Ensure AIDE runs regularly. (#40)

Do not create weekly cron if the apt-provided /etc/cron.daily/aide file exists. Update cron file settings to match comment and run weekly, not daily. Co-authored-by: Karl DeBisschop <[email protected]>
florianutz · Mar 26, 2022 · 9d68c4b · 9d68c4b
1 parent 65ad8e7
commit 9d68c4b
Showing 1 changed file with 13 additions and 1 deletion.
diff --git a/tasks/section1.yml b/tasks/section1.yml
@@ -661,6 +661,17 @@
       - patch
       - rule_1.4.1
 
+- name: "SCORED | 1.4.1 | PATCH | Stat AIDE daily cron"
+  stat: path=/etc/cron.daily/aide
+  register: aide_daily_cron
+  tags:
+    - level1
+    - scored
+    - aide
+    - file_integrity
+    - patch
+    - rule_1.4.2
+
 - name: "SCORED | 1.4.2 | PATCH | Ensure filesystem integrity is regularly checked"
   cron:
       name: Run AIDE integrity check weekly
@@ -670,10 +681,11 @@
       hour: "{{ ubuntu2004cis_aide_cron['aide_hour'] | default('5') }}"
       day: "{{ ubuntu2004cis_aide_cron['aide_day'] | default('*') }}"
       month: "{{ ubuntu2004cis_aide_cron['aide_month'] | default('*') }}"
-      weekday: "{{ ubuntu2004cis_aide_cron['aide_weekday'] | default('*') }}"
+      weekday: "{{ ubuntu2004cis_aide_cron['aide_weekday'] | default('0') }}"
       job: "{{ ubuntu2004cis_aide_cron['aide_job'] }}"
   when:
       - ubuntu2004cis_rule_1_4_2
+      - not aide_daily_cron.stat.exists
   tags:
       - level1
       - scored