test0820f3

Young-Kyoo Kim·2025년 8월 20일
---
- name: Clear Service Status Check (auditd & mlocate focus)
  hosts: all
  gather_facts: yes
  vars:
    service_check_results: []
  
  tasks:
    - name: Check if auditd service unit file exists
      stat:
        path: /usr/lib/systemd/system/auditd.service
      register: auditd_unit_file
      
    - name: Check auditd service status only if unit exists
      systemd:
        name: auditd
      register: auditd_status
      failed_when: false
      when: auditd_unit_file.stat.exists
      
    - name: Check if mlocate-updatedb.timer exists
      stat:
        path: /usr/lib/systemd/system/mlocate-updatedb.timer
      register: mlocate_timer_file
      
    - name: Check mlocate updatedb timer status
      systemd:
        name: mlocate-updatedb.timer
      register: mlocate_timer_status
      failed_when: false
      when: mlocate_timer_file.stat.exists
      
    - name: Check if updatedb.timer exists (alternative)
      stat:
        path: /usr/lib/systemd/system/updatedb.timer
      register: updatedb_timer_file
      
    - name: Check updatedb timer status
      systemd:
        name: updatedb.timer
      register: updatedb_timer_status
      failed_when: false
      when: updatedb_timer_file.stat.exists and not mlocate_timer_file.stat.exists
      
    - name: Check if mlocate package is installed
      package_facts:
        manager: rpm
      
    - name: Check locate database paths
      stat:
        path: "{{ item }}"
      register: locate_db_paths
      loop:
        - /var/lib/mlocate/mlocate.db
        - /var/lib/locate/locatedb
        - /var/lib/slocate/slocate.db
        
    - name: Analyze service status
      set_fact:
        node_result:
          hostname: "{{ inventory_hostname }}"
          os_info: "{{ ansible_distribution }} {{ ansible_distribution_version }}"
          auditd:
            service_exists: "{{ auditd_unit_file.stat.exists }}"
            status: "{{ auditd_status.status.ActiveState if (auditd_unit_file.stat.exists and auditd_status.status is defined) else 'N/A' }}"
            enabled: "{{ auditd_status.status.UnitFileState if (auditd_unit_file.stat.exists and auditd_status.status is defined) else 'N/A' }}"
            running: "{{ auditd_status.status.ActiveState == 'active' if (auditd_unit_file.stat.exists and auditd_status.status is defined) else false }}"
          mlocate:
            package_installed: "{{ 'mlocate' in ansible_facts.packages or 'plocate' in ansible_facts.packages }}"
            timer_exists: "{{ mlocate_timer_file.stat.exists or updatedb_timer_file.stat.exists }}"
            timer_service: "{{ 'mlocate-updatedb.timer' if mlocate_timer_file.stat.exists else ('updatedb.timer' if updatedb_timer_file.stat.exists else 'none') }}"
            timer_status: "{{ mlocate_timer_status.status.ActiveState if mlocate_timer_status.status is defined else (updatedb_timer_status.status.ActiveState if updatedb_timer_status.status is defined else 'N/A') }}"
            timer_running: "{{ (mlocate_timer_status.status.ActiveState == 'active') if mlocate_timer_status.status is defined else ((updatedb_timer_status.status.ActiveState == 'active') if updatedb_timer_status.status is defined else false) }}"
            db_exists: "{{ locate_db_paths.results | selectattr('stat.exists', 'equalto', true) | list | length > 0 }}"
            db_path: "{{ (locate_db_paths.results | selectattr('stat.exists', 'equalto', true) | first).item if locate_db_paths.results | selectattr('stat.exists', 'equalto', true) | list | length > 0 else 'none' }}"
            db_size_mb: "{{ ((locate_db_paths.results | selectattr('stat.exists', 'equalto', true) | first).stat.size / 1024 / 1024) | round(2) if locate_db_paths.results | selectattr('stat.exists', 'equalto', true) | list | length > 0 else 0 }}"
            
