In any case, the following tasks works fine for me:
---
- name: test
become: true
hosts: bar
tasks:
- name: foo
command: aureport
register: out
- debug: var=out.stdout_lines
TASK [debug]
***************************************************************************************
ok: [bar] =>
out.stdout_lines:
- ''
- Summary Report
- ======================
- 'Range of time in logs: 05/09/2024 09:21:28.628 - 05/09/2024 09:28:42.513'
- 'Selected time for report: 05/09/2024 09:21:28 - 05/09/2024 09:28:42.513'
- 'Number of changes in configuration: 3'
- 'Number of changes to accounts, groups, or roles: 0'
- 'Number of logins: 6'
- 'Number of failed logins: 0'
- 'Number of authentications: 1'
- 'Number of failed authentications: 0'
- 'Number of users: 4'
- 'Number of terminals: 9'
- 'Number of host names: 3'
- 'Number of executables: 6'
- 'Number of commands: 5'
- 'Number of files: 0'
- 'Number of AVC''s: 0'
- 'Number of MAC events: 0'
- 'Number of failed syscalls: 0'
- 'Number of anomaly events: 0'
- 'Number of responses to anomaly events: 0'
- 'Number of crypto events: 0'
- 'Number of integrity events: 0'
- 'Number of virt events: 0'
- 'Number of keys: 0'
- 'Number of process IDs: 49'
- 'Number of events: 221'
On Thu, 9 May 2024 at 09:28, Dick Visser <dnmvis...@gmail.com> wrote:
>
> On Thu, 9 May 2024 at 00:12, John Harmon <jdh...@gmail.com> wrote:
> >
> > I am running this in my task file (tried shell, command, and raw). Any
> > idea why and how to work around the issue?:
> >
> > - name: Check number of AVCs
> > ansible.builtin.raw: "aureport | grep -i avc"
> > register: avcreport
> >
> > - debug:
> > var: avcreport
> >
> > It returns a report with all zero values, but if I run this directly on a
> > server I get non-zero values. Can't seem to figure out why:
> >
> > "aureport_output.stdout_lines": [
> > "",
> > "Summary Report",
> > "======================",
> > "Range of time in logs: 01/01/1970 00:00:00.000 - 01/01/1970
> > 00:00:00.000",
> > "Selected time for report: 01/01/1970 00:00:00 - 01/01/1970
> > 00:00:00.000",
> > "Number of changes in configuration: 0",
> > "Number of changes to accounts, groups, or roles: 0",
> > "Number of logins: 0",
> > "Number of failed logins: 0",
> > "Number of authentications: 0",
> > "Number of failed authentications: 0",
> > "Number of users: 0",
> > "Number of terminals: 0",
> > "Number of host names: 0",
> > "Number of executables: 0",
> > "Number of commands: 0",
> > "Number of files: 0",
> > "Number of AVC's: 0",
> > "Number of MAC events: 0",
> > "Number of failed syscalls: 0",
> > "Number of anomaly events: 0",
> > "Number of responses to anomaly events: 0",
> > "Number of crypto events: 0",
> > "Number of integrity events: 0",
> > "Number of virt events: 0",
> > "Number of keys: 0",
> > "Number of process IDs: 0",
> > "Number of events: 0"
>
> This is NOT the output of the task you posted above, because that
> command with the piped grep cannot return all those lines.
> Can you post accurate playbooks and output?
>
> > Directly on the server I get this:
> >
> >
> > Summary Report
> > ======================
> > Range of time in logs: 05/08/2024 02:48:03.967 - 05/08/2024 22:10:09.990
> > Selected time for report: 05/08/2024 02:48:03 - 05/08/2024 22:10:09.990
> > Number of changes in configuration: 0
> > Number of changes to accounts, groups, or roles: 0
> > Number of logins: 15
> > Number of failed logins: 705
> > Number of authentications: 3
> > Number of failed authentications: 0
> > Number of users: 3
> > Number of terminals: 6
> > Number of host names: 5
> > Number of executables: 21
> > Number of commands: 31
> > Number of files: 1401
> > Number of AVC's: 15184
> > Number of MAC events: 1124
> > Number of failed syscalls: 544
> > Number of anomaly events: 0
> > Number of responses to anomaly events: 0
> > Number of crypto events: 4990
> > Number of integrity events: 0
> > Number of virt events: 0
> > Number of keys: 0
> > Number of process IDs: 10864
> > Number of events: 70010
>
>
> I would suspect some environment variables are off, or the become logic is
> off.
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CAF8BbLZFB-YstTHGBUBHY1uCdtf5B9_eSGhY%3DmEQmEO09pwGeg%40mail.gmail.com.
