Ansible and aureport
51 views
Skip to first unread message
John Harmon
May 8, 2024, 6:12:11 PM5/8/24
to Ansible Project
I am running this in my task file (tried shell, command, and raw). Any idea why and how to work around the issue?:
- name: Check number of AVCs
ansible.builtin.raw: "aureport | grep -i avc"
register: avcreport
- debug:
var: avcreport
It returns a report with all zero values, but if I run this directly on a server I get non-zero values. Can't seem to figure out why:
"aureport_output.stdout_lines": [
"",
"Summary Report",
"======================",
"Range of time in logs: 01/01/1970 00:00:00.000 - 01/01/1970 00:00:00.000",
"Selected time for report: 01/01/1970 00:00:00 - 01/01/1970 00:00:00.000",
"Number of changes in configuration: 0",
"Number of changes to accounts, groups, or roles: 0",
"Number of logins: 0",
"Number of failed logins: 0",
"Number of authentications: 0",
"Number of failed authentications: 0",
"Number of users: 0",
"Number of terminals: 0",
"Number of host names: 0",
"Number of executables: 0",
"Number of commands: 0",
"Number of files: 0",
"Number of AVC's: 0",
"Number of MAC events: 0",
"Number of failed syscalls: 0",
"Number of anomaly events: 0",
"Number of responses to anomaly events: 0",
"Number of crypto events: 0",
"Number of integrity events: 0",
"Number of virt events: 0",
"Number of keys: 0",
"Number of process IDs: 0",
"Number of events: 0"
- name: Check number of AVCs
ansible.builtin.raw: "aureport | grep -i avc"
register: avcreport
- debug:
var: avcreport
It returns a report with all zero values, but if I run this directly on a server I get non-zero values. Can't seem to figure out why:
"aureport_output.stdout_lines": [
"",
"Summary Report",
"======================",
"Range of time in logs: 01/01/1970 00:00:00.000 - 01/01/1970 00:00:00.000",
"Selected time for report: 01/01/1970 00:00:00 - 01/01/1970 00:00:00.000",
"Number of changes in configuration: 0",
"Number of changes to accounts, groups, or roles: 0",
"Number of logins: 0",
"Number of failed logins: 0",
"Number of authentications: 0",
"Number of failed authentications: 0",
"Number of users: 0",
"Number of terminals: 0",
"Number of host names: 0",
"Number of executables: 0",
"Number of commands: 0",
"Number of files: 0",
"Number of AVC's: 0",
"Number of MAC events: 0",
"Number of failed syscalls: 0",
"Number of anomaly events: 0",
"Number of responses to anomaly events: 0",
"Number of crypto events: 0",
"Number of integrity events: 0",
"Number of virt events: 0",
"Number of keys: 0",
"Number of process IDs: 0",
"Number of events: 0"
Directly on the server I get this:
Summary Report
======================
Range of time in logs: 05/08/2024 02:48:03.967 - 05/08/2024 22:10:09.990
Selected time for report: 05/08/2024 02:48:03 - 05/08/2024 22:10:09.990
Number of changes in configuration: 0
Number of changes to accounts, groups, or roles: 0
Number of logins: 15
Number of failed logins: 705
Number of authentications: 3
Number of failed authentications: 0
Number of users: 3
Number of terminals: 6
Number of host names: 5
Number of executables: 21
Number of commands: 31
Number of files: 1401
Number of AVC's: 15184
Number of MAC events: 1124
Number of failed syscalls: 544
Number of anomaly events: 0
Number of responses to anomaly events: 0
Number of crypto events: 4990
Number of integrity events: 0
Number of virt events: 0
Number of keys: 0
Number of process IDs: 10864
Number of events: 70010
Summary Report
======================
Range of time in logs: 05/08/2024 02:48:03.967 - 05/08/2024 22:10:09.990
Selected time for report: 05/08/2024 02:48:03 - 05/08/2024 22:10:09.990
Number of changes in configuration: 0
Number of changes to accounts, groups, or roles: 0
Number of logins: 15
Number of failed logins: 705
Number of authentications: 3
Number of failed authentications: 0
Number of users: 3
Number of terminals: 6
Number of host names: 5
Number of executables: 21
Number of commands: 31
Number of files: 1401
Number of AVC's: 15184
Number of MAC events: 1124
Number of failed syscalls: 544
Number of anomaly events: 0
Number of responses to anomaly events: 0
Number of crypto events: 4990
Number of integrity events: 0
Number of virt events: 0
Number of keys: 0
Number of process IDs: 10864
Number of events: 70010
Dick Visser
May 9, 2024, 3:28:49 AM5/9/24
to ansible...@googlegroups.com
command with the piped grep cannot return all those lines.
