From 37f0eec4d4de7490f45f1aab9f8b28f155d89d64 Mon Sep 17 00:00:00 2001
From: Mark Bolwell <mark.bollyuk@gmail.com>
Date: Tue, 28 Feb 2023 14:28:48 +0000
Subject: [PATCH] Added audit template change warn control

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
---
 Changelog.md     | 1 +
 tasks/auditd.yml | 9 +++++++++
 2 files changed, 10 insertions(+)

diff --git a/Changelog.md b/Changelog.md
index 8f94881..4e65f04 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -3,6 +3,7 @@
 ## 1.0.3
 
 Update to auditd components improve idempotency and tidy up
+Added a warning to check diff if any changes to template file (if template file exists) else its new.
 workflow update to remove the urandom update
 skip 5.6.6 root password check
 
diff --git a/tasks/auditd.yml b/tasks/auditd.yml
index 07e73d2..cc0f622 100644
--- a/tasks/auditd.yml
+++ b/tasks/auditd.yml
@@ -13,11 +13,20 @@
       group: root
       mode: 0640
   diff: "{{ auditd_file.stat.exists }}"  # Only run diff if not a new file
+  register: auditd_template_updated
   notify:
       - Auditd immutable check
       - Audit immutable fact
       - Restart auditd
 
+- name: POST | AUDITD | Add Warning count for changes to template file | Warn Count  # noqa: no-handler
+  ansible.builtin.import_tasks: warning_facts.yml
+  vars:
+      warn_control_id: 'Auditd_template_updated-see-diff-output'
+  when:
+      - auditd_template_updated.changed
+      - auditd_file.stat.exists
+
 - name: POST | AUDITD | Apply auditd template will for section 4.1.3 - only required rules will be added | stat file
   ansible.builtin.stat:
       path: /etc/audit/rules.d/98_auditd_exceptions.rules