ansible-playbook [core 2.17.14] config file = None configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/local/lib/python3.12/site-packages/ansible ansible collection location = /tmp/collections-EwS executable location = /usr/local/bin/ansible-playbook python version = 3.12.12 (main, Mar 9 2026, 00:00:00) [GCC 11.5.0 20240719 (Red Hat 11.5.0-14)] (/usr/bin/python3.12) jinja version = 3.1.6 libyaml = True No config file found; using defaults running playbook inside collection fedora.linux_system_roles Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'jsonl', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_default.yml **************************************************** 1 plays in /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/tests/auditd/tests_default.yml PLAY [Ensure that the role runs with default parameters] *********************** TASK [Gathering Facts] ********************************************************* task path: /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/tests/auditd/tests_default.yml:3 Friday 17 April 2026 17:27:42 -0400 (0:00:00.040) 0:00:00.040 ********** [WARNING]: Platform linux on host managed-node1 is using the discovered Python interpreter at /usr/bin/python3.9, but future installation of another Python interpreter could change the meaning of that path. See https://docs.ansible.com/ansible- core/2.17/reference_appendices/interpreter_discovery.html for more information. ok: [managed-node1] TASK [Run role with cleared facts] ********************************************* task path: /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/tests/auditd/tests_default.yml:6 Friday 17 April 2026 17:27:43 -0400 (0:00:01.037) 0:00:01.078 ********** included: /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/tests/auditd/tasks/run_role_with_clear_facts.yml for managed-node1 TASK [Clear facts] ************************************************************* task path: /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/tests/auditd/tasks/run_role_with_clear_facts.yml:9 Friday 17 April 2026 17:27:43 -0400 (0:00:00.016) 0:00:01.095 ********** META: facts cleared TASK [Run the role] ************************************************************ task path: /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/tests/auditd/tasks/run_role_with_clear_facts.yml:23 Friday 17 April 2026 17:27:43 -0400 (0:00:00.000) 0:00:01.095 ********** skipping: [managed-node1] => { "changed": false, "false_condition": "__sr_failed_when is defined", "skip_reason": "Conditional result was False" } TASK [Run the role normally] *************************************************** task path: /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/tests/auditd/tasks/run_role_with_clear_facts.yml:33 Friday 17 April 2026 17:27:43 -0400 (0:00:00.034) 0:00:01.130 ********** included: fedora.linux_system_roles.auditd for managed-node1 TASK [fedora.linux_system_roles.auditd : Validating arguments against arg spec 'main' - Manage auditd and audit rules] *** task path: /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/tests/auditd/tests_default.yml:3 Friday 17 April 2026 17:27:43 -0400 (0:00:00.096) 0:00:01.227 ********** ok: [managed-node1] => { "changed": false, "validate_args_context": { "argument_spec_name": "main", "name": "auditd", "path": "/tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/roles/auditd", "type": "role" } } MSG: The arg spec validation passed TASK [fedora.linux_system_roles.auditd : Validate role parameters] ************* task path: /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/roles/auditd/tasks/main.yml:3 Friday 17 April 2026 17:27:43 -0400 (0:00:00.015) 0:00:01.242 ********** included: /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/roles/auditd/tasks/assert_role_vars.yml for managed-node1 TASK [fedora.linux_system_roles.auditd : Assert num_logs range (num_logs_parser)] *** task path: /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/roles/auditd/tasks/assert_role_vars.yml:4 Friday 17 April 2026 17:27:43 -0400 (0:00:00.027) 0:00:01.269 ********** ok: [managed-node1] => { "changed": false } MSG: All assertions passed TASK [fedora.linux_system_roles.auditd : Assert freq range (freq_parser)] ****** task path: /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/roles/auditd/tasks/assert_role_vars.yml:11 Friday 17 April 2026 17:27:43 -0400 (0:00:00.016) 0:00:01.286 ********** ok: [managed-node1] => { "changed": false } MSG: All assertions passed TASK [fedora.linux_system_roles.auditd : Assert incremental flush requires non-zero freq (sanity_check)] *** task path: /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/roles/auditd/tasks/assert_role_vars.yml:18 Friday 17 April 2026 17:27:43 -0400 (0:00:00.014) 0:00:01.300 ********** ok: [managed-node1] => { "changed": false } MSG: All assertions passed TASK [fedora.linux_system_roles.auditd : Assert priority_boost range (priority_boost_parser)] *** task path: /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/roles/auditd/tasks/assert_role_vars.yml:25 Friday 17 April 2026 17:27:43 -0400 (0:00:00.015) 0:00:01.316 ********** ok: [managed-node1] => { "changed": false } MSG: All assertions passed TASK [fedora.linux_system_roles.auditd : Assert q_depth range (q_depth_parser)] *** task path: /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/roles/auditd/tasks/assert_role_vars.yml:31 Friday 17 April 2026 17:27:43 -0400 (0:00:00.015) 0:00:01.331 ********** ok: [managed-node1] => { "changed": false } MSG: All assertions passed TASK [fedora.linux_system_roles.auditd : Assert max_restarts range (max_restarts_parser)] *** task path: /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/roles/auditd/tasks/assert_role_vars.yml:38 Friday 17 April 2026 17:27:43 -0400 (0:00:00.015) 0:00:01.347 ********** ok: [managed-node1] => { "changed": false } MSG: All assertions passed TASK [fedora.linux_system_roles.auditd : Assert tcp_listen_port range when listener enabled in build (tcp_listen_port_parser)] *** task path: /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/roles/auditd/tasks/assert_role_vars.yml:44 Friday 17 April 2026 17:27:43 -0400 (0:00:00.014) 0:00:01.362 ********** ok: [managed-node1] => { "changed": false } MSG: All assertions passed TASK [fedora.linux_system_roles.auditd : Assert tcp_listen_queue range (tcp_listen_queue_parser)] *** task path: /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/roles/auditd/tasks/assert_role_vars.yml:50 Friday 17 April 2026 17:27:43 -0400 (0:00:00.014) 0:00:01.376 ********** ok: [managed-node1] => { "changed": false } MSG: All assertions passed TASK [fedora.linux_system_roles.auditd : Assert tcp_max_per_addr range (tcp_max_per_addr_parser)] *** task path: /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/roles/auditd/tasks/assert_role_vars.yml:56 Friday 17 April 2026 17:27:43 -0400 (0:00:00.014) 0:00:01.390 ********** ok: [managed-node1] => { "changed": false } MSG: All assertions passed TASK [fedora.linux_system_roles.auditd : Assert tcp_client_max_idle range (tcp_client_max_idle_parser)] *** task path: /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/roles/auditd/tasks/assert_role_vars.yml:62 Friday 17 April 2026 17:27:43 -0400 (0:00:00.014) 0:00:01.404 ********** ok: [managed-node1] => { "changed": false } MSG: All assertions passed TASK [fedora.linux_system_roles.auditd : Assert tcp_client_ports format (tcp_client_ports_parser)] *** task path: /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/roles/auditd/tasks/assert_role_vars.yml:68 Friday 17 April 2026 17:27:43 -0400 (0:00:00.014) 0:00:01.419 ********** skipping: [managed-node1] => { "changed": false, "false_condition": "auditd_tcp_client_ports is string", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.auditd : Assert tcp_client_ports range order] *** task path: /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/roles/auditd/tasks/assert_role_vars.yml:78 Friday 17 April 2026 17:27:43 -0400 (0:00:00.014) 0:00:01.433 ********** skipping: [managed-node1] => { "changed": false, "false_condition": "auditd_tcp_client_ports is string", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.auditd : Assert space_left_action rejects halt (space_action_parser)] *** task path: /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/roles/auditd/tasks/assert_role_vars.yml:87 Friday 17 April 2026 17:27:43 -0400 (0:00:00.013) 0:00:01.446 ********** ok: [managed-node1] => { "changed": false } MSG: All assertions passed TASK [fedora.linux_system_roles.auditd : Assert space_left percentage is between 1 and 99 when given as N%] *** task path: /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/roles/auditd/tasks/assert_role_vars.yml:93 Friday 17 April 2026 17:27:43 -0400 (0:00:00.013) 0:00:01.460 ********** skipping: [managed-node1] => { "changed": false, "false_condition": "(auditd_space_left | string) is match('^[0-9]+%$')", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.auditd : Assert admin_space_left percentage is between 1 and 99 when given as N%] *** task path: /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/roles/auditd/tasks/assert_role_vars.yml:105 Friday 17 April 2026 17:27:43 -0400 (0:00:00.014) 0:00:01.474 ********** skipping: [managed-node1] => { "changed": false, "false_condition": "(auditd_admin_space_left | string) is match('^[0-9]+%$')", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.auditd : Assert space_left is greater than admin_space_left when both use same form] *** task path: /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/roles/auditd/tasks/assert_role_vars.yml:117 Friday 17 April 2026 17:27:44 -0400 (0:00:00.014) 0:00:01.488 ********** ok: [managed-node1] => { "changed": false } MSG: All assertions passed TASK [fedora.linux_system_roles.auditd : Assert disk_full_action rejects email (disk_full_action_parser)] *** task path: /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/roles/auditd/tasks/assert_role_vars.yml:141 Friday 17 April 2026 17:27:44 -0400 (0:00:00.022) 0:00:01.510 ********** ok: [managed-node1] => { "changed": false } MSG: All assertions passed TASK [fedora.linux_system_roles.auditd : Assert disk_error_action rejects email and rotate (disk_error_action_parser)] *** task path: /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/roles/auditd/tasks/assert_role_vars.yml:147 Friday 17 April 2026 17:27:44 -0400 (0:00:00.013) 0:00:01.524 ********** ok: [managed-node1] => { "changed": false } MSG: All assertions passed TASK [fedora.linux_system_roles.auditd : Assert exec companion paths when action is exec] *** task path: /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/roles/auditd/tasks/assert_role_vars.yml:153 Friday 17 April 2026 17:27:44 -0400 (0:00:00.014) 0:00:01.538 ********** skipping: [managed-node1] => { "changed": false, "false_condition": "auditd_max_log_file_action | lower == 'exec'", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.auditd : Assert space_left_action exec path] *** task path: /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/roles/auditd/tasks/assert_role_vars.yml:160 Friday 17 April 2026 17:27:44 -0400 (0:00:00.011) 0:00:01.549 ********** skipping: [managed-node1] => { "changed": false, "false_condition": "auditd_space_left_action | lower == 'exec'", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.auditd : Assert admin_space_left_action exec path] *** task path: /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/roles/auditd/tasks/assert_role_vars.yml:167 Friday 17 April 2026 17:27:44 -0400 (0:00:00.010) 0:00:01.559 ********** skipping: [managed-node1] => { "changed": false, "false_condition": "auditd_admin_space_left_action | lower == 'exec'", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.auditd : Assert disk_full_action exec path] **** task path: /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/roles/auditd/tasks/assert_role_vars.yml:174 Friday 17 April 2026 17:27:44 -0400 (0:00:00.010) 0:00:01.570 ********** skipping: [managed-node1] => { "changed": false, "false_condition": "auditd_disk_full_action | lower == 'exec'", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.auditd : Assert disk_error_action exec path] *** task path: /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/roles/auditd/tasks/assert_role_vars.yml:181 Friday 17 April 2026 17:27:44 -0400 (0:00:00.011) 0:00:01.581 ********** skipping: [managed-node1] => { "changed": false, "false_condition": "auditd_disk_error_action | lower == 'exec'", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.auditd : Assert name when name_format is user (resolve_node)] *** task path: /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/roles/auditd/tasks/assert_role_vars.yml:188 Friday 17 April 2026 17:27:44 -0400 (0:00:00.010) 0:00:01.592 ********** skipping: [managed-node1] => { "changed": false, "false_condition": "auditd_name_format | lower == 'user'", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.auditd : Assert auditd_rules entries] ********** task path: /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/roles/auditd/tasks/assert_role_vars.yml:195 Friday 17 April 2026 17:27:44 -0400 (0:00:00.010) 0:00:01.603 ********** skipping: [managed-node1] => { "changed": false, "skipped_reason": "No items in the list" } TASK [fedora.linux_system_roles.auditd : Assert syscall rules include required keys] *** task path: /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/roles/auditd/tasks/assert_role_vars.yml:205 Friday 17 April 2026 17:27:44 -0400 (0:00:00.013) 0:00:01.616 ********** skipping: [managed-node1] => { "changed": false, "skipped_reason": "No items in the list" } TASK [fedora.linux_system_roles.auditd : Assert permission keys for file rules] *** task path: /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/roles/auditd/tasks/assert_role_vars.yml:216 Friday 17 April 2026 17:27:44 -0400 (0:00:00.013) 0:00:01.630 ********** ok: [managed-node1] => { "changed": false } MSG: All assertions passed TASK [fedora.linux_system_roles.auditd : Set platform/version specific variables] *** task path: /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/roles/auditd/tasks/main.yml:6 Friday 17 April 2026 17:27:44 -0400 (0:00:00.018) 0:00:01.649 ********** included: /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/roles/auditd/tasks/set_vars.yml for managed-node1 TASK [fedora.linux_system_roles.auditd : Ensure ansible_facts used by role] **** task path: /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/roles/auditd/tasks/set_vars.yml:2 Friday 17 April 2026 17:27:44 -0400 (0:00:00.029) 0:00:01.678 ********** ok: [managed-node1] TASK [fedora.linux_system_roles.auditd : Check if system is ostree] ************ task path: /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/roles/auditd/tasks/set_vars.yml:10 Friday 17 April 2026 17:27:44 -0400 (0:00:00.539) 0:00:02.218 ********** ok: [managed-node1] => { "changed": false, "stat": { "exists": false } } TASK [fedora.linux_system_roles.auditd : Set flag to indicate system is ostree] *** task path: /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/roles/auditd/tasks/set_vars.yml:15 Friday 17 April 2026 17:27:45 -0400 (0:00:00.414) 0:00:02.632 ********** ok: [managed-node1] => { "ansible_facts": { "__auditd_is_ostree": false }, "changed": false } TASK [fedora.linux_system_roles.auditd : Set platform/version specific variables] *** task path: /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/roles/auditd/tasks/set_vars.yml:19 Friday 17 April 2026 17:27:45 -0400 (0:00:00.019) 0:00:02.652 ********** skipping: [managed-node1] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "false_condition": "__vars_file is file", "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [managed-node1] => (item=CentOS.yml) => { "ansible_loop_var": "item", "changed": false, "false_condition": "__vars_file is file", "item": "CentOS.yml", "skip_reason": "Conditional result was False" } skipping: [managed-node1] => (item=CentOS_9.yml) => { "ansible_loop_var": "item", "changed": false, "false_condition": "__vars_file is file", "item": "CentOS_9.yml", "skip_reason": "Conditional result was False" } skipping: [managed-node1] => (item=CentOS_9.yml) => { "ansible_loop_var": "item", "changed": false, "false_condition": "__vars_file is