Add RHEL 9 CIS-inspired hardening playbook

infra-run/ansible/roles/cis-rhel9-hardening/tasks/audit.yml

@@ -0,0 +1,38 @@
+---
+- name: Ensure audit rules directory exists
+  ansible.builtin.file:
+    path: /etc/audit/rules.d
+    state: directory
+    owner: root
+    group: root
+    mode: "0750"
+
+- name: Configure audit backlog limit
+  ansible.builtin.lineinfile:
+    path: /etc/audit/audit.rules
+    regexp: '^-b\s+'
+    line: "-b {{ cis_audit_backlog_limit }}"
+    create: true
+    owner: root
+    group: root
+    mode: "0640"
+  notify: restart auditd
+
+- name: Install baseline audit rules
+  ansible.builtin.lineinfile:
+    path: "{{ cis_audit_rules_path }}"
+    line: "{{ item }}"
+    create: true
+    owner: root
+    group: root
+    mode: "0640"
+  loop: "{{ cis_audit_rules }}"
+  loop_control:
+    label: "{{ item }}"
+  notify: restart auditd
+
+- name: Ensure auditd is enabled and running
+  ansible.builtin.systemd:
+    name: auditd
+    enabled: true
+    state: started