moved tasks to subfolder

2025-10-01 14:48:27 +02:00
parent eedbf5f820
commit 78f941015b
5 changed files with 0 additions and 0 deletions
--- a/roles/bastionhost/tasks/system_setup/aide.yml
+++ b/roles/bastionhost/tasks/system_setup/aide.yml
@@ -0,0 +1,42 @@
+---
+- name: system setup | aide | install aide package
+  tags: aide,hardening,system
+  package:
+    name: aide
+    state: present
+
+- name: system setup | aide | check if aide database exists
+  tags: aide,hardening,system
+  stat:
+    path: /var/lib/aide/aide.db
+  register: aide_db
+
+- name: system setup | aide | initialize aide database if it does not exist
+  tags: aide,hardening,system
+  block:
+    - name: system setup | aide | run aide --init (this may take a while)
+      command: aide --init
+      register: aide_init_result
+      changed_when: "'AIDE, version' in aide_init_result.stdout"
+      async: 1800 # Allow up to 30 minutes for initialization
+      poll: 15
+
+    - name: system setup | aide | copy new database to be the active one
+      copy:
+        src: /var/lib/aide/aide.db.new
+        dest: /var/lib/aide/aide.db
+        remote_src: true
+        owner: root
+        group: root
+        mode: '0600'
+      when: aide_init_result.changed
+  when: not aide_db.stat.exists
+
+- name: system setup | aide | schedule daily check
+  tags: aide,hardening,system
+  cron:
+    name: "AIDE daily check"
+    minute: "0"
+    hour: "5"
+    job: "/usr/bin/aide --check"
+    cron_file: aide_check # Creates /etc/cron.d/aide_check