From 1bff329a058de7a7148108f3423cf5a636287edf Mon Sep 17 00:00:00 2001
From: polski-g <polski_g@sent.at>
Date: Tue, 3 Jun 2025 11:35:05 -0400
Subject: [PATCH 1/2] auditd: ensure check mode runs non-destructive call to
 ausyscall --dump

Signed-off-by: polski-g <polski_g@sent.at>
---
 tasks/auditd.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tasks/auditd.yml b/tasks/auditd.yml
index 7b86b94..0fa0b32 100644
--- a/tasks/auditd.yml
+++ b/tasks/auditd.yml
@@ -7,6 +7,7 @@
 - name: "POST | AUDITD | Set supported_syscalls variable"
   ansible.builtin.shell: ausyscall --dump |  awk  '{print $2}'
   changed_when: false
+  check_mode: false
   failed_when: discovered_auditd_syscalls.rc not in [ 0, 1 ]
   register: discovered_auditd_syscalls
 

From 5226f14b3e61eb23e740aac886520ddd309e7242 Mon Sep 17 00:00:00 2001
From: polski-g <polski_g@sent.at>
Date: Fri, 6 Jun 2025 10:03:47 -0400
Subject: [PATCH 2/2] fetch of auditd logfile should run in check_mode

Signed-off-by: polski-g <polski_g@sent.at>
---
 tasks/prelim.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tasks/prelim.yml b/tasks/prelim.yml
index ced76ce..0081cc6 100644
--- a/tasks/prelim.yml
+++ b/tasks/prelim.yml
@@ -317,6 +317,7 @@
   tags: always
   ansible.builtin.shell: grep ^log_file /etc/audit/auditd.conf | awk '{ print $NF }'
   changed_when: false
+  check_mode: false
   register: prelim_auditd_logfile
 
 - name: "PRELIM | AUDIT | Audit conf and rules files | list files"