file", "item": "CentOS_9.yml", "skip_reason": "Conditional result was False" } skipping: [managed-node1] => { "changed": false } MSG: All items skipped TASK [fedora.linux_system_roles.auditd : Resolve package names for OS family] *** task path: /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/roles/auditd/tasks/set_vars.yml:34 Friday 17 April 2026 17:27:45 -0400 (0:00:00.028) 0:00:02.680 ********** ok: [managed-node1] => { "ansible_facts": { "__auditd_packages": [ "audit" ] }, "changed": false } TASK [fedora.linux_system_roles.auditd : Install audit packages] *************** task path: /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/roles/auditd/tasks/main.yml:9 Friday 17 April 2026 17:27:45 -0400 (0:00:00.015) 0:00:02.696 ********** ok: [managed-node1] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [fedora.linux_system_roles.auditd : Deploy auditd configuration] ********** task path: /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/roles/auditd/tasks/main.yml:15 Friday 17 April 2026 17:27:46 -0400 (0:00:01.374) 0:00:04.071 ********** Notification for handler Restart auditd has been saved. changed: [managed-node1] => { "changed": true, "checksum": "33eefb6af1c751110a125b8b468118e6f0edb244", "dest": "/etc/audit/auditd.conf", "gid": 0, "group": "root", "md5sum": "eda8c45ce09c30766469af2714e2eff9", "mode": "0640", "owner": "root", "secontext": "system_u:object_r:auditd_etc_t:s0", "size": 852, "src": "/root/.ansible/tmp/ansible-tmp-1776461266.6318731-9647-152365932595412/.source.conf", "state": "file", "uid": 0 } TASK [fedora.linux_system_roles.auditd : Ensure rules.d directory exists] ****** task path: /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/roles/auditd/tasks/main.yml:22 Friday 17 April 2026 17:27:47 -0400 (0:00:00.772) 0:00:04.843 ********** ok: [managed-node1] => { "changed": false, "gid": 0, "group": "root", "mode": "0750", "owner": "root", "path": "/etc/audit/rules.d", "secontext": "system_u:object_r:auditd_etc_t:s0", "size": 25, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.auditd : Purge rules.d when requested] ********* task path: /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/roles/auditd/tasks/main.yml:28 Friday 17 April 2026 17:27:47 -0400 (0:00:00.436) 0:00:05.280 ********** skipping: [managed-node1] => { "changed": false, "false_condition": "auditd_purge_rules | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.auditd : Deploy custom audit rules] ************ task path: /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/roles/auditd/tasks/main.yml:34 Friday 17 April 2026 17:27:47 -0400 (0:00:00.011) 0:00:05.291 ********** Notification for handler Run augenrules has been saved. changed: [managed-node1] => { "changed": true, "checksum": "69008de23bc363984514521ddc3cd86619715c09", "dest": "/etc/audit/rules.d/custom.rules", "gid": 0, "group": "root", "md5sum": "e3743c173f2e0ea45fbb3aa9853a278e", "mode": "0664", "owner": "root", "secontext": "system_u:object_r:auditd_etc_t:s0", "size": 268, "src": "/root/.ansible/tmp/ansible-tmp-1776461267.855552-9675-214039498801670/.source.rules", "state": "file", "uid": 0 } TASK [fedora.linux_system_roles.auditd : Start and enable auditd service] ****** task path: /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/roles/auditd/tasks/main.yml:44 Friday 17 April 2026 17:27:48 -0400 (0:00:00.658) 0:00:05.950 ********** ok: [managed-node1] => { "changed": false, "enabled": true, "name": "auditd", "state": "started", "status": { "AccessSELinuxContext": "system_u:object_r:auditd_unit_file_t:s0", "ActiveEnterTimestamp": "Fri 2026-04-17 17:24:51 EDT", "ActiveEnterTimestampMonotonic": "21425721", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "local-fs.target system.slice systemd-journald.socket systemd-tmpfiles-setup.service", "AllowIsolate": "no", "AssertResult": "yes", "AssertTimestamp": "Fri 2026-04-17 17:24:49 EDT", "AssertTimestampMonotonic": "19877384", "Before": "shutdown.target crond.service systemd-update-utmp.service sysinit.