Support AIDE config on Debian

defaults/main.yaml

@@ -2,4 +2,8 @@
 cis_hide_proc: false
 
 cis_cron_service_name: crond
-cis_auditd_package: auditd
+cis_auditd_package: auditd
+
+cis_aide_options:
+cis_aide_new_file: /var/lib/aide/aide.db.new.gz
+cis_aide_current_file: /var/lib/aide/aide.db.gz

handlers/main.yaml

@@ -3,12 +3,6 @@
   ansible.builtin.service:
     name: sshd
     state: restarted
-- name: init aide
-  ansible.builtin.shell: aide --init; mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz
-  args:
-    creates: /var/lib/aide/aide.db.gz
-  async: 300
-  poll: 0
 - name: remount proc
   ansible.posix.mount:
     path: /proc

tasks/aide.yaml

@@ -3,7 +3,14 @@
   ansible.builtin.package:
     name: aide
     state: present
-  notify: init aide
+
+- name: Init AIDE database
+  ansible.builtin.shell: "aide --init {{ cis_aide_options }} && mv {{ cis_aide_new_file }} {{ cis_aide_current_file }}"
+  args:
+    creates: "{{ cis_aide_current_file }}"
+  async: 300
+  poll: 0
+
 - name: Install AIDE crontab
   ansible.builtin.copy:
     dest: /etc/cron.d/aide
@@ -14,4 +21,4 @@
       SHELL=/bin/bash
       PATH=/sbin:/bin:/usr/sbin:/usr/bin
       MAILTO=root
-      0 5 * * * root aide --update; mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz
+      0 5 * * * root aide --update {{ cis_aide_options }} && mv {{ cis_aide_new_file }} {{ cis_aide_current_file }}

vars/os/Debian.yaml

@@ -1,2 +1,6 @@
 ---
 cis_cron_service_name: cron
+
+cis_aide_options: --config /etc/aide/aide.conf
+cis_aide_new_file: /var/lib/aide/aide.db.new
+cis_aide_current_file: /var/lib/aide/aide.db