---
- name: reload ufw
  command: ufw reload
  listen: "reload ufw firewall"

- name: restart auditd
  service:
    name: auditd
    state: restarted

- name: restart rsyslog
  ansible.builtin.service:
    name: rsyslog
    state: restarted

- name: Update_aide_database
  block: # This block is now a task within the handler
    - name: system setup | aide | run aide --update to check for legitimate changes
      tags: aide,hardening,system
      command: aide --update
      register: aide_update_result
      changed_when: "'new database written to' in aide_update_result.stdout"
      async: 1800 # Allow up to 30 minutes for update
      poll: 15

    - name: system setup | aide | activate updated database
      tags: aide,hardening,system
      copy:
        src: /var/lib/aide/aide.db.new
        dest: /var/lib/aide/aide.db
        remote_src: true
        owner: root
        group: root
        mode: '0600'
      when: aide_update_result.changed