updated features facts and audit fetch

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

defaults/main.yml

@@ -106,10 +106,6 @@ audit_conf_dest: "/opt"
 # Where the audit logs are stored
 audit_log_dir: '/opt'
 
-## Ability to collect and take audit files moving to a centralised location
-# This enables the collection of the files from the host
-fetch_audit_output: false
-
 # Method of getting,uploading the summary files
 ## Ensure access and permissions are avaiable for these to occur.
 ## options are

tasks/audit_only.yml

@@ -10,14 +10,6 @@
   delegate_to: localhost
   become: false
 
-- name: Audit_only | Get audits from systems and put in group dir
-  when: fetch_audit_files
-  ansible.builtin.fetch:
-    dest: "{{ audit_capture_files_dir }}/{{ inventory_hostname }}/"
-    flat: true
-    mode: 'go-wx'
-    src: "{{ pre_audit_outfile }}"
-
 - name: Audit_only | Show Audit Summary
   when: audit_only
   ansible.builtin.debug:

tasks/fetch_audit_output.yml

@@ -2,7 +2,7 @@
 
 # Stage to copy audit output to a centralised location
 
-- name: "FETCH_AUDIT_FILES | Fetch files and copy to controller"
+- name: "POST | FETCH | Fetch files and copy to controller"
   when: audit_output_collection_method == "fetch"
   ansible.builtin.fetch:
     src: "{{ item }}"
@@ -17,7 +17,7 @@
 
 # Added this option for continuity but could be changed by adjusting the variable audit_conf_dest
 # Allowing backup to one location
-- name: "FETCH_AUDIT_FILES | Copy files to location available to managed node"
+- name: "POST | FETCH | Copy files to location available to managed node"
   when: audit_output_collection_method == "copy"
   ansible.builtin.copy:
     src: "{{ item }}"
@@ -25,21 +25,21 @@
     mode: 'u-x,go-wx'
     flat: true
   failed_when: false
-  register: discovered_audit_fetch_copy_state
+  register: discovered_audit_copy_state
   loop:
-    - pre_audit_outfile
+    - "{{ pre_audit_outfile }}"
-    - post_audit_outfile
+    - "{{ post_audit_outfile }}"
 
-- name: "FETCH_AUDIT_FILES | Fetch files and copy to controller | Warning if issues with fetch_audit_files"
+- name: "POST | FETCH | Fetch files and copy to controller | Warning if issues with fetch_audit_files"
   when:
-    - (discovered_audit_fetch_state is defined and not discovered_audit_fetch_state.changed) or
+    - (audit_output_collection_method == "fetch" and not discovered_audit_fetch_state.changed) or
-      (discovered_audit_copy_state is defined and not discovered_audit_copy_state.changed)
+      (audit_output_collection_method == "copy" and not discovered_audit_copy_state.changed)
   block:
-    - name: "FETCH_AUDIT_FILES | Fetch files and copy to controller | Warning if issues with fetch_audit_files"
+    - name: "POST | FETCH | Fetch files and copy to controller | Warning if issues with fetch_audit_files"
       ansible.builtin.debug:
         msg: "Warning!! Unable to write to localhost {{ audit_output_destination }} for audit file copy"
 
-    - name: "FETCH_AUDIT_FILES | Fetch files and copy to controller | Warning if issues with fetch_audit_files"
+    - name: "POST | FETCH | Fetch files and copy to controller | Warning if issues with fetch_audit_files"
       vars:
         warn_control_id: "FETCH_AUDIT_FILES"
       ansible.builtin.import_tasks:

tasks/main.yml

@@ -169,13 +169,16 @@
   ansible.builtin.import_tasks:
     file: post_remediation_audit.yml
 
-- name: Add ansible file showing Benchmark and levels applied
+- name: Add ansible file showing Benchmark and levels applied if audit details not present
-  when: create_benchmark_facts
+  when:
+    - create_benchmark_facts
+    - (post_audit_summary is defined) or
+      (ansible_local['compliance_facts']['lockdown_audit_details']['audit_summary'] is undefined and post_audit_summary is undefined)
   tags:
     - always
     - benchmark
   block:
-    - name: Create ansible facts directory
+    - name: Create ansible facts directory if audit facts not present
       ansible.builtin.file:
         path: "{{ ansible_facts_path }}"
         state: directory
@@ -183,13 +186,13 @@
         group: root
         mode: 'u=rwx,go=rx'
 
-    - name: Create ansible facts file
+    - name: Create ansible facts file and levels applied if audit facts not present
       ansible.builtin.template:
         src: etc/ansible/compliance_facts.j2
         dest: "{{ ansible_facts_path }}/compliance_facts.fact"
         owner: root
         group: root
-        mode: "u-x,go-wx"
+        mode: 'u-x,go=r'
 
 - name: Fetch audit files
   when:
@@ -198,7 +201,6 @@
   tags: always
   ansible.builtin.import_tasks:
     file: fetch_audit_output.yml
-
 - name: Show Audit Summary
   when: run_audit
   tags: run_audit

templates/etc/ansible/compliance_facts.j2

@@ -29,6 +29,7 @@ Level_2_workstation_tag_run = true
 [lockdown_audit_details]
 {% if run_audit %}
 # Audit run
+audit_run_date = {{ '%Y-%m-%d - %H:%M:%S' | ansible.builtin.strftime }}
 audit_file_local_location = {{ audit_log_dir }}
 {% if not audit_only %}
 audit_summary = {{ post_audit_results }}