From b87b0e68c3c0cfb9439f8b9b5bb1c553d1a53de0 Mon Sep 17 00:00:00 2001

From: Vojtech Polasek <vpolasek@redhat.com>

Date: Tue, 28 Apr 2020 17:10:25 +0200

Subject: [PATCH] fix regex and remove recurse from tasks

---

 shared/macros-ansible.jinja | 5 ++---

 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/shared/macros-ansible.jinja b/shared/macros-ansible.jinja

index 884b562ae4..92ee35e08c 100644

--- a/shared/macros-ansible.jinja

+++ b/shared/macros-ansible.jinja

@@ -277,6 +277,7 @@ regex_replace("\(n\)\*", "\\n")

 {{% macro ansible_deregexify_banner_backslash() -%}}

 regex_replace("\\", "")

 {{%- endmacro %}}

+

 {{#

 The following macro remediates one audit watch rule in /etc/audit/rules.d directory.

 The macro requires following parameters:

@@ -289,7 +290,6 @@ in some file within /etc/audit/rules.d/, the new rule will be appended to this f

 - name: Check if watch rule for {{{ path }}} already exists in /etc/audit/rules.d/

   find:

     paths: "/etc/audit/rules.d"

-    recurse: no

     contains: '^\s*-w\s+{{{ path }}}\s+-p\s+{{{ permissions }}}(\s|$)+'

     patterns: "*.rules"

   register: find_existing_watch_rules_d

@@ -297,8 +297,7 @@ in some file within /etc/audit/rules.d/, the new rule will be appended to this f

 - name: Search /etc/audit/rules.d for other rules with specified key {{{ key }}}

   find:

     paths: "/etc/audit/rules.d"

-    recurse: no

-    contains: "^.*(-F key=)(|-k ){{{ key }}}$"

+    contains: '^.*(?:-F key=|-k\s+){{{ key }}}$'

     patterns: "*.rules"

   register: find_watch_key

   when: find_existing_watch_rules_d.matched is defined and find_existing_watch_rules_d.matched == 0