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "90914000", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "no", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Fri 2026-04-17 17:24:49 EDT", "ConditionTimestampMonotonic": "19877314", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlGroup": "/system.slice/auditd.service", "ControlGroupId": "2158", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "no", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Security Auditing Service", "DevicePolicy": "auto", "Documentation": "\"man:auditd(8)\" https://github.com/linux-audit/audit-documentation", "DynamicUser": "no", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "573", "ExecMainStartTimestamp": "Fri 2026-04-17 17:24:50 EDT", "ExecMainStartTimestampMonotonic": "20689330", "ExecMainStatus": "0", "ExecStart": "{ path=/sbin/auditd ; argv[]=/sbin/auditd ; ignore_errors=no ; start_time=[Fri 2026-04-17 17:24:49 EDT] ; stop_time=[Fri 2026-04-17 17:24:50 EDT] ; pid=530 ; code=exited ; status=0 }", "ExecStartEx": "{ path=/sbin/auditd ; argv[]=/sbin/auditd ; flags= ; start_time=[Fri 2026-04-17 17:24:49 EDT] ; stop_time=[Fri 2026-04-17 17:24:50 EDT] ; pid=530 ; code=exited ; status=0 }", "ExecStartPost": "{ path=/sbin/augenrules ; argv[]=/sbin/augenrules --load ; ignore_errors=yes ; start_time=[Fri 2026-04-17 17:24:50 EDT] ; stop_time=[Fri 2026-04-17 17:24:51 EDT] ; pid=580 ; code=exited ; status=0 }", "ExecStartPostEx": "{ path=/sbin/augenrules ; argv[]=/sbin/augenrules --load ; flags=ignore-failure ; start_time=[Fri 2026-04-17 17:24:50 EDT] ; stop_time=[Fri 2026-04-17 17:24:51 EDT] ; pid=580 ; code=exited ; status=0 }", "ExitType": "main", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/auditd.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "auditd.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Fri 2026-04-17 17:24:49 EDT", "InactiveExitTimestampMonotonic": "19878536", "InvocationID": "61b6a707aa7e4b4997f26220438bfaea", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "8388608", "LimitMEMLOCKSoft": "8388608", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "13684", "LimitNPROCSoft": "13684", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "13684", "LimitSIGPENDINGSoft": "13684", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "yes", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "573", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryAvailable": "infinity", "MemoryCurrent": "5554176", "MemoryDenyWriteExecute": "yes", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemoryPeak": "6688768", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "auditd.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "OnSuccessJobMode": "fail", "PIDFile": "/run/auditd.pid", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "yes", "ReloadResult": "success", "ReloadSignal": "1", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "system.slice", "Restart": "on-failure", "RestartKillSignal": "15", "RestartPreventExitStatus": "2 4 6", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "yes", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "RuntimeRandomizedExtraUSec": "0", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestamp": "Fri 2026-04-17 17:24:51 EDT", "StateChangeTimestampMonotonic": "21425721", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "2", "TasksMax": "21894", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "forking", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "enabled", "UnitFileState": "enabled", "UtmpMode": "init", "WantedBy": "multi-user.target", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0" } } TASK [Flush handlers after role] *********************************************** task path: /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/tests/auditd/tests_default.yml:11 Friday 17 April 2026 17:27:49 -0400 (0:00:01.026) 0:00:06.976 ********** NOTIFIED HANDLER fedora.linux_system_roles.auditd : Restart auditd for managed-node1 NOTIFIED HANDLER fedora.linux_system_roles.auditd : Run augenrules for managed-node1 META: triggered running handlers for managed-node1 RUNNING HANDLER [fedora.linux_system_roles.auditd : Run augenrules] ************ task path: /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/roles/auditd/handlers/main.yml:3 Friday 17 April 2026 17:27:49 -0400 (0:00:00.001) 0:00:06.977 ********** NOTIFIED HANDLER fedora.linux_system_roles.auditd : Load audit rules for managed-node1 changed: [managed-node1] => { "changed": true, "cmd": [ "augenrules" ], "delta": "0:00:00.024641", "end": "2026-04-17 17:27:49.886427", "rc": 0, "start": "2026-04-17 17:27:49.861786" } RUNNING HANDLER [fedora.linux_system_roles.auditd : Load audit rules] ********** task path: /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/roles/auditd/handlers/main.yml:9 Friday 17 April 2026 17:27:49 -0400 (0:00:00.435) 0:00:07.413 ********** changed: [managed-node1] => { "changed": true, "cmd": [ "augenrules", "--load" ], "delta": "0:00:00.018249", "end": "2026-04-17 17:27:50.237844", "rc": 0, "start": "2026-04-17 17:27:50.219595" } STDOUT: /usr/sbin/augenrules: No change No rules enabled 1 failure 1 pid 573 rate_limit 61 backlog_limit 32768 lost 95 backlog 3 backlog_wait_time 60000 backlog_wait_time_actual 0 enabled 1 failure 1 pid 573 rate_limit 61 backlog_limit 32768 lost 95 backlog 4 backlog_wait_time 60000 backlog_wait_time_actual 0 enabled 1 failure 1 pid 573 rate_limit 61 backlog_limit 32768 lost 95 backlog 4 backlog_wait_time 60000 backlog_wait_time_actual 0 enabled 1 failure 1 pid 573 rate_limit 60 backlog_limit 32768 lost 95 backlog 4 backlog_wait_time 60000 backlog_wait_time_actual 0 enabled 1 failure 1 pid 573 rate_limit 60 backlog_limit 32768 lost 95 backlog 4 backlog_wait_time 60000 backlog_wait_time_actual 0 RUNNING HANDLER [fedora.linux_system_roles.auditd : Restart auditd] ************ task path: /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/roles/auditd/handlers/main.yml:17 Friday 17 April 2026 17:27:50 -0400 (0:00:00.350) 0:00:07.763 ********** changed: [managed-node1] => { "changed": true, "name": "auditd", "state": "started" } TASK [Check header for ansible_managed, fingerprint] *************************** task path: /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/tests/auditd/tests_default.yml:14 Friday 17 April 2026 17:27:50 -0400 (0:00:00.498) 0:00:08.262 ********** included: /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/tests/auditd/tasks/check_header.yml for managed-node1 TASK [Get file] **************************************************************** task path: /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/tests/auditd/tasks/check_header.yml:3 Friday 17 April 2026 17:27:50 -0400 (0:00:00.013) 0:00:08.275 ********** ok: [managed-node1] => { "changed": false, "content": "IwojIEFuc2libGUgbWFuYWdlZAojCiMgc3lzdGVtX3JvbGU6YXVkaXRkCgojCiMgVGhpcyBmaWxlIGNvbnRyb2xzIHRoZSBjb25maWd1cmF0aW9uIG9mIHRoZSBhdWRpdCBkYWVtb24KIwoKbG9jYWxfZXZlbnRzID0geWVzCndyaXRlX2xvZ3MgPSB5ZXMKbG9nX2ZpbGUgPSAvdmFyL2xvZy9hdWRpdC9hdWRpdC5sb2cKbG9nX2dyb3VwID0gcm9vdApsb2dfZm9ybWF0ID0gRU5SSUNIRUQKZmx1c2ggPSBJTkNSRU1FTlRBTF9BU1lOQwpmcmVxID0gNTAKbWF4X2xvZ19maWxlID0gOApudW1fbG9ncyA9IDUKcHJpb3JpdHlfYm9vc3QgPSA0Cm5hbWVfZm9ybWF0ID0gTk9ORQptYXhfbG9nX2ZpbGVfYWN0aW9uID0gUk9UQVRFCnNwYWNlX2xlZnQgPSA3NQpzcGFjZV9sZWZ0X2FjdGlvbiA9IFNZU0xPRwp2ZXJpZnlfZW1haWwgPSB5ZXMKYWN0aW9uX21haWxfYWNjdCA9IHJvb3QKYWRtaW5fc3BhY2VfbGVmdCA9IDUwCmFkbWluX3NwYWNlX2xlZnRfYWN0aW9uID0gU1VTUEVORApkaXNrX2Z1bGxfYWN0aW9uID0gU1VTUEVORApkaXNrX2Vycm9yX2FjdGlvbiA9IFNVU1BFTkQKcmVwb3J0X2ludGVydmFsID0gMAp1c2VfbGlid3JhcCA9IHllcwp0Y3BfbGlzdGVuX3F1ZXVlID0gNQp0Y3BfbWF4X3Blcl9hZGRyID0gMQp0Y3BfY2xpZW50X21heF9pZGxlID0gMAp0cmFuc3BvcnQgPSBUQ1AKZW5hYmxlX2tyYjUgPSBubwprcmI1X3ByaW5jaXBhbCA9IGF1ZGl0ZApkaXN0cmlidXRlX25ldHdvcmsgPSBubwpxX2RlcHRoID0gMjAwMApvdmVyZmxvd19hY3Rpb24gPSBTWVNMT0cKbWF4X3Jlc3RhcnRzID0gMTAKcGx1Z2luX2RpciA9IC9ldGMvYXVkaXQvcGx1Z2lucy5kLwplbmRfb2ZfZXZlbnRfdGltZW91dCA9IDIK", "encoding": "base64", "source": "/etc/audit/auditd.conf" } TASK [Check for presence of ansible managed header, fingerprint] *************** task path: /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/tests/auditd/tasks/check_header.yml:9 