On Thu, 9 May 2024 at 00:12, John Harmon <[email protected]> wrote: > > I am running this in my task file (tried shell, command, and raw). Any idea > why and how to work around the issue?: > > - name: Check number of AVCs > ansible.builtin.raw: "aureport | grep -i avc" > register: avcreport > > - debug: > var: avcreport > > It returns a report with all zero values, but if I run this directly on a > server I get non-zero values. Can't seem to figure out why: > > "aureport_output.stdout_lines": [ > "", > "Summary Report", > "======================", > "Range of time in logs: 01/01/1970 00:00:00.000 - 01/01/1970 > 00:00:00.000", > "Selected time for report: 01/01/1970 00:00:00 - 01/01/1970 > 00:00:00.000", > "Number of changes in configuration: 0", > "Number of changes to accounts, groups, or roles: 0", > "Number of logins: 0", > "Number of failed logins: 0", > "Number of authentications: 0", > "Number of failed authentications: 0", > "Number of users: 0", > "Number of terminals: 0", > "Number of host names: 0", > "Number of executables: 0", > "Number of commands: 0", > "Number of files: 0", > "Number of AVC's: 0", > "Number of MAC events: 0", > "Number of failed syscalls: 0", > "Number of anomaly events: 0", > "Number of responses to anomaly events: 0", > "Number of crypto events: 0", > "Number of integrity events: 0", > "Number of virt events: 0", > "Number of keys: 0", > "Number of process IDs: 0", > "Number of events: 0"
This is NOT the output of the task you posted above, because that command with the piped grep cannot return all those lines. Can you post accurate playbooks and output? > Directly on the server I get this: > > > Summary Report > ====================== > Range of time in logs: 05/08/2024 02:48:03.967 - 05/08/2024 22:10:09.990 > Selected time for report: 05/08/2024 02:48:03 - 05/08/2024 22:10:09.990 > Number of changes in configuration: 0 > Number of changes to accounts, groups, or roles: 0 > Number of logins: 15 > Number of failed logins: 705 > Number of authentications: 3 > Number of failed authentications: 0 > Number of users: 3 > Number of terminals: 6 > Number of host names: 5 > Number of executables: 21 > Number of commands: 31 > Number of files: 1401 > Number of AVC's: 15184 > Number of MAC events: 1124 > Number of failed syscalls: 544 > Number of anomaly events: 0 > Number of responses to anomaly events: 0 > Number of crypto events: 4990 > Number of integrity events: 0 > Number of virt events: 0 > Number of keys: 0 > Number of process IDs: 10864 > Number of events: 70010 I would suspect some environment variables are off, or the become logic is off. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAF8BbLajbej%3D-GZqkY%3D%2BYDfvO7KwyGdigXfhp3royyqNsKZq%2BQ%40mail.gmail.com.
