openstack-ansible-security/tasks
Major Hayden 6c9eb50fd6 Ensure AIDE initializes on subsequent runs
If a deployer installs AIDE the first time they apply the role
without initializing AIDE and they want to initialize it later,
the handler that does the initialization never fires.

This patch does a few things:

  - Ensures AIDE initialization if the initialize_aide bool is True
  - Doesn't intialize the AIDE db if it already exists
  - Moves the new db into place on Red Hat systems
  - Moves the AIDE tasks into its own file with tags
  - Prevents AIDE from trawling through /var

Manual backport of two reviews:
  * https://review.openstack.org/#/c/359554/
  * https://review.openstack.org/#/c/361460/

Closes-Bug: 1616281
Backport-of: I170eb3898b4336333b1fbe663ec4f069823898e0
Change-Id: Iaedcce1d6416f2224f44376336c23702e6152a00
2016-08-30 07:33:16 -05:00
..
aide.yml Ensure AIDE initializes on subsequent runs 2016-08-30 07:33:16 -05:00
apt.yml Check mode compatibility for security role 2015-12-02 20:50:33 +00:00
auditd.yml Fix duplicated config options in auditd.conf 2016-07-21 16:14:22 +00:00
auth.yml Switch from dict to individual variables 2016-05-06 17:42:56 +00:00
boot.yml Fix numbering on V-38583 2016-08-26 14:24:05 +00:00
console.yml Enable role testing and make structure ansible-galaxy compatible 2015-10-09 11:47:23 +00:00
file_perms.yml V-3864{2,5,7,9}, V-38651: Umask adjustments 2015-10-27 09:09:23 -05:00
kernel.yml Switch from dict to individual variables 2016-05-06 17:42:56 +00:00
lsm.yml Allow AppArmor to be enabled 2016-06-14 12:12:38 +00:00
mail.yml Fix Postfix mynetworks if IPv6 is disabled 2016-02-03 09:39:36 -06:00
main.yml Ensure AIDE initializes on subsequent runs 2016-08-30 07:33:16 -05:00
misc.yml Ensure AIDE initializes on subsequent runs 2016-08-30 07:33:16 -05:00
nfsd.yml Replace debug with fail 2015-10-14 14:29:07 -05:00
services.yml Switch from dict to individual variables 2016-05-06 17:42:56 +00:00
sshd.yml Handle Match properly in sshd_config 2016-05-16 14:10:09 +00:00