场景：检测服务器配置与基准配置的差异，防止未经授权的修改。
示例：使用Ansible Playbook对比当前配置与标准模板。

- hosts: all
  tasks:
    - name: Check SSH configuration against baseline
      ansible.builtin.diff:
        path: /etc/ssh/sshd_config
        original_baseline: true
      register: ssh_diff

    - name: Alert if SSH config has drifted
      ansible.builtin.mail:
        to: 'ops-team@example.com'
        subject: '配置漂移告警 - SSH'
        body: 'SSH配置与基准不一致！差异：\n{{ ssh_diff.diff }}'
      when: ssh_diff.diff is defined

Shell脚本实现：

#!/bin/bash
# 对比当前配置与基准文件的差异
BASELINE="/opt/baseline/sshd_config.baseline"
CURRENT="/etc/ssh/sshd_config"

if diff $BASELINE $CURRENT > /dev/null; then
    echo "配置无差异"
else
    echo "配置存在差异！" | mail -s "SSH配置漂移告警" ops-team@example.com
    diff $BASELINE $CURRENT >> /var/log/config_drift.log
fi