ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-24 22:23:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

aide variablizing

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2024-12-10 16:45:49 +00:00
parent b4afeab638
commit 2827c752ac
No known key found for this signature in database
GPG key ID: 997FF7FE93AEB5B9
3 changed files with 55 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

13
defaults/main.yml
View file

@ -1034,8 +1034,7 @@ min_int_uid: 1000
max_int_uid: 65533
## Section6 vars
## Control 6.1.1 - allow aide to be configured
## Control 6.1.x - allow aide to be configured
# AIDE is a file integrity checking tool, similar in nature to Tripwire.
# While it cannot prevent intrusions, it can detect unauthorized changes
# to configuration files by alerting when the files are changed. Review
@ -1043,6 +1042,16 @@ max_int_uid: 65533
# By setting this variable to `true`, all of the settings related to AIDE will be applied!
rhel9cis_config_aide: true
# If DB file older than below will automatically rebuild DB
# e.g. options:1w = 1 week, 1d = 1day 1h = 1 hour
rhel9cis_aide_db_file_age: 1w
# If aide already setup this forces a new DB to be created
rhel9cis_aide_db_recreate: false
# allows to change db file, not config need to be adjusted too
rhel9cis_aide_db_file: /var/lib/aide/aide.db
## Control 6.1.2 AIDE cron settings
## How the aide schedule is run either cron or timer