Exit with zero status when denials are not found in audit log
When no denials are found in the audit log file, grep will exit with 1 and this ansible task will be caught by the callback as a failed task. Change-Id: I95f782c02bdf3446f6b6e461973e8226a8d2a699 Signed-off-by: Gael Chamoulaud (Strider) <gchamoul@redhat.com>
This commit is contained in:
parent
d3c563e3ba
commit
95ca84c592
|
@ -53,11 +53,11 @@
|
||||||
|
|
||||||
- name: Fetch denials from auditlog
|
- name: Fetch denials from auditlog
|
||||||
become: true
|
become: true
|
||||||
ignore_errors: true
|
failed_when: false
|
||||||
changed_when: false
|
changed_when: false
|
||||||
shell: |
|
shell: |
|
||||||
set -o pipefail
|
set -o pipefail
|
||||||
grep denied {{ validate_selinux_audit_source }} > /tmp/denials.log
|
grep -i denied {{ validate_selinux_audit_source }} > /tmp/denials.log || (echo "No denials found in auditlog"; exit 0)
|
||||||
|
|
||||||
- name: Get stat for denials.log
|
- name: Get stat for denials.log
|
||||||
stat:
|
stat:
|
||||||
|
|
Loading…
Reference in New Issue