Make sure not to run ansible procedure in check mode

[teacup-on-rockingchair]

Description:

• Minor patch in ansible remediation for aide_periodic_checking_systemd_timer

Rationale:

• Make sure that ansible remediation proc in aide_periodic_checking_systemd_timer is not executed in check_mode

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[jan-cerny]

@teacup-on-rockingchair Why shouldn't these tasks be run in check mode? Does it produce any problems or fails? What specific failure did you encoutner? Ansible's systemd module already supports check mode natively. When Ansible runs in check mode, the tasks would report what would change without actually making changes.

[teacup-on-rockingchair]

@teacup-on-rockingchair Why shouldn't these tasks be run in check mode? Does it produce any problems or fails? What specific failure did you encoutner? Ansible's systemd module already supports check mode natively. When Ansible runs in check mode, the tasks would report what would change without actually making changes.

Yes it was raising errors

[github-actions]

This datastream diff is auto generated by the check Compare DS/Generate Diff

Click here to see the full diff

OCIL for rule 'xccdf_org.ssgproject.content_rule_file_groupownership_system_commands_dirs' differs.
--- ocil:ssg-file_groupownership_system_commands_dirs_ocil:questionnaire:1
+++ ocil:ssg-file_groupownership_system_commands_dirs_ocil:questionnaire:1
@@ -1,4 +1,5 @@
 Verify the system commands contained in the following directories are group-owned by "root", or a required system account, with the following command:
+
 $ sudo find -L /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin ! -group root -exec ls -l {} \;
       Is it the case that any system commands are returned and is not group-owned by a required system account?
       
bash remediation for rule 'xccdf_org.ssgproject.content_rule_audit_rules_suid_privilege_function' differs.
--- xccdf_org.ssgproject.content_rule_audit_rules_suid_privilege_function
+++ xccdf_org.ssgproject.content_rule_audit_rules_suid_privilege_function
@@ -8,7 +8,9 @@
 for ARCH in "${RULE_ARCHS[@]}"
 do
 	ACTION_ARCH_FILTERS="-a always,exit -F arch=$ARCH"
+    
 	OTHER_FILTERS="-C uid!=euid -F euid=0"
+	
 	AUID_FILTERS=""
 	SYSCALL="execve"
     
@@ -326,7 +328,9 @@
 for ARCH in "${RULE_ARCHS[@]}"
 do
 	ACTION_ARCH_FILTERS="-a always,exit -F arch=$ARCH"
+    
 	OTHER_FILTERS="-C gid!=egid -F egid=0"
+	
 	AUID_FILTERS=""
 	SYSCALL="execve"
     

[openshift-ci]

@teacup-on-rockingchair: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-aws-openshift-platform-compliance	1537c1c	link	true	/test e2e-aws-openshift-platform-compliance
ci/prow/e2e-aws-openshift-node-compliance	1537c1c	link	true	/test e2e-aws-openshift-node-compliance

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.