improve ansible facts conditionals

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

tasks/main.yml

@@ -213,13 +213,16 @@
   ansible.builtin.import_tasks:
     file: post_remediation_audit.yml
 
-- name: Add ansible file showing Benchmark and levels applied
-  when: create_benchmark_facts
+- name: Add ansible file showing Benchmark and levels applied if audit details not present
+  when:
+    - create_benchmark_facts
+    - (post_audit_summary is defined) or
+      (ansible_local['compliance_facts']['lockdown_audit_details']['audit_summary'] is undefined and post_audit_summary is undefined)
   tags:
     - always
     - benchmark
   block:
-    - name: Create ansible facts directory
+    - name: Create ansible facts directory if audit facts not present
       ansible.builtin.file:
         path: "{{ ansible_facts_path }}"
         state: directory
@@ -227,13 +230,13 @@
         group: root
         mode: 'u=rwx,go=rx'
 
-    - name: Create ansible facts file
+    - name: Create ansible facts file and levels applied if audit facts not present
       ansible.builtin.template:
         src: etc/ansible/compliance_facts.j2
         dest: "{{ ansible_facts_path }}/compliance_facts.fact"
         owner: root
         group: root
-        mode: "u-x,go-wx"
+        mode: 'u-x,go=r'
 
 - name: Fetch audit files
   when:

templates/etc/ansible/compliance_facts.j2

@@ -29,6 +29,7 @@ Level_2_workstation_tag_run = true
 [lockdown_audit_details]
 {% if run_audit %}
 # Audit run
+audit_run_date = {{ '%Y-%m-%d - %H:%M:%S' | ansible.builtin.strftime }}
 audit_file_local_location = {{ audit_log_dir }}
 {% if not audit_only %}
 audit_summary = {{ post_audit_results }}