95 lines
2.6 KiB
YAML
95 lines
2.6 KiB
YAML
---
|
|
# Copyright 2019 Red Hat, Inc.
|
|
# All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
|
|
- name: Check for aide db
|
|
stat:
|
|
path: "{{ aide_db_path }}"
|
|
register: aide_db_path_check
|
|
|
|
- name: Ensure aide DB config is set
|
|
lineinfile:
|
|
path: "{{ aide_conf_path }}"
|
|
line: "{{ item.line }}"
|
|
create: true
|
|
when:
|
|
- item.condition | bool
|
|
with_items:
|
|
- line: "database=file:{{ aide_db_path }}"
|
|
condition: true
|
|
- line: "database_out=file:{{ aide_db_temp_path }}"
|
|
condition: "{{ not (aide_db_path_check.stat.exists | bool) }}"
|
|
- line: "database_new=file:{{ aide_db_temp_path }}"
|
|
condition: "{{ not (aide_db_path_check.stat.exists | bool) }}"
|
|
|
|
- name: Initialize aide database
|
|
command: >-
|
|
/usr/sbin/aide --init --config {{ aide_conf_path }}
|
|
changed_when: false
|
|
no_log: "{{ not (aide_debug | bool) }}"
|
|
args:
|
|
creates: "{{ aide_db_path }}"
|
|
|
|
- name: Check for tmp aide db
|
|
stat:
|
|
path: "{{ aide_db_temp_path }}"
|
|
register: aide_db_temp_path_check
|
|
|
|
- name: Copy aide db
|
|
copy:
|
|
src: "{{ aide_db_temp_path }}"
|
|
dest: "{{ aide_db_path }}"
|
|
remote_src: true
|
|
when:
|
|
- aide_db_temp_path_check.stat.exists | bool
|
|
- not (aide_db_path_check.stat.exists | bool)
|
|
|
|
- name: Set aide command fact with email
|
|
set_fact:
|
|
aide_command: >-
|
|
/usr/sbin/aide
|
|
--check
|
|
--config {{ aide_conf_path }}
|
|
| {{ aide_mua_path }}
|
|
-s '{{ ansible_facts['fqdn'] }} - AIDE integrity check' {{ aide_email }}
|
|
when:
|
|
- aide_email.find("v=" ~ "@") == -1
|
|
|
|
- name: Email aide block
|
|
when:
|
|
- aide_email.find("v=" ~ "@") != -1
|
|
block:
|
|
- name: Ensure audit directory exists
|
|
file:
|
|
path: "/var/log/audit"
|
|
state: directory
|
|
|
|
- name: Set aide command fact
|
|
set_fact:
|
|
aide_command: >-
|
|
/usr/sbin/aide
|
|
--check
|
|
--config {{ aide_conf_path }}
|
|
> /var/log/audit/aide_$(date +%Y-%m-%d).log
|
|
|
|
- name: Create aide cron entry
|
|
cron:
|
|
name: "aide"
|
|
job: "{{ aide_command }}"
|
|
user: "{{ aide_cron_user }}"
|
|
hour: "{{ aide_hour | string }}"
|
|
minute: "{{ aide_minute | string }}"
|