---
- name: system setup | aide | install aide package
  tags: aide,hardening,system
  package:
    name: aide
    state: present

- name: system setup | aide | check if aide database exists
  tags: aide,hardening,system
  stat:
    path: /var/lib/aide/aide.db
  register: aide_db

- name: system setup | aide | initialize aide database if it does not exist
  tags: aide,hardening,system
  block:
    - name: system setup | aide | run aide --init (this may take a while)
      command: aide --config /etc/aide/aide.conf --init
      register: aide_init_result
      changed_when: "'AIDE, version' in aide_init_result.stdout"
      async: 1800 # Allow up to 30 minutes for initialization
      poll: 15

    - name: system setup | aide | copy new database to be the active one
      copy:
        src: /var/lib/aide/aide.db.new
        dest: /var/lib/aide/aide.db
        remote_src: true
        owner: root
        group: root
        mode: '0600'
      when: aide_init_result.changed
  when: not aide_db.stat.exists

- name: system setup | aide | schedule daily check
  tags: aide,hardening,system
  cron:
    name: "AIDE daily check"
    minute: "0"
    hour: "5"
    job: "/usr/bin/aide --check"
    cron_file: aide_check # Creates /etc/cron.d/aide_check