April_24 updates (#201)

* Issue #170, PR #181 thanks to @ipruteanu-sie

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* issue #182, PR #183 thansk to @ipruteanu-sie

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* PR #180 thanks to @ipruteanu-sie and @raabf

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* Addressed PR #165 thanks to @ipruteanu-sie

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* PT #184 addressed thansk to @ipruteanu-sie

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* updated credits

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* typo and ssh allow_deny comments

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* enable OS check

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* PR - #198 addressed thanks to @brakkio86

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* Addressed issue #190

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* Additional vars for issue #190

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* updated pre-commit version

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* consistent quotes around mode

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* moved audit added discoveries

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* removed unneeded vars

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* audit moved to prelim

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* tidy up

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* improved new variable usage

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* fixed logic 6.2.10

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* updated

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* addressed #197 thanks to @mark-tomich

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* updates for audit section

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* fixed naming

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* updated

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* added prelim to includes

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

---------

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

tasks/section_1/cis_1.3.x.yml

@@ -9,14 +9,14 @@
 
       - name: "1.3.1 | PATCH | Ensure AIDE is installed | Build AIDE DB"
         ansible.builtin.shell: /usr/sbin/aide --init
-        changed_when: false
-        failed_when: false
-        async: 45
-        poll: 0
         args:
             creates: /var/lib/aide/aide.db.new.gz
         when: not ansible_check_mode
 
+      - name: "1.3.1 | PATCH | Ensure AIDE is installed | Wait for file before continuing"
+        ansible.builtin.wait_for:
+            path: /var/lib/aide/aide.db.new.gz
+
       - name: "1.3.1 | PATCH | Ensure AIDE is installed | copy AIDE DB"
         ansible.builtin.copy:
             src: /var/lib/aide/aide.db.new.gz
@@ -59,12 +59,12 @@
       path: /etc/aide.conf
       marker: "# {mark} Audit tools - CIS benchmark - Ansible-lockdown"
       block: |
-        /sbin/auditctl p+i+n+u+g+s+b+acl+xattrs+sha512
-        /sbin/auditd p+i+n+u+g+s+b+acl+xattrs+sha512
-        /sbin/augenrules p+i+n+u+g+s+b+acl+xattrs+sha512
-        /sbin/aureport p+i+n+u+g+s+b+acl+xattrs+sha512
-        /sbin/ausearch p+i+n+u+g+s+b+acl+xattrs+sha512
-        /sbin/autrace p+i+n+u+g+s+b+acl+xattrs+sha512
+        /usr/sbin/auditctl p+i+n+u+g+s+b+acl+xattrs+sha512
+        /usr/sbin/auditd p+i+n+u+g+s+b+acl+xattrs+sha512
+        /usr/sbin/augenrules p+i+n+u+g+s+b+acl+xattrs+sha512
+        /usr/sbin/aureport p+i+n+u+g+s+b+acl+xattrs+sha512
+        /usr/sbin/ausearch p+i+n+u+g+s+b+acl+xattrs+sha512
+        /usr/sbin/autrace p+i+n+u+g+s+b+acl+xattrs+sha512
       validate: aide -D --config %s
   when:
       - rhel9cis_rule_1_3_3