Add IBM AIX 7 CIS-inspired hardening playbook

infra-run/ansible/roles/cis-aix7-hardening/handlers/main.yml

@@ -0,0 +1,44 @@
+---
+- name: Validate sshd configuration
+  ansible.builtin.command: "{{ cis_sshd_test_command }}"
+  changed_when: false
+  listen: validate sshd
+
+- name: Restart sshd using SRC
+  ansible.builtin.shell: |
+    set -o pipefail
+    if lssrc -s sshd >/dev/null 2>&1; then
+      stopsrc -s sshd >/dev/null 2>&1 || true
+      startsrc -s sshd
+    fi
+  args:
+    executable: /bin/ksh
+  changed_when: true
+  listen: restart sshd
+
+- name: Refresh inetd
+  ansible.builtin.command: refresh -s inetd
+  changed_when: true
+  failed_when: false
+  listen: refresh inetd
+
+- name: Refresh syslog
+  ansible.builtin.command: refresh -s syslogd
+  changed_when: true
+  failed_when: false
+  listen: refresh syslog
+
+- name: Restart audit subsystem
+  ansible.builtin.shell: |
+    set -o pipefail
+    if lssrc -s audit >/dev/null 2>&1; then
+      stopsrc -s audit >/dev/null 2>&1 || true
+      startsrc -s audit
+    else
+      audit start
+    fi
+  args:
+    executable: /bin/ksh
+  changed_when: true
+  when: cis_enable_audit | bool
+  listen: restart audit