1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
|
# platform = multi_platform_all
# reboot = false
# strategy = configure
# complexity = low
# disruption = medium
- name: '{{{ rule_title }}} - Set rsyslog logfile configuration facts'
ansible.builtin.set_fact:
rsyslog_etc_config: "/etc/rsyslog.conf"
# * And also the log file paths listed after rsyslog's $IncludeConfig directive
# (store the result into array for the case there's shell glob used as value of IncludeConfig)
# note: on debian operating systems, /bin/sh is a symlink that point to /bin/dash shell. Dash lacks the pipefail option, so the
# set -o pipefail
# line should be escaped.
- name: '{{{ rule_title }}} - Get IncludeConfig directive'
ansible.builtin.shell: |
{{%- if not 'debian' in product %}}
set -o pipefail{{% endif %}}
grep -e '$IncludeConfig' {{ rsyslog_etc_config }} | cut -d ' ' -f 2 || true
register: rsyslog_old_inc
changed_when: False
- name: '{{{ rule_title }}} - Get include files directives'
ansible.builtin.shell: |
{{%- if not 'debian' in product %}}
set -o pipefail{{% endif %}}
awk '/)/{f=0} /include\(/{f=1} f{ nf=gensub("^(include\\(|\\s*)file=\"(\\S+)\".*","\\2",1); if($0!=nf){ print nf }}' {{ rsyslog_etc_config }} || true
register: rsyslog_new_inc
changed_when: False
- name: '{{{ rule_title }}} - Aggregate rsyslog includes'
ansible.builtin.set_fact:
include_config_output: "{{ rsyslog_old_inc.stdout_lines + rsyslog_new_inc.stdout_lines }}"
when: rsyslog_old_inc is not skipped and rsyslog_new_inc is not skipped
- name: '{{{ rule_title }}} - List all config files'
ansible.builtin.find:
paths: "{{ item | dirname }}"
patterns: "{{ item | basename }}"
hidden: no
follow: yes
loop: "{{ include_config_output | list + [rsyslog_etc_config] }}"
when: include_config_output is defined
register: rsyslog_config_files
failed_when: False
changed_when: False
- name: '{{{ rule_title }}} - Extract log files old format'
ansible.builtin.shell: |
{{%- if not 'debian' in product %}}
set -o pipefail{{% endif %}}
grep -oP '^[^(\s|#|\$)]+[\s]+.*[\s]+-?(/+[^:;\s]+);*\.*$' {{ item.1.path }} | \
awk '{print $NF}' | \
sed -e 's/^-//' || true
loop: "{{ rsyslog_config_files.results | default([]) | subelements('files') }}"
register: log_files_old
changed_when: False
when: rsyslog_config_files is not skipped
- name: '{{{ rule_title }}} - Extract log files new format'
ansible.builtin.shell: |
{{%- if not 'debian' in product %}}
set -o pipefail{{% endif %}}
grep -ozP "action\s*\(\s*type\s*=\s*\"omfile\"[^\)]*\)" {{ item.1.path }} | \
grep -aoP "\bFile\s*=\s*\"([/[:alnum:][:punct:]]*)\"\s*\)" | \
grep -oE "\"([/[:alnum:][:punct:]]*)\"" | \
tr -d "\""|| true
loop: "{{ rsyslog_config_files.results | default([]) | subelements('files') }}"
register: log_files_new
changed_when: False
when: rsyslog_config_files is not skipped
- name: '{{{ rule_title }}} - Sum all log files found'
ansible.builtin.set_fact:
log_files: >-
{{ log_files_new.results | map(attribute='stdout_lines')
| list | flatten | unique + log_files_old.results
| map(attribute='stdout_lines') | list | flatten | unique
}}
- name: '{{{ rule_title }}} -Setup log files attribute'
ansible.builtin.file:
path: "{{ item }}"
{{{ 'owner: "' ~ VALUE ~ '"' if ATTRIBUTE == "owner" }}}
{{{- 'group: "' ~ VALUE ~ '"' if ATTRIBUTE == "groupowner" }}}
{{{- 'mode: "' ~ VALUE ~ '"' if ATTRIBUTE == "permissions" }}}
state: file
loop: "{{ log_files | list | flatten | unique }}"
failed_when: false
|
