command directories ownership to root and create if
it doesn't exist.
become: true
file:
path: "{{ item.item }}"
group: root
state: "{{ 'directory' if item.stat.exists else 'touch' }}"
recurse: yes
loop: "{{ command_directories.results }}"
register: file_perms_rule
- set_fact:
stig_text: "PASSED"
when: file_perms_rule.changed
==================================================================
TASK [Verify the ownership of command directories are belong to root.]
***************************************
[WARNING]: The loop variable 'item' is already in use. You should set the
`loop_var` value in the
`loop_control` option for the task to something else to avoid variable
collisions and unexpected behavior.
ok: [localhost] => (item=/bin/) => {
"ansible_loop_var": "item",
"changed": false,
"item": [
"/bin/",
"root"
],
"msg": "All assertions passed"
}
ok: [localhost] => (item=/sbin/) => {
"ansible_loop_var": "item",
"changed": false,
"item": [
"/sbin/",
"root"
],
"msg": "All assertions passed"
}
ok: [localhost] => (item=/usr/bin/) => {
"ansible_loop_var": "item",
"changed": false,
"item": [
"/usr/bin/",
"root"
],
"msg": "All assertions passed"
}
ok: [localhost] => (item=/usr/sbin/) => {
"ansible_loop_var": "item",
"changed": false,
"item": [
"/usr/sbin/",
"root"
],
"msg": "All assertions passed"
}
ok: [localhost] => (item=/usr/local/bin) => {
"ansible_loop_var": "item",
"changed": false,
"item": [
"/usr/local/bin",
"root"
],
"msg": "All assertions passed"
}
ok: [localhost] => (item=/usr/local/sbin) => {
"ansible_loop_var": "item",
"changed": false,
"item": [
"/usr/local/sbin",
"root"
],
"msg": "All assertions passed"
}
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/3736ce06-1bf1-4cfe-a2fb-042619b8497en%40googlegroups.com.
