nikdoof/ansible-cis
1
0
Fork 0
mirror of https://github.com/nikdoof/ansible-cis.git synced 2025-12-13 09:32:15 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
01d558492b0f999e4bd35c4f2de13f53ddbe8562
ansible-cis/tasks/aide.yaml
Andrew Williams 01d558492b Fix AIDE on RHEL
2025-03-13 16:28:45 +00:00

51 lines
1.4 KiB
YAML
Raw Blame History

---
- name: Install AIDE
ansible.builtin.package:
name: aide
state: present
- name: Init AIDE database
ansible.builtin.shell: "aide --init {{ cis_aide_options }} && mv {{ cis_aide_new_file }} {{ cis_aide_current_file }}"
args:
creates: "{{ cis_aide_current_file }}"
async: 300
poll: 0
- name: Add excluded folders to AIDE, if defined
ansible.builtin.copy:
dest: "{{ cis_aide_config_path }}/98_aide_exclusions"
owner: root
group: root
mode: u=rw,go=r
content: |
{% for directory in cis_aide_excluded_directories %}
!{{ directory }}
{% endfor %}
when:
- cis_aide_config_path is defined
- cis_aide_excluded_directories is defined
- name: Add excluded folders to AIDE, if defined
ansible.builtin.blockinfile:
path: "{{ cis_aide_config_file }}"
marker: "# Ansible CIS role managed block - {mark}"
block: |
{% for directory in cis_aide_excluded_directories %}
!{{ directory }}
{% endfor %}
when:
- cis_aide_config_path is not defined
- cis_aide_excluded_directories is defined
- name: Install AIDE crontab
ansible.builtin.copy:
dest: /etc/cron.d/aide
owner: root
group: root
mode: "0600"
content: |
SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
0 5 * * * root aide --update {{ cis_aide_options }}; mv {{ cis_aide_new_file }} {{ cis_aide_current_file }}
Reference in New Issue View Git Blame Copy Permalink