ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-24 22:23:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
RHEL9-CIS/tasks/section_1/cis_1.4.x.yml
Mark Bolwell 95d8152603
added args warn for shell 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
2022-01-13 12:08:30 +00:00

47 lines
1.1 KiB
YAML
Raw Blame History

---
- name: "1.4.1 | L1 | PATCH | Ensure AIDE is installed"
block:
- name: "1.4.1 | L1 | PATCH | Ensure AIDE is installed | Install AIDE"
package:
name: aide
state: present
- name: "1.4.1 | L1 | PATCH | Ensure AIDE is installed | Configure AIDE"
shell: /usr/sbin/aide --init -B 'database_out=file:/var/lib/aide/aide.db.gz'
args:
warn: false
creates: /var/lib/aide/aide.db.gz
changed_when: false
failed_when: false
async: 45
poll: 0
when: not ansible_check_mode
when:
- rhel9cis_config_aide
- rhel9cis_rule_1_4_1
tags:
- level1-server
- level1-workstation
- scored
- aide
- patch
- rule_1.4.1
- name: "1.4.2 | L1 | PATCH | Ensure filesystem integrity is regularly checked"
template:
src: aide.cron.j2
dest: /etc/cron.d/aide.cron
owner: root
group: root
mode: 0644
when:
- rhel9cis_rule_1_4_2
tags:
- level1-server
- level1-workstation
- scored
- aide
- file_integrity
- patch
- rule_1.4.2
Reference in a new issue View git blame Copy permalink