---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.


- name: Check for aide db
  stat:
    path: "{{ aide_db_path }}"
  register: aide_db_path_check

- name: Ensure aide DB config is set
  lineinfile:
    path: "{{ aide_conf_path }}"
    line: "{{ item.line }}"
    create: true
  when:
    - item.condition | bool
  with_items:
    - line: "database=file:{{ aide_db_path }}"
      condition: true
    - line: "database_out=file:{{ aide_db_temp_path }}"
      condition: "{{ not (aide_db_path_check.stat.exists | bool) }}"
    - line: "database_new=file:{{ aide_db_temp_path }}"
      condition: "{{ not (aide_db_path_check.stat.exists | bool) }}"

- name: Initialize aide database
  command: >-
    /usr/sbin/aide --init --config {{ aide_conf_path }}
  changed_when: false
  no_log: "{{ not (aide_debug | bool) }}"
  args:
    creates: "{{ aide_db_path }}"

- name: Check for tmp aide db
  stat:
    path: "{{ aide_db_temp_path }}"
  register: aide_db_temp_path_check

- name: Copy aide db
  copy:
    src: "{{ aide_db_temp_path }}"
    dest: "{{ aide_db_path }}"
    remote_src: true
  when:
    - aide_db_temp_path_check.stat.exists | bool
    - not (aide_db_path_check.stat.exists | bool)

- name: Set aide command fact with email
  set_fact:
    aide_command: >-
      /usr/sbin/aide
      --check
      --config {{ aide_conf_path }}
      | {{ aide_mua_path }}
      -s '{{ ansible_facts['fqdn'] }} - AIDE integrity check' {{ aide_email }}
  when:
    - aide_email.find("v=" ~ "@") == -1

- name: Email aide block
  when:
    - aide_email.find("v=" ~ "@") != -1
  block:
    - name: Ensure audit directory exists
      file:
        path: "/var/log/audit"
        state: directory

    - name: Set aide command fact
      set_fact:
        aide_command: >-
          /usr/sbin/aide
          --check
          --config {{ aide_conf_path }}
          > /var/log/audit/aide_$(date +%Y-%m-%d).log

- name: Create aide cron entry
  cron:
    name: "aide"
    job: "{{ aide_command }}"
    user: "{{ aide_cron_user }}"
    hour: "{{ aide_hour | string }}"
    minute: "{{ aide_minute | string }}"