From b87b0e68c3c0cfb9439f8b9b5bb1c553d1a53de0 Mon Sep 17 00:00:00 2001
From: Vojtech Polasek <vpolasek@redhat.com>
Date: Tue, 28 Apr 2020 17:10:25 +0200
Subject: [PATCH] fix regex and remove recurse from tasks

---
 shared/macros-ansible.jinja | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/shared/macros-ansible.jinja b/shared/macros-ansible.jinja
index 884b562ae4..92ee35e08c 100644
--- a/shared/macros-ansible.jinja
+++ b/shared/macros-ansible.jinja
@@ -277,6 +277,7 @@ regex_replace("\(n\)\*", "\\n")
 {{% macro ansible_deregexify_banner_backslash() -%}}
 regex_replace("\\", "")
 {{%- endmacro %}}
+
 {{#
 The following macro remediates one audit watch rule in /etc/audit/rules.d directory.
 The macro requires following parameters:
@@ -289,7 +290,6 @@ in some file within /etc/audit/rules.d/, the new rule will be appended to this f
 - name: Check if watch rule for {{{ path }}} already exists in /etc/audit/rules.d/
   find:
     paths: "/etc/audit/rules.d"
-    recurse: no
     contains: '^\s*-w\s+{{{ path }}}\s+-p\s+{{{ permissions }}}(\s|$)+'
     patterns: "*.rules"
   register: find_existing_watch_rules_d
@@ -297,8 +297,7 @@ in some file within /etc/audit/rules.d/, the new rule will be appended to this f
 - name: Search /etc/audit/rules.d for other rules with specified key {{{ key }}}
   find:
     paths: "/etc/audit/rules.d"
-    recurse: no
-    contains: "^.*(-F key=)(|-k ){{{ key }}}$"
+    contains: '^.*(?:-F key=|-k\s+){{{ key }}}$'
     patterns: "*.rules"
   register: find_watch_key
   when: find_existing_watch_rules_d.matched is defined and find_existing_watch_rules_d.matched == 0