Updated audit steps and added ARM support

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
2025-12-24 22:23:06 +00:00 · 2024-08-13 08:25:10 +01:00 · 2024-08-13 08:25:10 +01:00 · 5f94f60e69
commit 5f94f60e69
parent 671ba154e7
4 changed files with 9 additions and 10 deletions
--- a/tasks/LE_audit_setup.yml
+++ b/tasks/LE_audit_setup.yml
@ -3,16 +3,17 @@
 - name: Pre Audit Setup | Set audit package name
  block:
    - name: Pre Audit Setup | Set audit package name | 64bit
+      when: ansible_facts.machine == "x86_64"
      ansible.builtin.set_fact:
        audit_pkg_arch_name: AMD64
-      when: ansible_facts.machine == "x86_64"

    - name: Pre Audit Setup | Set audit package name | ARM64
+      when: ansible_facts.machine == "aarch64"
      ansible.builtin.set_fact:
        audit_pkg_arch_name: ARM64
-      when: ansible_facts.machine == "arm64"

 - name: Pre Audit Setup | Download audit binary
+  when: get_audit_binary_method == 'download'
  ansible.builtin.get_url:
    url: "{{ audit_bin_url }}{{ audit_pkg_arch_name }}"
    dest: "{{ audit_bin }}"
@ -20,15 +21,12 @@
    group: root
    checksum: "{{ audit_bin_version[audit_pkg_arch_name + '_checksum'] }}"
    mode: '0555'
-  when:
-    - get_audit_binary_method == 'download'

 - name: Pre Audit Setup | Copy audit binary
+  when: get_audit_binary_method == 'copy'
  ansible.builtin.copy:
    src: "{{ audit_bin_copy_location }}"
    dest: "{{ audit_bin }}"
    mode: '0555'
    owner: root
    group: root
-  when:
-    - get_audit_binary_method == 'copy'
--- a/tasks/post_remediation_audit.yml
+++ b/tasks/post_remediation_audit.yml
@ -35,7 +35,7 @@
    - audit_format == "documentation"
  block:
    - name: Post Audit | Capture audit data if documentation format
-      ansible.builtin.shell: "tail -2 /opt/audit_ubuntu2204-CIS-UBUNTU22_1720624848.documentation"
+      ansible.builtin.shell: tail -2 "{{ post_audit_outfile }}" | tac | tr '\n' ' '
      register: post_audit_summary
      changed_when: false

--- a/tasks/pre_remediation_audit.yml
+++ b/tasks/pre_remediation_audit.yml
@ -105,7 +105,7 @@
    - audit_format == "documentation"
  block:
    - name: Pre Audit | Capture audit data if documentation format
-      ansible.builtin.shell: tail -2 "{{ pre_audit_outfile }}"  | tac | tr '\n' ' '
+      ansible.builtin.shell: tail -2 "{{ pre_audit_outfile }}" | tac | tr '\n' ' '
      register: pre_audit_summary
      changed_when: false