From b9a59b9adc8a58449b487a27135a1dd625f894b9 Mon Sep 17 00:00:00 2001
From: Mark Bolwell <mark.bollyuk@gmail.com>
Date: Fri, 23 May 2025 14:30:30 +0100
Subject: [PATCH] added check_mode logic

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
---
 tasks/section_6/cis_6.1.x.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/tasks/section_6/cis_6.1.x.yml b/tasks/section_6/cis_6.1.x.yml
index c000fe1..a162da1 100644
--- a/tasks/section_6/cis_6.1.x.yml
+++ b/tasks/section_6/cis_6.1.x.yml
@@ -58,6 +58,10 @@
             dest: /var/lib/aide/aide.db.gz
             remote_src: true
             mode: 'ug-wx,o-rwx'
+          register: aide_db_cp
+          failed_when:
+            - not ansible_check_mode
+            - aide_db_cp.failed
 
 - name: "6.1.2 | PATCH | Ensure filesystem integrity is regularly checked"
   when:
@@ -120,3 +124,7 @@
       /usr/sbin/ausearch p+i+n+u+g+s+b+acl+xattrs+sha512
       /usr/sbin/autrace p+i+n+u+g+s+b+acl+xattrs+sha512
     validate: aide -D --config %s
+  register: aide_file_integrity_check
+  failed_when:
+    - not ansible_check_mode
+    - aide_file_integrity_check.failed