Friday 17 April 2026 17:27:51 -0400 (0:00:00.407) 0:00:08.683 ********** ok: [managed-node1] => { "changed": false } MSG: All assertions passed PLAY RECAP ********************************************************************* managed-node1 : ok=36 changed=5 unreachable=0 failed=0 skipped=15 rescued=0 ignored=0 SYSTEM ROLES ERRORS BEGIN v1 [] SYSTEM ROLES ERRORS END v1 TASKS RECAP ******************************************************************** Friday 17 April 2026 17:27:51 -0400 (0:00:00.023) 0:00:08.707 ********** =============================================================================== fedora.linux_system_roles.auditd : Install audit packages --------------- 1.37s /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/roles/auditd/tasks/main.yml:9 Gathering Facts --------------------------------------------------------- 1.04s /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/tests/auditd/tests_default.yml:3 fedora.linux_system_roles.auditd : Start and enable auditd service ------ 1.03s /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/roles/auditd/tasks/main.yml:44 fedora.linux_system_roles.auditd : Deploy auditd configuration ---------- 0.77s /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/roles/auditd/tasks/main.yml:15 fedora.linux_system_roles.auditd : Deploy custom audit rules ------------ 0.66s /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/roles/auditd/tasks/main.yml:34 fedora.linux_system_roles.auditd : Ensure ansible_facts used by role ---- 0.54s /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/roles/auditd/tasks/set_vars.yml:2 fedora.linux_system_roles.auditd : Restart auditd ----------------------- 0.50s /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/roles/auditd/handlers/main.yml:17 fedora.linux_system_roles.auditd : Ensure rules.d directory exists ------ 0.44s /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/roles/auditd/tasks/main.yml:22 fedora.linux_system_roles.auditd : Run augenrules ----------------------- 0.44s /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/roles/auditd/handlers/main.yml:3 fedora.linux_system_roles.auditd : Check if system is ostree ------------ 0.41s /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/roles/auditd/tasks/set_vars.yml:10 Get file ---------------------------------------------------------------- 0.41s /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/tests/auditd/tasks/check_header.yml:3 fedora.linux_system_roles.auditd : Load audit rules --------------------- 0.35s /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/roles/auditd/handlers/main.yml:9 Run the role normally --------------------------------------------------- 0.10s /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/tests/auditd/tasks/run_role_with_clear_facts.yml:33 Run the role ------------------------------------------------------------ 0.03s /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/tests/auditd/tasks/run_role_with_clear_facts.yml:23 fedora.linux_system_roles.auditd : Set platform/version specific variables --- 0.03s /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/roles/auditd/tasks/main.yml:6 fedora.linux_system_roles.auditd : Set platform/version specific variables --- 0.03s /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/roles/auditd/tasks/set_vars.yml:19 fedora.linux_system_roles.auditd : Validate role parameters ------------- 0.03s /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/roles/auditd/tasks/main.yml:3 Check for presence of ansible managed header, fingerprint --------------- 0.02s /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/tests/auditd/tasks/check_header.yml:9 fedora.linux_system_roles.auditd : Assert space_left is greater than admin_space_left when both use same form --- 0.02s /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/roles/auditd/tasks/assert_role_vars.yml:117 fedora.linux_system_roles.auditd : Set flag to indicate system is ostree --- 0.02s /tmp/collections-EwS/ansible_collections/fedora/linux_system_roles/roles/auditd/tasks/set_vars.yml:15