    - name: Display clear service status
      debug:
        msg: |
          
          ================================================
          HOST: {{ inventory_hostname }} ({{ ansible_distribution }} {{ ansible_distribution_version }})
          ================================================
          
          🔍 AUDITD SERVICE ANALYSIS:
          {% if node_result.auditd.service_exists %}
          ✅ Service Definition: FOUND (/usr/lib/systemd/system/auditd.service)
          {% if node_result.auditd.running %}
          ✅ Current Status: ACTIVE AND RUNNING
          {% else %}
          ❌ Current Status: {{ node_result.auditd.status | upper }} (NOT RUNNING)
          {% endif %}
          📋 Boot Status: {{ node_result.auditd.enabled | upper }}
          {% else %}
          ❌ Service Definition: NOT FOUND
          ❌ auditd is NOT INSTALLED on this system
          {% endif %}
          
          📍 MLOCATE/LOCATE SERVICE ANALYSIS:
          {% if node_result.mlocate.package_installed %}
          ✅ Package: INSTALLED (mlocate or plocate found)
          {% else %}
          ❌ Package: NOT INSTALLED
          {% endif %}
          
          {% if node_result.mlocate.timer_exists %}
          ✅ Timer Service: FOUND ({{ node_result.mlocate.timer_service }})
          {% if node_result.mlocate.timer_running %}
          ✅ Timer Status: ACTIVE AND RUNNING
          {% else %}
          ❌ Timer Status: {{ node_result.mlocate.timer_status | upper }} (NOT RUNNING)
          {% endif %}
          {% else %}
          ❌ Timer Service: NOT FOUND
          {% endif %}
          
          {% if node_result.mlocate.db_exists %}
          ✅ Locate Database: FOUND
          📁 Path: {{ node_result.mlocate.db_path }}
          📏 Size: {{ node_result.mlocate.db_size_mb }}MB
          {% else %}
          ❌ Locate Database: NOT FOUND
          {% endif %}
          
          🎯 SUMMARY:
          {% if node_result.auditd.service_exists and node_result.auditd.running %}
          ✅ auditd: FULLY OPERATIONAL
          {% elif node_result.auditd.service_exists %}
          ⚠️  auditd: INSTALLED BUT NOT RUNNING
          {% else %}
          ❌ auditd: NOT INSTALLED
          {% endif %}
          
          {% if node_result.mlocate.package_installed and node_result.mlocate.timer_running and node_result.mlocate.db_exists %}
          ✅ mlocate: FULLY OPERATIONAL
          {% elif node_result.mlocate.package_installed %}
          ⚠️  mlocate: INSTALLED BUT NOT FULLY FUNCTIONAL
          {% else %}
          ❌ mlocate: NOT INSTALLED
          {% endif %}
          
    - name: Add to results collection
      set_fact:
        service_check_results: "{{ service_check_results + [node_result] }}"
      delegate_to: localhost
      delegate_facts: true

- name: Generate Summary Report
  hosts: localhost
  gather_facts: no
  
  tasks:
    - name: Calculate statistics
      set_fact:
        total_nodes: "{{ service_check_results | length }}"
        auditd_installed: "{{ service_check_results | selectattr('auditd.service_exists', 'equalto', true) | list | length }}"
        auditd_running: "{{ service_check_results | selectattr('auditd.running', 'equalto', true) | list | length }}"
        mlocate_installed: "{{ service_check_results | selectattr('mlocate.package_installed', 'equalto', true) | list | length }}"
        mlocate_functional: "{{ service_check_results | selectattr('mlocate.package_installed', 'equalto', true) | selectattr('mlocate.timer_running', 'equalto', true) | selectattr('mlocate.db_exists', 'equalto', true) | list | length }}"
        
    - name: Display final summary
      debug:
        msg: |
          
          ================================================
          📊 OVERALL SUMMARY REPORT
          ================================================
          
