AIDE

This is an ansible role that installs and configures the Advanced Intrusion Detection Environment (AIDE). For Day 2 tasks it can run integrity checks and update the AIDE database.

Notice: This is a very early stage of a work in progress. Please use with extreme caution as it might break your system.

What does this role do for you?

It ensures that the aide package is installed on the remote nodes
As an optional task it can generate the /etc/aide.conf file and template it out to the remote nodes
It initializes the AIDE database
The AIDE databases from the remote nodes are stored in a central directory on the controller node
It runs AIDE integrity checks on the remote nodes
It updates the AIDE databases and stores them on the controller node

How does the role do that?

The role is controlled by using Ansible Tags
If you run the playbook without specifying any tag the role will change nothing on your remote nodes
To execute some supported use cases you need to explicitly specify one or more of the following tags

Available tags to control and use the role

install - With this tag the role ensures that the aide package is installed on the remote nodes
generate_config - Generates the file /etc/aide.conf using templates/aide.conf.j2; the template needs to be adjusted to fit your requirements; if you do not use this tag the default configuration file shipped with the aide package will be used
init - Initializes the AIDE database and fetches it from the remote nodes to store it on the controller node
check - Runs an integrity check on the remote nodes
update - Updates the AIDE database and stores it on the controller node

What does this role not do for you?

It does not explain how to create a good AIDE configuration that suits your requirements; that task remains for you to accomplish

Requirements

This role has no special requirements as it uses ansible.builtin modules only.

Role Variables

aide_db_fetch_dir

This variable takes a string to specify the directory on the Ansible Control Node (ACN) where the role will store the AIDE database fetched from the remote nodes. The default value is files which is expected to be a directory in the same directory as the playbook.

In case you like to store the fetched AIDE database files somewhere else you need to specify a different path here.

Example of setting the variables:

aide_db_fetch_dir: files

Example Playbook

Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:

# SPDX-License-Identifier: MIT
---
- name: Example aide role invocation
  hosts: targets
  tasks:
    - name: Include role aide
      tags:
        - install
        - generate_config
        - init
        - check
        - update
      vars:
        aide_db_fetch_dir: files
      ansible.builtin.include_role:
        name: aide

More examples can be found in the examples/ directory.

License

MIT.

Author Information

Joerg Kastning

Name		Name	Last commit message	Last commit date
Latest commit History 18 Commits
.github		.github
.ostree		.ostree
defaults		defaults
examples		examples
meta		meta
tasks		tasks
templates		templates
tests		tests
vars		vars
.ansible-lint		.ansible-lint
.commitlintrc.js		.commitlintrc.js
.gitignore		.gitignore
.markdownlint.yaml		.markdownlint.yaml
.pandoc_template.html5		.pandoc_template.html5
.yamllint.yml		.yamllint.yml
LICENSE		LICENSE
README-ansible.md		README-ansible.md
README.md		README.md
contributing.md		contributing.md
tox.ini		tox.ini

License

Tronde/aide

Folders and files

Latest commit

History

Repository files navigation

AIDE

What does this role do for you?

How does the role do that?

Available tags to control and use the role

What does this role not do for you?

Requirements

Role Variables

aide_db_fetch_dir

Example Playbook

License

Author Information

About

Resources

License

Stars

Watchers

Forks

Languages