[ansible-project] Re: Monitor Windows file (web.config) on servers

['J Hawkesworth' via Ansible Project]

Above looks good.  You could try using win_stat, which returns a checksum 
and then do whatever is necessary if the checksum has changed.

Something like the following

---
- hosts: all
  tasks:
     - name: stat the hosts file
       win_stat:
         path: C:\windows\system32\drivers\etc\hosts
       register: hosts_fileinfo
     - name: show hosts file stats for debugging purposes
       debug:
         var: hosts_fileinfo

     - name: fail if modified
       fail:
         msg: "HOSTS file has been modified"
       when: hosts_fileinfo.stat.checksum != 
"4bed0823746a2a8577ab08ac8711b79770e48274"


Hope this helps,

Jon

On Tuesday, 16 February 2016 10:25:31 UTC, Mark Matthews wrote:
>
> Hi
>
> What is the best way to monitor any changes made to a Windows file (Either 
> the web.config or hosts file)?
>
> I want to be able to check that these files have not been changed at all, 
> and if they have, Ansible picks that up and warns me and I can change it 
> back to a template.
>
> I am currently using the following playbook for the host file, but was 
> wondering if there is sa easier way? As I want to do our web.config file?
>
>
> --- 
> - name: Check Host File Entries 
>   hosts: all   
>   tasks: 
>     - name: Check Host File Entries 
>       win_lineinfile: 
>         dest: C:\Windows\System32\drivers\etc\hosts 
>         regexp: "{{item.regexp}}" 
>         line: "{{item.line}}"
>
>       with_items:
>         - { regexp: '^10.10.3.76   www.test.co.uk', line: '10.10.3.76   
> www.test.co.uk' }
>         - { regexp: '^10.10.3.77   www.test1.co.uk', line: '10.10.3.77   
> www.test1.co.uk' }
>         - { regexp: '^10.10.3.77   ca.test1.com', line: '10.10.3.77   
> ca.test1.com' }
>         - { regexp: '^10.10.3.74   www.test3.com', line: '10.10.3.74   
> www.test3.com' }
>         - { regexp: '^10.10.3.19   test4.com', line: '10.10.3.19   
> test4.com' }
>
>
> Cheers
> Mark
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/7314397a-4915-4aed-ab43-35a2bf6208f5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.