          Total Nodes Analyzed: {{ total_nodes }}
          
          🔍 AUDITD SERVICE:
          ├─ Installed: {{ auditd_installed }}/{{ total_nodes }} nodes ({{ ((auditd_installed / total_nodes) * 100) | round(1) }}%)
          ├─ Running: {{ auditd_running }}/{{ total_nodes }} nodes ({{ ((auditd_running / total_nodes) * 100) | round(1) }}%)
          └─ Issues: {{ service_check_results | selectattr('auditd.service_exists', 'equalto', false) | map(attribute='hostname') | join(', ') if (total_nodes - auditd_installed) > 0 else 'None' }}
          
          📍 MLOCATE SERVICE:
          ├─ Installed: {{ mlocate_installed }}/{{ total_nodes }} nodes ({{ ((mlocate_installed / total_nodes) * 100) | round(1) }}%)
          ├─ Fully Functional: {{ mlocate_functional }}/{{ total_nodes }} nodes ({{ ((mlocate_functional / total_nodes) * 100) | round(1) }}%)
          └─ Issues: {{ service_check_results | selectattr('mlocate.package_installed', 'equalto', false) | map(attribute='hostname') | join(', ') if (total_nodes - mlocate_installed) > 0 else 'None' }}
          
          {% if auditd_running < total_nodes %}
          
          ⚠️  AUDITD ISSUES DETECTED:
          {% for node in service_check_results %}
          {% if not node.auditd.service_exists %}
          ❌ {{ node.hostname }}: auditd NOT INSTALLED
          {% elif not node.auditd.running %}
          ⚠️  {{ node.hostname }}: auditd installed but {{ node.auditd.status }}
          {% endif %}
          {% endfor %}
          {% endif %}
          
          {% if mlocate_functional < mlocate_installed %}
          
          ⚠️  MLOCATE ISSUES DETECTED:
          {% for node in service_check_results %}
          {% if node.mlocate.package_installed and not (node.mlocate.timer_running and node.mlocate.db_exists) %}
          ⚠️  {{ node.hostname }}: mlocate installed but timer={{ node.mlocate.timer_status }}, db={{ 'exists' if node.mlocate.db_exists else 'missing' }}
          {% endif %}
          {% endfor %}
          {% endif %}
          
    - name: Generate clear status report
      copy:
        content: |
          Hostname,OS,auditd_Installed,auditd_Running,auditd_Status,mlocate_Installed,mlocate_Timer_Running,mlocate_DB_Exists,Overall_auditd,Overall_mlocate
          {% for node in service_check_results -%}
          {{ node.hostname }},{{ node.os_info }},{{ node.auditd.service_exists }},{{ node.auditd.running }},{{ node.auditd.status }},{{ node.mlocate.package_installed }},{{ node.mlocate.timer_running }},{{ node.mlocate.db_exists }},{{ 'OK' if node.auditd.running else ('INSTALLED' if node.auditd.service_exists else 'MISSING') }},{{ 'OK' if (node.mlocate.package_installed and node.mlocate.timer_running and node.mlocate.db_exists) else ('PARTIAL' if node.mlocate.package_installed else 'MISSING') }}
          {% endfor %}
        dest: "./clear_service_status.csv"
        
    - name: Display action recommendations
      debug:
        msg: |
          
          ================================================
          🔧 RECOMMENDED ACTIONS
          ================================================
          
          {% if auditd_installed < total_nodes %}
          📥 Install auditd on missing nodes:
          sudo yum install audit (RHEL/CentOS)
          {% endif %}
          
          {% if auditd_running < auditd_installed %}
          🚀 Start auditd service on inactive nodes:
          sudo systemctl start auditd
          sudo systemctl enable auditd
          {% endif %}
          
          {% if mlocate_installed < total_nodes %}
          📥 Install mlocate on missing nodes:
          sudo yum install mlocate (RHEL/CentOS)
          {% endif %}
          
          {% if mlocate_functional < mlocate_installed %}
          🚀 Fix mlocate issues:
          sudo systemctl start mlocate-updatedb.timer
          sudo systemctl enable mlocate-updatedb.timer
          sudo updatedb  # Manual database update
          {% endif %}
          
          📄 Detailed report saved: ./clear_service_status.csv

0개의 댓글