Merge pull request #11170 from rumch-se/fix_in_audit_rules_suid_privilege_function

vojtapolasek · web-flow · commit c69454d1b476 · 2023-12-05T11:38:25.000+01:00
A fix into ansible part of the rule audit_rules_suid_privilege_function
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/ansible/shared.yml
@@ -26,13 +26,6 @@
 - name: Service facts
   ansible.builtin.service_facts:
 
-- name: Check the rules script being used
-  ansible.builtin.command:
-    grep '^ExecStartPost' /usr/lib/systemd/system/auditd.service
-  register: check_rules_scripts_result
-  changed_when: false
-  failed_when: false
-
 - name: Set suid_audit_rules fact
   ansible.builtin.set_fact:
     suid_audit_rules:
@@ -52,8 +45,8 @@
     regexp: "{{ item.regex }}"
     create: yes
   when:
-    - '"auditd.service" in ansible_facts.services'
-    - '"augenrules" in check_rules_scripts_result.stdout'
+    - ('"auditd.service" in ansible_facts.services' or 
+        '"augenrules.service" in ansible_facts.services')
   register: augenrules_audit_rules_privilege_function_update_result
   with_items: "{{ suid_audit_rules }}"
 
@@ -64,10 +57,11 @@
     regexp: "{{ item.regex }}"
     create: yes
   when:
-    - '"auditd.service" in ansible_facts.services'
-    - '"auditctl" in check_rules_scripts_result.stdout'
+    - ('"auditd.service" in ansible_facts.services' or 
+        '"augenrules.service" in ansible_facts.services')
   register: auditctl_audit_rules_privilege_function_update_result
   with_items: "{{ suid_audit_rules }}"
+
 {{%- if product in ['sle12', 'sle15'] %}}
 - name: Restart auditd.service
   ansible.builtin.systemd:
