posted 11 months ago
I'm working on an Ansible playbook to set permissions for initialization files in user home directories to meet STIG requirements. However, I'm running into an issue with the 'Correct file permissions' task, where I get the following error:
fatal: [SERVER_NAME]: FAILED! => { "msg": "The conditional check 'init_files.results | map(attribute='files') | flatten | length > 0' failed. The error was: Could not load \"length\": 'length'\n line 0\n\nThe error appears to be in '/home/path/to/playbook/tasks/playbook name.yml': line 21, column 7, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n - name: Correct file permissions\n ^ here\n" }
Here's the snippet of the playbook causing the issue:
The task before 'Correct file permissions' is supposed to find all hidden files within the user's home directory and register the results. I expected to loop over these results to correct file permissions but it seems like the init_files variable is not structured as anticipated. I've attempted to debug with a var output, but the issue persists.
Can someone help me understand why the init_files variable isn't structured with a files attribute as the find module documentation suggests, or point out what I might be doing wrong?
Here is what I have tried: Checked for invisible characters or issues with line endings using :set list in vi. Ensured that the indentation is consistent throughout the playbook. Replaced select('length') | list | length with flatten | length in the when conditional. Verified the Ansible and Jinja2 documentation for the correct syntax and usage of filters and conditionals.
The Stig: Check Text: Verify that all local initialization files have a mode of "0740" or less permissive with the following command:
Note: The example will be for the "smithj" user, who has a home directory of "/home/smithj".
If any local initialization files have a mode more permissive than "0740", this is a finding.
Any help or resources for troubleshooting this playbook would be greatly appreciated.
ansible, yaml, ansible-playbook, stig-compliance