[ansible-project] Re: Need help with Loop and Stat playbook

Thu, 17 Dec 2020 08:05:21 -0800 

Maybe some of the files are missing in the target. If that's the case, 
there is no "stat" for that file.

Maybe you should add "audit_tools.stat is defined and 
audit_tools.stat.mode != '0755'"
El miércoles, 16 de diciembre de 2020 a la(s) 17:09:12 UTC-6, 
thuan...@gmail.com escribió:

> Hi all,
>
> I'm try to use the Loop and Stat modules instead Shell command with 
> Ansible playbook.
> Whenever I run the playbook with --check,  I always get the 'Pass' message.
>
> The error was: error while evaluating conditional (audit_tools.stat.mode 
> != '0755'): 'dict object' has no attribute 'stat'\n\n
>
> I need help.
>
>
> Thanks
> ===========================================================
>
> ---
>
> - set_fact:
>     stig_id: V-219195
>
>     stig_text: "FAILED. Audit tools aren't configured with mode of 0755 or 
> less permissive."
>
>
> - local_action: lineinfile regexp='^V-219195' path="{{ output_path }}" 
> state=absent
>
> - name: Ensure audit tools have 0755 permissions.
>   block: 
>     - name: check audit tools permissions.
>       become: true
>       stat:
>         path: "/sbin/{{ audit_loop }}"
>       loop:
>         - auditctl
>         - aureport
>         - ausearch
>         - autrace
>         - auditd
>         - audispd
>         - augenrules
>       loop_control:
>         loop_var: audit_loop
>       register: audit_tools
>     
>     - set_fact:
>
>         stig_text: "{{ stig_id }} FAILED. Audit tools don't have 0755 
> permissions."
>       when: audit_tools.stat.mode != '0755'
>    
>     - set_fact:
>         stig_text: "PASSED"
>     
>
>   rescue:
>
>     - name: change the audit tools' permissions to 0755.
>       become: true
>       file:
>         path: "/sbin/{{ item.audit_loop }}"
>         mode: 0755
>         state: "{{ 'file' if item.stat.exists else 'touch' }}"
>       loop: "{{ audit_tools.results }}"
>       register: file_perms_rule 
>   
>     - set_fact:
>         stig_text: "PASSED"
>       when: file_perms_rule.changed
>
>     - debug:
>         msg: "{{ stig_id }} {{ stig_text }}"
>
>   always:
>
>     - local_action: lineinfile line="{{ stig_id }} {{ stig_text }}" path="{{ 
> output_path }}" create=yes
>
>
>
>
>
>
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/3138f57f-49a7-4537-92a5-9524f2feba24n%40googlegroups.com.

Reply via email to