Can you post accurate playbooks and output?
Dick Visser
May 9, 2024, 3:30:29 AM5/9/24
to ansible...@googlegroups.com
In any case, the following tasks works fine for me:
---
- name: test
become: true
hosts: bar
tasks:
- name: foo
command: aureport
register: out
- debug: var=out.stdout_lines
TASK [debug] ***************************************************************************************
ok: [bar] =>
out.stdout_lines:
- ''
- Summary Report
- ======================
- 'Range of time in logs: 05/09/2024 09:21:28.628 - 05/09/2024 09:28:42.513'
- 'Selected time for report: 05/09/2024 09:21:28 - 05/09/2024 09:28:42.513'
- 'Number of changes in configuration: 3'
- 'Number of changes to accounts, groups, or roles: 0'
- 'Number of logins: 6'
- 'Number of failed logins: 0'
- 'Number of authentications: 1'
- 'Number of failed authentications: 0'
- 'Number of users: 4'
- 'Number of terminals: 9'
- 'Number of host names: 3'
- 'Number of executables: 6'
- 'Number of commands: 5'
- 'Number of files: 0'
- 'Number of AVC''s: 0'
- 'Number of MAC events: 0'
- 'Number of failed syscalls: 0'
- 'Number of anomaly events: 0'
- 'Number of responses to anomaly events: 0'
- 'Number of crypto events: 0'
- 'Number of integrity events: 0'
- 'Number of virt events: 0'
- 'Number of keys: 0'
- 'Number of process IDs: 49'
- 'Number of events: 221'
---
- name: test
become: true
hosts: bar
tasks:
- name: foo
command: aureport
register: out
- debug: var=out.stdout_lines
TASK [debug] ***************************************************************************************
ok: [bar] =>
out.stdout_lines:
- ''
- Summary Report
- ======================
- 'Range of time in logs: 05/09/2024 09:21:28.628 - 05/09/2024 09:28:42.513'
- 'Selected time for report: 05/09/2024 09:21:28 - 05/09/2024 09:28:42.513'
- 'Number of changes in configuration: 3'
- 'Number of changes to accounts, groups, or roles: 0'
- 'Number of logins: 6'
- 'Number of failed logins: 0'
- 'Number of authentications: 1'
- 'Number of failed authentications: 0'
- 'Number of users: 4'
- 'Number of terminals: 9'
- 'Number of host names: 3'
- 'Number of executables: 6'
- 'Number of commands: 5'
- 'Number of files: 0'
- 'Number of AVC''s: 0'
- 'Number of MAC events: 0'
- 'Number of failed syscalls: 0'
- 'Number of anomaly events: 0'
- 'Number of responses to anomaly events: 0'
- 'Number of crypto events: 0'
- 'Number of integrity events: 0'
- 'Number of virt events: 0'
- 'Number of keys: 0'
- 'Number of process IDs: 49'
- 'Number of events: 221'
John Harmon
May 9, 2024, 5:17:36 PM5/9/24
to Ansible Project
I will give it a try, thank you. Sorry about the slow reply--been a busy day
Reply all
Reply to author
Forward
0 new messages