An Ansible role to install, configure, and schedule AIDE.

The default settings will deploy all the same configuration options that come with a default aide.conf after installing the tool.

aide_pkg: aide #override with a specific version if required
aide_dbdir: /var/lib/aide
aide_database_filename: 'aide.db.gz' #only the filename, no path
aide_database_out_filename: 'aide.db.new.gz' #only the filename, no path
aide_gzip_dbout: 'yes' #yes|no
aide_verbose: 5 #level of verbosity 0-255
aide_report_url: []
aide_acl_no_symlink_follow: 'yes' #yes|true|no|false
aide_warn_dead_symlinks: 'no' #yes|true|no|false
aide_summarize_changes: 'no' #yes|true|no|false
aide_report_attributes: [] #list of default rules to report: p,i,n,u,g,s,b,m,a,c,S,acl,selinux,xattrs,md5,sha1,sha256,sha512,rmd160,tiger,haval,gost,crc32,whirlpool
aide_ignore_list: [] #list of default rules to ignore in reports ^
aide_config_version: 1 #optional for information only
aide_cron_schedule_check: True #Whether or not to add a scheduled aide --check to cron you'd have to manually run your checks if preferred aide_cron_email_notify: '' #Who to email aide report to after aide --check. Can be comma-separated list
aide_cronjob_name: 'aide scheduled database checkup' #will put a comment in crontab for this scheduled job
aide_cron_sched_min: '0' #minute
aide_cron_sched_hr: '1' #hour
aide_cron_sched_day: '' #day
aide_cron_sched_mon: '' #month
aide_cron_sched_wkd: '*' #weekday

aide_macros:   
  define:   
     - name: Give it a name   
       variable: Name_of_Variable   
       value: Value of the variable   
     - name: DBDIR var   
       variable: DBDIR   
       value: /var/lib/aide   
  undefine:   
     - name: Some var to undefine   
       variable: Name_of_Variable  #This would effectively undefine the variable we defined above   
     - name: Undefining DBDIR var   
       variable: DBDIR   

A YAML spec was built to handle all of these items in a relatively organized way.

aide_rules:   
  - name: My first rule                                                #Required   
    rule: FIPSR                                                        #Required   
    comment: Comment to put above this rule declaration                #Optional   
    attributes: []  #List made up of default rules or defined rules    #Required except on special negative rule   
    paths:                                                             #Optional   
       - /my/include/path/1  #Cannot start with '!' see Ignore/Negative Selection Paths   
       - /my/include/path/2

Add a rule to your aide_rules: definition with rule: negative
Here's an example, and you can also find an example in this Role's defaults/main.yml:

aide_rules:   
  - name: My negative/ignore selections                                #Required   
    rule: negative                                                     #Required   
    paths:                                                             #Required   
       - /my/ignore/path/1    
       - /my/ignore/path/2

Do not include an '!' in front of the paths, the template logic will automatically do this for you.

The default is to setup an 'aide --check' in crontab. Should you wish to change this after already allowing this role to create the cron job, simply switch the variable aide_cron_schedule_check to False. This will remove the cron job from your system's crontab on the next playbook run. One caveat to be aware of is that the aide_cronjob_name variable must match what's currently in the crontab to be removed properly.

- hosts: servers
  roles:
     - ahuffman.aide

MIT

Andrew J. Huffman