Re: [ansible-project] Check Number Of Wheel Group Members

2019-04-02 Thread Jon Adcock 
That got it !  Thank you for your help.

On Tuesday, April 2, 2019 at 2:23:04 PM UTC-4, Sebastian Meyer wrote:
>
> On 02.04.19 19:50, Jon Adcock wrote: 
> >that: getent_group.wheel|default(["", "", ""])[2] == "" 
>
> You'll need () around the getent and default: 
>
> that: (getent_group.wheel|default(["", "", ""]))[2] == "" 
>
> The above should work. 
>
> Sebastian 
> -- 
> Sebastian Meyer 
> Linux Consultant & Trainer 
> Mail: me...@b1-systems.de  
>
> B1 Systems GmbH 
> Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de 
> GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/5afbec21-c68f-4588-8148-012d90f89679%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Check Number Of Wheel Group Members

2019-04-02 Thread Sebastian Meyer 
On 02.04.19 19:50, Jon Adcock wrote:
>that: getent_group.wheel|default(["", "", ""])[2] == ""

You'll need () around the getent and default:

that: (getent_group.wheel|default(["", "", ""]))[2] == ""

The above should work.

Sebastian
-- 
Sebastian Meyer
Linux Consultant & Trainer
Mail: me...@b1-systems.de

B1 Systems GmbH
Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de
GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/750f0cef-9d55-4fab-be0a-2641adf08616%40b1-systems.de.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Check Number Of Wheel Group Members

2019-04-02 Thread Matt Martz 
Your formatting doesn't match mine. Notice the difference of `that` between
mine and yours.  `that` is ententes to be a list

On Tue, Apr 2, 2019 at 12:50 PM Jon Adcock  wrote:

> Thank you for your reply.  I am getting what appears to be a formatting
> error.  Here is the task from my playbook, and the error it is generating:
> ---
>   tasks:
>   - getent:
>database: group
>
> # Users in the default wheel group are automatically granted sudo
> privileges
>   - assert:
>that: getent_group.wheel|default(["", "", ""])[2] == ""
>msg: "The wheel group contains one or more users!"
> ---
> task path: /etc/ansible/playbooks/test1.yml:22
> fatal: [jon-rhel7]: FAILED! => {
> "msg": "The conditional check 'getent_group.wheel|default([\"\", \"\",
> \"\"])[2] == \"\"' failed. The error was: template error while templating
> string: expected token 'end of statement block', got '['. String: {% if
> getent_group.wheel|default([\"\", \"\", \"\"])[2] == \"\" %} True {% else
> %} False {% endif %}"
> }
>
> On Tuesday, April 2, 2019 at 12:28:14 PM UTC-4, Matt Martz wrote:
>>
>> You can use the `getent` module to do this.  Something like:
>>
>> - getent:
>> database: group
>>
>> - assert:
>> that:
>>   - getent_group.wheel|default(["", "", ""])[2] == ""
>>
>> On Tue, Apr 2, 2019 at 11:22 AM Jon Adcock  wrote:
>>
>>> I'm trying to add a task to my security playbook to ensure that there
>>> are no members in the default Linux wheel group.  This has turned out to be
>>> more difficult than I thought it would be.
>>>
>>> Can someone out there help get me started?  (ansible 2.7.9)
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Ansible Project" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to ansible...@googlegroups.com.
>>> To post to this group, send email to ansible...@googlegroups.com.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/ansible-project/8eb57467-d348-4ca3-a013-9b8b9ac01235%40googlegroups.com
>>> 
>>> .
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>>
>> --
>> Matt Martz
>> @sivel
>> sivel.net
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/134b6341-8224-4881-94fa-6a7d7a964d07%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>
-- 
Matt Martz
@sivel
sivel.net

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAD8N0v82snondru_BPnEqnGqsZpEN8joG-wOA%3D0Edf7DmXsyAg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Check Number Of Wheel Group Members

2019-04-02 Thread Jon Adcock 
Thank you for your reply.  I am getting what appears to be a formatting 
error.  Here is the task from my playbook, and the error it is generating:
---
  tasks:
  - getent:
   database: group

# Users in the default wheel group are automatically granted sudo privileges
  - assert:
   that: getent_group.wheel|default(["", "", ""])[2] == ""
   msg: "The wheel group contains one or more users!"
---
task path: /etc/ansible/playbooks/test1.yml:22
fatal: [jon-rhel7]: FAILED! => {
"msg": "The conditional check 'getent_group.wheel|default([\"\", \"\", 
\"\"])[2] == \"\"' failed. The error was: template error while templating 
string: expected token 'end of statement block', got '['. String: {% if 
getent_group.wheel|default([\"\", \"\", \"\"])[2] == \"\" %} True {% else 
%} False {% endif %}"
}

On Tuesday, April 2, 2019 at 12:28:14 PM UTC-4, Matt Martz wrote:
>
> You can use the `getent` module to do this.  Something like:
>
> - getent:
> database: group
>
> - assert:
> that:
>   - getent_group.wheel|default(["", "", ""])[2] == ""
>
> On Tue, Apr 2, 2019 at 11:22 AM Jon Adcock  > wrote:
>
>> I'm trying to add a task to my security playbook to ensure that there are 
>> no members in the default Linux wheel group.  This has turned out to be 
>> more difficult than I thought it would be.
>>
>> Can someone out there help get me started?  (ansible 2.7.9)
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to ansible...@googlegroups.com .
>> To post to this group, send email to ansible...@googlegroups.com 
>> .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/ansible-project/8eb57467-d348-4ca3-a013-9b8b9ac01235%40googlegroups.com
>>  
>> 
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
> -- 
> Matt Martz
> @sivel
> sivel.net
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/134b6341-8224-4881-94fa-6a7d7a964d07%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Check Number Of Wheel Group Members

2019-04-02 Thread Matt Martz 
You can use the `getent` module to do this.  Something like:

- getent:
database: group

- assert:
that:
  - getent_group.wheel|default(["", "", ""])[2] == ""

On Tue, Apr 2, 2019 at 11:22 AM Jon Adcock  wrote:

> I'm trying to add a task to my security playbook to ensure that there are
> no members in the default Linux wheel group.  This has turned out to be
> more difficult than I thought it would be.
>
> Can someone out there help get me started?  (ansible 2.7.9)
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/8eb57467-d348-4ca3-a013-9b8b9ac01235%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>


-- 
Matt Martz
@sivel
sivel.net

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAD8N0v-s3JtKqZX42a7sVe5rV1B75t7SYAcmpzFPYFfqsv4S2Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Check Number Of Wheel Group Members

2019-04-02 Thread Jon Adcock 
I'm trying to add a task to my security playbook to ensure that there are 
no members in the default Linux wheel group.  This has turned out to be 
more difficult than I thought it would be.

Can someone out there help get me started?  (ansible 2.7.9)

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/8eb57467-d348-4ca3-a013-9b8b9ac01235%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.