---
- name: Install auditd
  ansible.builtin.package:
    name: "{{ cis_auditd_package }}"
    state: present
- name: Start auditd
  ansible.builtin.service:
    name: auditd
    state: started
    enabled: true
- name: Copy main CIS benchmark ruleset
  ansible.builtin.copy:
    src: auditd/cis-hardening.rules
    dest: /etc/audit/rules.d/cis-hardening.rules
    owner: root
    group: root
    mode: "0600"
- name: Copy privileged commands ruleset
  ansible.builtin.copy:
    src: auditd/privileged.rules
    dest: /etc/audit/rules.d/privileged.rules
    owner: root
    group: root
    mode: "0600"