In any case, the following tasks works fine for me:
---
- name: test
become: true
hosts: bar
tasks:
- name: foo
command: aureport
register: out
- debug: var=out.stdout_lines
TASK [debug]
***************************************************************************************
ok: [bar] =>
out.stdout_lines:
- ''
- Summary Report
- ======================
- 'Range of time in logs: 05/09/2024 09:21:28.628 - 05/09/2024 09:28:42.513'
- 'Selected time for report: 05/09/2024 09:21:28 - 05/09/2024 09:28:42.513'
- 'Number of changes in configuration: 3'
- 'Number of changes to accounts, groups, or roles: 0'
- 'Number of logins: 6'
- 'Number of failed logins: 0'
- 'Number of authentications: 1'
- 'Number of failed authentications: 0'
- 'Number of users: 4'
- 'Number of terminals: 9'
- 'Number of host names: 3'
- 'Number of executables: 6'
- 'Number of commands: 5'
- 'Number of files: 0'
- 'Number of AVC''s: 0'
- 'Number of MAC events: 0'
- 'Number of failed syscalls: 0'
- 'Number of anomaly events: 0'
- 'Number of responses to anomaly events: 0'
- 'Number of crypto events: 0'
- 'Number of integrity events: 0'
- 'Number of virt events: 0'
- 'Number of keys: 0'
- 'Number of process IDs: 49'
- 'Number of events: 221'
On Thu, 9 May 2024 at 09:28, Dick Visser <[email protected]> wrote:
>
> On Thu, 9 May 2024 at 00:12, John Harmon <[email protected]> wrote:
> >
> > I am running this in my task file (tried shell, command, and raw). Any
> > idea why and how to work around the issue?:
> >
> > - name: Check number of AVCs
> > ansible.builtin.raw: "aureport | grep -i avc"
> > register: avcreport
> >
> > - debug:
> > var: avcreport
> >
> > It returns a report with all zero values, but if I run this directly on a
> > server I get non-zero values. Can't seem to figure out why:
> >
> > "aureport_output.stdout_lines": [
> > "",
> > "Summary Report",
> > "======================",
> > "Range of time in logs: 01/01/1970 00:00:00.000 - 01/01/1970
> > 00:00:00.000",
> > "Selected time for report: 01/01/1970 00:00:00 - 01/01/1970
> > 00:00:00.000",
> > "Number of changes in configuration: 0",
> > "Number of changes to accounts, groups, or roles: 0",
> > "Number of logins: 0",
> > "Number of failed logins: 0",
> > "Number of authentications: 0",
> > "Number of failed authentications: 0",
> > "Number of users: 0",
> > "Number of terminals: 0",
> > "Number of host names: 0",
> > "Number of executables: 0",
> > "Number of commands: 0",
> > "Number of files: 0",
> > "Number of AVC's: 0",
> > "Number of MAC events: 0",
> > "Number of failed syscalls: 0",
> > "Number of anomaly events: 0",
> > "Number of responses to anomaly events: 0",
> > "Number of crypto events: 0",
> > "Number of integrity events: 0",
> > "Number of virt events: 0",
> > "Number of keys: 0",
> > "Number of process IDs: 0",
> > "Number of events: 0"
>
> This is NOT the output of the task you posted above, because that
> command with the piped grep cannot return all those lines.
> Can you post accurate playbooks and output?
>
> > Directly on the server I get this:
> >
> >
> > Summary Report
> > ======================
> > Range of time in logs: 05/08/2024 02:48:03.967 - 05/08/2024 22:10:09.990
> > Selected time for report: 05/08/2024 02:48:03 - 05/08/2024 22:10:09.990
> > Number of changes in configuration: 0
> > Number of changes to accounts, groups, or roles: 0
> > Number of logins: 15
> > Number of failed logins: 705
> > Number of authentications: 3
> > Number of failed authentications: 0
> > Number of users: 3
> > Number of terminals: 6
> > Number of host names: 5
> > Number of executables: 21
> > Number of commands: 31
> > Number of files: 1401
> > Number of AVC's: 15184
> > Number of MAC events: 1124
> > Number of failed syscalls: 544
> > Number of anomaly events: 0
> > Number of responses to anomaly events: 0
> > Number of crypto events: 4990
> > Number of integrity events: 0
> > Number of virt events: 0
> > Number of keys: 0
> > Number of process IDs: 10864
> > Number of events: 70010
>
>
> I would suspect some environment variables are off, or the become logic is
> off.
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CAF8BbLZFB-YstTHGBUBHY1uCdtf5B9_eSGhY%3DmEQmEO09pwGeg%40mail.gmail.com.
