diff --git a/global_handlers/global_handlers.yml b/global_handlers/global_handlers.yml index 21bace2..f666ac9 100644 --- a/global_handlers/global_handlers.yml +++ b/global_handlers/global_handlers.yml @@ -1,9 +1,20 @@ -- name: restart_nginx - service: - name: "nginx" - state: restarted +--- +- name: Update_aide_database + tags: aide,hardening,system + block: + - name: system setup | aide | run aide --update to check for legitimate changes + command: aide --update + register: aide_update_result + changed_when: "'new database written to' in aide_update_result.stdout" + async: 1800 # Allow up to 30 minutes for update + poll: 15 -- name: restart_snmpd - service: - name: "snmpd" - state: restarted \ No newline at end of file + - name: system setup | aide | activate updated database + copy: + src: /var/lib/aide/aide.db.new + dest: /var/lib/aide/aide.db + remote_src: true + owner: root + group: root + mode: '0600' + when: aide_update_result.changed \ No newline at end of file diff --git a/roles/bastionhost/handlers/main.yml b/roles/bastionhost/handlers/main.yml index 1e97fec..880ba60 100644 --- a/roles/bastionhost/handlers/main.yml +++ b/roles/bastionhost/handlers/main.yml @@ -1,24 +1,4 @@ --- - name: reload ufw command: ufw reload - listen: "reload ufw firewall" - -- name: Update_aide_database - tags: aide,hardening,system - block: - - name: system setup | aide | run aide --update to check for legitimate changes - command: aide --update - register: aide_update_result - changed_when: "'new database written to' in aide_update_result.stdout" - async: 1800 # Allow up to 30 minutes for update - poll: 15 - - - name: system setup | aide | activate updated database - copy: - src: /var/lib/aide/aide.db.new - dest: /var/lib/aide/aide.db - remote_src: true - owner: root - group: root - mode: '0600' - when: aide_update_result.changed \ No newline at end of file + listen: "reload ufw firewall" \ No newline at end of file