I am running this in my task file (tried shell, command, and raw). Any idea why and how to work around the issue?:
name: Check number of AVCs
ansible.builtin.raw: “aureport | grep -i avc”
register: avcreport
debug:
var: avcreport
It returns a report with all zero values, but if I run this directly on a server I get non-zero values. Can’t seem to figure out why:
“aureport_output.stdout_lines”: [
“”,
“Summary Report”,
“======================”,
“Range of time in logs: 01/01/1970 00:00:00.000 - 01/01/1970 00:00:00.000”,
“Selected time for report: 01/01/1970 00:00:00 - 01/01/1970 00:00:00.000”,
“Number of changes in configuration: 0”,
“Number of changes to accounts, groups, or roles: 0”,
“Number of logins: 0”,
“Number of failed logins: 0”,
“Number of authentications: 0”,
“Number of failed authentications: 0”,
“Number of users: 0”,
“Number of terminals: 0”,
“Number of host names: 0”,
“Number of executables: 0”,
“Number of commands: 0”,
“Number of files: 0”,
“Number of AVC’s: 0”,
“Number of MAC events: 0”,
“Number of failed syscalls: 0”,
“Number of anomaly events: 0”,
“Number of responses to anomaly events: 0”,
“Number of crypto events: 0”,
“Number of integrity events: 0”,
“Number of virt events: 0”,
“Number of keys: 0”,
“Number of process IDs: 0”,
“Number of events: 0”
I am running this in my task file (tried shell, command, and raw). Any idea why and how to work around the issue?:
- name: Check number of AVCs
ansible.builtin.raw: "aureport | grep -i avc"
register: avcreport
- debug:
var: avcreport
It returns a report with all zero values, but if I run this directly on a server I get non-zero values. Can't seem to figure out why:
"aureport_output.stdout_lines": [
"",
"Summary Report",
"======================",
"Range of time in logs: 01/01/1970 00:00:00.000 - 01/01/1970 00:00:00.000",
"Selected time for report: 01/01/1970 00:00:00 - 01/01/1970 00:00:00.000",
"Number of changes in configuration: 0",
"Number of changes to accounts, groups, or roles: 0",
"Number of logins: 0",
"Number of failed logins: 0",
"Number of authentications: 0",
"Number of failed authentications: 0",
"Number of users: 0",
"Number of terminals: 0",
"Number of host names: 0",
"Number of executables: 0",
"Number of commands: 0",
"Number of files: 0",
"Number of AVC's: 0",
"Number of MAC events: 0",
"Number of failed syscalls: 0",
"Number of anomaly events: 0",
"Number of responses to anomaly events: 0",
"Number of crypto events: 0",
"Number of integrity events: 0",
"Number of virt events: 0",
"Number of keys: 0",
"Number of process IDs: 0",
"Number of events: 0"
This is NOT the output of the task you posted above, because that
command with the piped grep cannot return all those lines.
Can you post accurate playbooks and output?
Directly on the server I get this:
Summary Report
Range of time in logs: 05/08/2024 02:48:03.967 - 05/08/2024 22:10:09.990
Selected time for report: 05/08/2024 02:48:03 - 05/08/2024 22:10:09.990
Number of changes in configuration: 0
Number of changes to accounts, groups, or roles: 0
Number of logins: 15
Number of failed logins: 705
Number of authentications: 3
Number of failed authentications: 0
Number of users: 3
Number of terminals: 6
Number of host names: 5
Number of executables: 21
Number of commands: 31
Number of files: 1401
Number of AVC's: 15184
Number of MAC events: 1124
Number of failed syscalls: 544
Number of anomaly events: 0
Number of responses to anomaly events: 0
Number of crypto events: 4990
Number of integrity events: 0
Number of virt events: 0
Number of keys: 0
Number of process IDs: 10864
Number of events: 70010
I would suspect some environment variables are off, or the become logic is off.