Merge branch 'release/2.6'

README.md

@@ -76,3 +76,8 @@ Author Information
 ------------------
 
 Akos Balla
+
+External sources
+----------------
+
+Inspiration for the AIDE steps taken from [Andrew J. Huffman's Ansible role](https://github.com/ahuffman/ansible-aide)

handlers/main.yml

@@ -155,3 +155,8 @@
 - name: Warn on passwords
   ansible.builtin.debug:
     msg: "!!!WARNING!!! All web UI admin passwords are set to the same as your admin user's password. For your own safety, change them before going live"
+- name: Initialize aide database
+  ansible.builtin.command: /usr/sbin/aide -i
+  when: not aide_db_check.stat.exists
+- name: Move new aide database into place
+  ansible.builtin.command: mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz

tasks/aide.yml

@@ -0,0 +1,23 @@
+---
+- name: Check for existing aide database
+  ansible.builtin.stat:
+    path: /var/lib/aide/aide.db.gz
+  register: aide_db_check
+  changed_when: not aide_db_check.stat.exists
+  notify:
+    - Initialize aide database
+    - Move new aide database into place
+- name: Ensure AIDE check is setup in crontab
+  ansible.builtin.cron:
+    special_time: daily
+    name: AIDE scheduled database checkup
+    backup: yes
+    user: root
+    state: present
+    job: /usr/sbin/aide --check
+- name: Update AIDE database
+  when: aide_db_check.stat.exists
+  ansible.builtin.command: /usr/sbin/aide -u
+  register: aide_update
+  failed_when: aide_update.rc > 7
+  notify: Move new aide database into place

tasks/os.yml

@@ -107,3 +107,6 @@
     create: yes
     backup: yes
   tags: ssl
+- name: Configure AIDE
+  ansible.builtin.import_tasks: aide.yml
+  tags: aide

tasks/packages.yml

@@ -338,6 +338,7 @@
       - perl-Proc-ProcessTable
       - perl-CGI
       - imapsync
+      - aide
       # - php56-php-bcmath
       # - php56-php-channel-horde
       # - php56-php-horde-horde-lz4