---
- name: update aide database
  listen: "update aide db"
  tags: aide,hardening,system
  block:
    - name: system setup | aide | run aide --update to check for legitimate changes
      command: aide --update
      register: aide_update_result
      changed_when: "'new database written to' in aide_update_result.stdout"
      async: 1800 # Allow up to 30 minutes for update
      poll: 15

    - name: system setup | aide | activate updated database
      copy:
        src: /var/lib/aide/aide.db.new
        dest: /var/lib/aide/aide.db
        remote_src: true
        owner: root
        group: root
        mode: '0600'
      when: aide_update_result.changed