v1.0.0 updates

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

tasks/section_1/cis_1.3.x.yml

@@ -3,12 +3,12 @@
 - name: "1.3.1 | PATCH | Ensure AIDE is installed"
   block:
       - name: "1.3.1 | PATCH | Ensure AIDE is installed | Install AIDE"
-        package:
+        ansible.builtin.package:
             name: aide
             state: present
 
       - name: "1.3.1 | PATCH | Ensure AIDE is installed | Configure AIDE"
-        command: /usr/sbin/aide --init -B 'database_out=file:/var/lib/aide/aide.db.gz'
+        ansible.builtin.command: /usr/sbin/aide --init -B 'database_out=file:/var/lib/aide/aide.db.gz'
         changed_when: false
         failed_when: false
         async: 45
@@ -22,13 +22,12 @@
   tags:
       - level1-server
       - level1-workstation
-      - automated
       - aide
       - patch
       - rule_1.3.1
 
 - name: "1.3.2 | PATCH | Ensure filesystem integrity is regularly checked"
-  cron:
+  ansible.builtin.cron:
       name: Run AIDE integrity check
       cron_file: "{{ rhel9cis_aide_cron['cron_file'] }}"
       user: "{{ rhel9cis_aide_cron['cron_user'] }}"
@@ -44,8 +43,24 @@
   tags:
       - level1-server
       - level1-workstation
-      - automated
       - aide
       - file_integrity
       - patch
       - rule_1.3.2
+
+- name: "1.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools"
+  ansible.builtin.template:
+    src: etc/aide.conf.d/crypt_audit_procs.conf.j2
+    dest: /etc/aide.conf.d/crypt_audit_procs.conf
+    owner: root
+    group: 0640
+  when:
+      - rhel9cis_rule_1_3_2
+      - not system_is_ec2
+  tags:
+      - level1-server
+      - level1-workstation
+      - aide
+      - file_integrity
+      - patch
+      - rule_1.3.3