explicitly give aide.conf

aide.yml

@@ -0,0 +1,42 @@
+---
+- name: system setup | aide | install aide package
+  tags: aide,hardening,system
+  package:
+    name: aide
+    state: present
+
+- name: system setup | aide | check if aide database exists
+  tags: aide,hardening,system
+  stat:
+    path: /var/lib/aide/aide.db
+  register: aide_db
+
+- name: system setup | aide | initialize aide database if it does not exist
+  tags: aide,hardening,system
+  block:
+    - name: system setup | aide | run aide --init (this may take a while)
+      command: aide --config /etc/aide/aide.conf --init
+      register: aide_init_result
+      changed_when: "'AIDE, version' in aide_init_result.stdout"
+      async: 1800 # Allow up to 30 minutes for initialization
+      poll: 15
+
+    - name: system setup | aide | copy new database to be the active one
+      copy:
+        src: /var/lib/aide/aide.db.new
+        dest: /var/lib/aide/aide.db
+        remote_src: true
+        owner: root
+        group: root
+        mode: '0600'
+      when: aide_init_result.changed
+  when: not aide_db.stat.exists
+
+- name: system setup | aide | schedule daily check
+  tags: aide,hardening,system
+  cron:
+    name: "AIDE daily check"
+    minute: "0"
+    hour: "5"
+    job: "/usr/bin/aide --check"
+    cron_file: aide_check # Creates /etc/cron.d/aide_check

global_handlers/aide.yml

@@ -0,0 +1,42 @@
+---
+- name: system setup | aide | install aide package
+  tags: aide,hardening,system
+  package:
+    name: aide
+    state: present
+
+- name: system setup | aide | check if aide database exists
+  tags: aide,hardening,system
+  stat:
+    path: /var/lib/aide/aide.db
+  register: aide_db
+
+- name: system setup | aide | initialize aide database if it does not exist
+  tags: aide,hardening,system
+  block:
+    - name: system setup | aide | run aide --init (this may take a while)
+      command: aide --config /etc/aide/aide.conf --init
+      register: aide_init_result
+      changed_when: "'AIDE, version' in aide_init_result.stdout"
+      async: 1800 # Allow up to 30 minutes for initialization
+      poll: 15
+
+    - name: system setup | aide | copy new database to be the active one
+      copy:
+        src: /var/lib/aide/aide.db.new
+        dest: /var/lib/aide/aide.db
+        remote_src: true
+        owner: root
+        group: root
+        mode: '0600'
+      when: aide_init_result.changed
+  when: not aide_db.stat.exists
+
+- name: system setup | aide | schedule daily check
+  tags: aide,hardening,system
+  cron:
+    name: "AIDE daily check"
+    minute: "0"
+    hour: "5"
+    job: "/usr/bin/aide --config /etc/aide/aide.conf --check"
+    cron_file: aide_check # Creates /etc/cron.d/aide_check

global_handlers/global_handlers.yml

@@ -3,7 +3,7 @@
   tags: aide,hardening,system
   block:
     - name: system setup | aide | run aide --update to check for legitimate changes
-      command: aide --update
+      command: aide --config /etc/aide/aide.conf --update
       register: aide_update_result
       changed_when: "'new database written to' in aide_update_result.stdout"
       async: 1800 # Allow up to 30 minutes for update