Monitor Windows file (web.config) on servers

[Mark Matthews]

Hi

What is the best way to monitor any changes made to a Windows file (Either the web.config or hosts file)?

I want to be able to check that these files have not been changed at all, and if they have, Ansible picks that up and warns me and I can change it back to a template.

I am currently using the following playbook for the host file, but was wondering if there is sa easier way? As I want to do our web.config file?

--- 

- name: Check Host File Entries 

  hosts: all   

  tasks: 

    - name: Check Host File Entries 

      win_lineinfile: 

        dest: C:\Windows\System32\drivers\etc\hosts 

        regexp: "{{item.regexp}}" 

        line: "{{item.line}}"

      with_items:

        - { regexp: '^10.10.3.76   www.test.co.uk', line: '10.10.3.76   www.test.co.uk' }

        - { regexp: '^10.10.3.77   www.test1.co.uk', line: '10.10.3.77   www.test1.co.uk' }

        - { regexp: '^10.10.3.77   ca.test1.com', line: '10.10.3.77   ca.test1.com' }

        - { regexp: '^10.10.3.74   www.test3.com', line: '10.10.3.74   www.test3.com' }

        - { regexp: '^10.10.3.19   test4.com', line: '10.10.3.19   test4.com' }

Cheers

Mark

[J Hawkesworth]

Above looks good.  You could try using win_stat, which returns a checksum and then do whatever is necessary if the checksum has changed.

Something like the following

---
- hosts: all
  tasks:
     - name: stat the hosts file
       win_stat:
         path: C:\windows\system32\drivers\etc\hosts
       register: hosts_fileinfo
     - name: show hosts file stats for debugging purposes
       debug:
         var: hosts_fileinfo

     - name: fail if modified
       fail:
         msg: "HOSTS file has been modified"
       when: hosts_fileinfo.stat.checksum != "4bed0823746a2a8577ab08ac8711b79770e48274"


Hope this helps,

Jon

[Mark Matthews]

Hi Jon

That is exactly what I was looking for!!

Thank you so much for your quick response and help!

Cheers

Mark

[Mark Matthews]

Hi Jon

Just want to ask a quick question...

Tried to do the following with the web.config file but keep getting errors.

ok: [10.10.3.170] => {

    "Web.config_fileinfo": "VARIABLE IS NOT DEFINED!"

I the tried to run the following paybooks to get some variables for that file:

---

- name: Check Web.config file

  hosts: all

  tasks:

     - name: stat the Web.config file

       win_stat:

         path: C:\Websites\Live\Web.config

         register: file_info

---

- name: Check Web.config file

  hosts: all

  tasks:

     - name: stat the Web.config file

       win_stat:

         path: C:\Websites\Live\Web.config

         register: Web.config_fileinfo

---

- name: Check Web.config file

  hosts: all

  tasks:

     - name: stat the Web.config file

       win_stat:

         path: C:\Websites\Live\Web

         register: Web_fileinfo

But its not giving me an information...just the following result:

PLAY [Check Web.config file] ***************************************************

TASK [setup] *******************************************************************

ok: [10.10.3.168]

ok: [10.10.3.167]

ok: [10.10.3.170]

TASK [stat the Web.config file] ************************************************

ok: [10.10.3.170]

ok: [10.10.3.168]

ok: [10.10.3.167]

PLAY RECAP *********************************************************************

10.10.3.167                : ok=2    changed=0    unreachable=0    failed=0

10.10.3.168                : ok=2    changed=0    unreachable=0    failed=0

10.10.3.170                : ok=2    changed=0    unreachable=0    failed=0

Is there another way of getting the stats from that file so that I can do the same playbook as the pne you suggested for the hosts file?

Cheers

Mark

On Tuesday, February 16, 2016 at 10:25:31 AM UTC, Mark Matthews wrote:

[J Hawkesworth]

So, not quite sure what's going on here but...

register just stores the output from the win_stat command in a variable with the name you've given it.

So you need to do something with the contents of the variable - hence the debug in the example playbook above

Also I think variable names can't have . in them so this isn't going to work:

    register: Web.config_fileinfo

See http://docs.ansible.com/ansible/playbooks_variables.html#what-makes-a-valid-variable-name for valid variable names

That will be why you are getting the

    "Web.config_fileinfo": "VARIABLE IS NOT DEFINED!"

Its looking for a variable called Web with a method called config_fileinfo on it, hence the failure.

Hopefully just picking a valid name for your variable and then examining the contents of the variable using debug will sort you out.

If you want some examples you can have a look in the ansible integration tests 
https://github.com/ansible/ansible/blob/devel/test/integration/roles/test_win_stat/tasks/main.yml

Jon

[Mark Matthews]

Hi Jon

Thanks for the quick response...

Using the information you provided I did the following playbook below...and it worked perfectly.

So for some reason when I tried to use the following variable names it kept failing...'web_stat_file', ''file_info', 'web_fileinfo'
Will have to read through and see why the only variable that works is 'host_fileinfo'

---

- name: Check Host file

  hosts: all

  tasks:

     - name: Stat the web.config file

       win_stat:

         path: C:\Websites\Live\Web.config

       register: hosts_fileinfo

     - name: show web.config file stats for debugging purposes

       debug:

         var: hosts_fileinfo

     - name: fail if modified

       fail:

         msg: "WEB.CONFIG file has been modified"

       when: hosts_fileinfo.stat.checksum != "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

Thanks again for all your help.

Cheers

Mark

On Tuesday, February 16, 2016 at 10:25:31 AM UTC, Mark Matthews wrote:

[J Hawkesworth]

Glad its working.  I don't know why those other variable names might be failing.

Perhaps worth checking your playbook is valid yaml.  I like to use either notepad++ as it has YAML syntax hightlighting, or use www.yamlint.com to check for correctness.

Jon