Hi there.
I'm trying to use ansible to automate standard controls on redhat servers,
I have several bash scripts that I currently run locally on each server so
I can control them.
Script in bash
[image: pbash.PNG]
today=`date`
host=`hostname`
version=`cat /etc/redhat-release`
direccionip=`hostname -i`
user=`whoami`
azure=`systemd-detect-virt`
echo
"############################################################################################"
echo "### HOSTNAME $host"
echo "### VERSION $version"
echo "### DIRECCION IP $direccionip"
echo "### TIPO (AWS=kvm, zen o microsoft | Azure=hyper-v | Vmware=vmware)
$azure"
echo "### FECHA $today"
echo "### USUARIO $user"
echo
"############################################################################################"
echo " "
echo
"############################################################################################"
echo "### 5.12 - Configure data retention ###"
echo
"############################################################################################"
echo " "
echo "### 5.12.6 - Collect privileged command usage ###"
echo " "
UIDMINVAL=$(/bin/awk '/^\s*UID_MIN/{print $2}' /etc/login.defs);
LINES=$(sudo find / -xdev -perm -4000 -o -perm -2000 -type f); for LINE in
$LINES; do LINE1="-a always,exit -F path=$LINE -F perm=x -F
auid>=$UIDMINVAL -F auid!=4294967295 -k privileged"; if [ $(sudo cat
/etc/audit/rules.d/audit.rules |/bin/egrep -- "^$LINE1" | wc -l) -eq 0 ];
then LINE2="-a always,exit -F path=$LINE -F perm=x -F auid>=$UIDMINVAL -F
auid!=4294967295 -k privileged"; if [ $(sudo cat
/etc/audit/rules.d/audit.rules |/bin/egrep -- "^$LINE2" | wc -l) -eq 0 ];
then echo "$LINE2 - not found in /etc/audit/rules.d/audit.rules"; fi; fi;
done
echo " "
echo
"############################################################################################"
echo "### Fin ###"
echo
"############################################################################################"
ere is my playbook that I am trying to put together in ansible. Everything
works perfect, until I add line 12 and there it fails.
[image: ansible.PNG]
- name: Shell Examples
hosts: all
tasks:
- name: Check Date with Shell command
shell: |
date
hostname
cat /etc/redhat-release
hostname -i
whoami
systemd-detect-virt
UIDMINVAL=$(/bin/awk '/^\s*UID_MIN/{print $2}' /etc/login.defs);
LINES=$(sudo find / -xdev -perm -4000 -o -perm -2000 -type f); for LINE in
$LINES; do LINE1="-a always,exit -F path=$LINE -F perm=x -F
auid>=$UIDMINVAL -F auid!=4294967295 -k privileged"; if [ $(sudo cat
/etc/audit/rules.d/audit.rules |/bin/egrep -- "^$LINE1" | wc -l) -eq 0 ];
then LINE2="-a always,exit -F path=$LINE -F perm=x -F auid>=$UIDMINVAL -F
auid!=4294967295 -k privileged"; if [ $(sudo cat
/etc/audit/rules.d/audit.rules |/bin/egrep -- "^$LINE2" | wc -l) -eq 0 ];
then echo "$LINE2 - not found in /etc/audit/rules.d/audit.rules"; fi; fi;
done
register: fileout
tags: fileout
- debug: msg="{{ fileout.stdout_lines }}"
>From already thank you very much.
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/27ade5a1-c4c4-4b1b-9815-15912749ea67n%40googlegroups.com.
