ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2026-06-24 09:23:55 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Added tasks to handle AIDE base config updates

Browse source 
Signed-off-by: Jeffrey van Pelt <jeff@vanpelt.one>
This commit is contained in:
Jeffrey van Pelt 2026-06-13 10:17:02 +02:00
parent c7ed4de9a8
commit a234557e70
No known key found for this signature in database
GPG key ID: 39EFF6AA1F5B11A0
1 changed files with 27 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

27
tasks/section_6/cis_6.1.x.yml
View file

@ -19,6 +19,33 @@
update_cache: true
register: discovered_aide_pkg_added
- name: "6.1.1 | PATCH | Check for /etc/aide.conf.rpmnew"
ansible.builtin.stat:
path: /etc/aide.conf.rpmnew
register: aide_conf_rpmnew
- name: "6.1.1 | PATCH | Update AIDE base config"
when: aide_conf_rpmnew['stat']['exists'] | bool
block:
- name: "6.1.1 | PATCH | Update /etc/aide.conf with new version from RPM"
ansible.builtin.copy:
src: /etc/aide.conf.rpmnew
remote_src: true
dest: /etc/aide.conf
owner: root
group: root
mode: '0600'
- name: '6.1.1 | PATCH | Remove /etc/aide.conf.rpmnew'
ansible.builtin.file:
path: /etc/aide.conf.rpmnew
state: absent
- name: '6.1.1 | PATCH | Force AIDE DB update'
ansible.builtin.file:
path: /var/lib/aide/aide.db.gz
state: absent
- name: "6.1.1 | PATCH | Ensure AIDE is installed | Recapture packages"
when: discovered_aide_pkg_added.skipped is not defined
ansible.builtin.package_facts: