mateusz/portfolio
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add IBM AIX 7 CIS-inspired hardening playbook

Browse Source
This commit is contained in:
Mateusz Suski
2026-05-06 09:21:15 +00:00
parent 2fd9c0b5ef
commit 02a51f72f9
18 changed files with 1009 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
infra-run/ansible/roles/cis-aix7-hardening/tasks/audit.yml
+32
View File
@@ -0,0 +1,32 @@
---
- name: Validate AIX audit configuration file
ansible.builtin.stat:
path: "{{ cis_audit_config_path }}"
register: cis_aix_audit_config
- name: Collect AIX audit query status
ansible.builtin.command: audit query
changed_when: false
failed_when: false
check_mode: false
register: cis_aix_audit_status
- name: Enable AIX audit subsystem when explicitly configured
ansible.builtin.command: audit start
changed_when: true
when:
- cis_enable_audit | bool
- cis_aix_audit_config.stat.exists
- cis_aix_audit_status.rc != 0 or 'auditing off' in (cis_aix_audit_status.stdout | default('') | lower)
notify: restart audit
- name: Report audit status
ansible.builtin.debug:
msg:
- >-
{{ 'OK: AIX audit configuration file exists.'
if cis_aix_audit_config.stat.exists else 'WARNING: AIX audit configuration file was not found.' }}
- >-
{{ 'OK: Audit enablement is explicitly allowed by cis_enable_audit.'
if cis_enable_audit | bool else 'WARNING: Audit enablement is disabled by default; validation only was performed.' }}
- "OK: audit query rc={{ cis_aix_audit_status.rc }} output={{ cis_aix_audit_status.stdout | default('') }}"