2017-04-17 01:50:25 +02:00
|
|
|
---
|
|
|
|
|
## manage install when some directories are immutable
|
|
|
|
|
## requires target_dir, state=pre/post
|
|
|
|
|
|
2019-11-10 02:23:43 +01:00
|
|
|
- name: Check if system configured with immutable handled - juju4.harden
|
|
|
|
|
stat:
|
|
|
|
|
path: /etc/apt/apt.conf.d/99security
|
|
|
|
|
register: imm
|
|
|
|
|
|
2017-04-17 01:50:25 +02:00
|
|
|
- block:
|
|
|
|
|
## Ansible 2.3+ for get_attributes
|
|
|
|
|
- name: check target_dir {{ target_dir }} attributes
|
|
|
|
|
# stat:
|
|
|
|
|
# path: "{{ target_dir }}"
|
|
|
|
|
# get_attributes: yes
|
|
|
|
|
command: "lsattr -d '{{ target_dir }}'"
|
|
|
|
|
register: dir
|
|
|
|
|
changed_when: false
|
|
|
|
|
ignore_errors: true
|
|
|
|
|
|
|
|
|
|
- name: Remove immutable attribute
|
|
|
|
|
command: "chattr -i '{{ target_dir }}'"
|
|
|
|
|
ignore_errors: true
|
|
|
|
|
when: dir.stdout.find('-i-') != -1
|
2019-11-10 02:23:43 +01:00
|
|
|
when: state == 'pre' and imm.stat.exists
|
2017-04-17 01:50:25 +02:00
|
|
|
|
|
|
|
|
- name: Reestablish immutable attribute
|
|
|
|
|
command: "chattr +i '{{ target_dir }}'"
|
|
|
|
|
# file:
|
|
|
|
|
# dest: "{{ target_dir }}"
|
|
|
|
|
# attributes: '----i-----I--e--'
|
2019-11-10 02:23:43 +01:00
|
|
|
when: state == 'post' and imm.stat.exists
|
2017-04-17 01:50:25 +02:00
|
|
|
ignore_errors: true
|
