---

- name: POST | AUDITD | Apply auditd template will for section 4.1.3 - only required rules will be added
  ansible.builtin.template:
      src: audit/99_auditd.rules.j2
      dest: /etc/audit/rules.d/99_auditd.rules
      owner: root
      group: root
      mode: 0600
  register: audit_rules_updated
  notify:
      - Auditd_immutable_check
      - Audit_immutable_fact
      - Restart auditd

- name: POST | Set up auditd user logging exceptions
  ansible.builtin.template:
      src: audit/98_auditd_exception.rules.j2
      dest: /etc/audit/rules.d/98_auditd_exceptions.rules
      owner: root
      group: root
      mode: 0600
  notify: Restart auditd
  when:
      - allow_auditd_uid_user_exclusions
      - rhel9cis_auditd_uid_exclude | length > 0