/ansible-role-sys_aide

An Ansible Role to install and configure AIDE.

Primary LanguagePythonBSD 3-Clause "New" or "Revised" LicenseBSD-3-Clause

Github (tag) Github (license) Github (issues) Github (pull requests)

Travis (com)

Ansible (min. version) Ansible (platforms) Ansible (tags)

Ansible Role: sys_aide

An Ansible Role to install and configure AIDE.

Motivation

AIDE (Advanced Intrusion Detection Environment) is a file and directory integrity checker. It is part of many compliance guidelines and many operators will have the need to use it.

Description

This Ansible Role installs and configures AIDE.

  • install packages
  • configure database path and name
  • initialize a new database
  • create systemd timer or cron job

Requirements

Used Modules:

Installation

Install from Ansible Galaxy

ansible-galaxy install while_true_do.sys_aide

Install from Github

git clone https://github.com/while-true-do/ansible-role-sys_aide.git while_true_do.sys_aide

Usage

Role Variables

---
# defaults file for while_true_do.sys_aide

## Package Management
wtd_sys_aide_package: "aide"
# State can be present|latest|absent
wtd_sys_aide_package_state: "present"

## Configuration Management
# DB Configuration
wtd_sys_aide_conf_db_path: "/var/lib/aide"
wtd_sys_aide_conf_db_name: "aide.db.gz"
wtd_sys_aide_conf_db_new_name: "aide.db.new.gz"
# Scheduler can be: cron|systemd|none
wtd_sys_aide_conf_scheduler: "systemd"
# times can be any valid time format for the scheduler
# daily, weekly, monthly are recommended
wtd_sys_aide_conf_times: "weekly"

Example Playbook

Running Ansible Roles can be done in a playbook.

Simple

---
- hosts: all
  roles:
    - role: while_true_do.sys_aide

Advanced

Use cron as a scheduler and run the check daily.

- hosts: all
  roles:
    - role: while_true_do.sys_aide
      wtd_sys_aide_conf_scheduler: "cron"
      wtd_sys_aide_conf_times: "daily"

Known Issues

  1. RedHat Testing is currently not possible in public, due to limitations in subscriptions.
  2. Some services and features cannot be tested properly, due to limitations in docker.

Testing

Most of the "generic" tests are located in the Test Library.

Ansible specific testing is done with Molecule.

Infrastructure testing is done with testinfra.

Automated testing is done with Travis CI.

Contribute

Thank you so much for considering to contribute. We are very happy, when somebody is joining the hard work. Please fell free to open Bugs, Feature Requests or Pull Requests after reading the Contribution Guideline.

See who has contributed already in the kudos.txt.

License

This work is licensed under a BSD-3-Clause License.

Contact