Mateusz Suski
33 lines
1.2 KiB
YAML
33 lines
1.2 KiB
YAML
---
|
|
- name: Validate AIX audit configuration file
|
|
ansible.builtin.stat:
|
|
path: "{{ cis_audit_config_path }}"
|
|
register: cis_aix_audit_config
|
|
|
|
- name: Collect AIX audit query status
|
|
ansible.builtin.command: audit query
|
|
changed_when: false
|
|
failed_when: false
|
|
check_mode: false
|
|
register: cis_aix_audit_status
|
|
|
|
- name: Enable AIX audit subsystem when explicitly configured
|
|
ansible.builtin.command: audit start
|
|
changed_when: true
|
|
when:
|
|
- cis_enable_audit | bool
|
|
- cis_aix_audit_config.stat.exists
|
|
- cis_aix_audit_status.rc != 0 or 'auditing off' in (cis_aix_audit_status.stdout | default('') | lower)
|
|
notify: restart audit
|
|
|
|
- name: Report audit status
|
|
ansible.builtin.debug:
|
|
msg:
|
|
- >-
|
|
{{ 'OK: AIX audit configuration file exists.'
|
|
if cis_aix_audit_config.stat.exists else 'WARNING: AIX audit configuration file was not found.' }}
|
|
- >-
|
|
{{ 'OK: Audit enablement is explicitly allowed by cis_enable_audit.'
|
|
if cis_enable_audit | bool else 'WARNING: Audit enablement is disabled by default; validation only was performed.' }}
|
|
- "OK: audit query rc={{ cis_aix_audit_status.rc }} output={{ cis_aix_audit_status.stdout | default('') }}"
|