From 2d83b7f06d83f9baf7ae69e59745f73242c19bed Mon Sep 17 00:00:00 2001 From: Mark Bolwell Date: Fri, 7 Jan 2022 11:10:53 +0000 Subject: [PATCH] 1.4.2 to use template Signed-off-by: Mark Bolwell --- tasks/section_1/cis_1.4.x.yml | 16 ++++++---------- templates/aide.cron.j2 | 5 +++++ 2 files changed, 11 insertions(+), 10 deletions(-) create mode 100644 templates/aide.cron.j2 diff --git a/tasks/section_1/cis_1.4.x.yml b/tasks/section_1/cis_1.4.x.yml index 5956ae6..6bd3bc2 100644 --- a/tasks/section_1/cis_1.4.x.yml +++ b/tasks/section_1/cis_1.4.x.yml @@ -28,16 +28,12 @@ - rule_1.4.1 - name: "1.4.2 | L1 | PATCH | Ensure filesystem integrity is regularly checked" - cron: - name: Run AIDE integrity check - cron_file: "{{ rhel9cis_aide_cron['cron_file'] }}" - user: "{{ rhel9cis_aide_cron['cron_user'] }}" - minute: "{{ rhel9cis_aide_cron['aide_minute'] | default('0') }}" - hour: "{{ rhel9cis_aide_cron['aide_hour'] | default('5') }}" - day: "{{ rhel9cis_aide_cron['aide_day'] | default('*') }}" - month: "{{ rhel9cis_aide_cron['aide_month'] | default('*') }}" - weekday: "{{ rhel9cis_aide_cron['aide_weekday'] | default('*') }}" - job: "{{ rhel9cis_aide_cron['aide_job'] }}" + template: + src: aide.cron.j2 + dest: /etc/cron.d/aide.cron + owner: root + group: root + mode: 0644 when: - rhel9cis_rule_1_4_2 tags: diff --git a/templates/aide.cron.j2 b/templates/aide.cron.j2 new file mode 100644 index 0000000..848dcca --- /dev/null +++ b/templates/aide.cron.j2 @@ -0,0 +1,5 @@ +# Run AIDE integrity check +# added via ansible-lockdown remediation +# CIS 1.4.2 + +{{ rhel9cis_aide_cron['aide_minute'] }} {{ rhel9cis_aide_cron['aide_hour'] }} {{ rhel9cis_aide_cron['aide_month'] }} {{ rhel9cis_aide_cron['aide_weekday'] }} {{ rhel9cis_aide_cron['aide_job'] }}