feat: Allow setup aide inside of cron job

Signed-off-by: Radovan Sroka <[email protected]>
linux-system-roles · Dec 20, 2024 · ff2b9ad · ff2b9ad
1 parent cdfdd35
commit ff2b9ad
Show file tree

Hide file tree

Showing 5 changed files with 77 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -85,6 +85,33 @@ Default: `false`
 
 Type: `bool`
 
+### aide_cron_check
+
+Set up periodic cron check for aide
+
+Default: `false`
+
+Type: `bool`
+
+### aide_cron_interval
+
+Set check interval for cron
+
+``` yaml
+# Example of job definition:
+# .---------------- minute (0 - 59)
+# |  .------------- hour (0 - 23)
+# |  |  .---------- day of month (1 - 31)
+# |  |  |  .------- month (1 - 12) OR jan,feb,mar,apr ...
+# |  |  |  |  .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
+# |  |  |  |  |
+# *  *  *  *  *
+```
+
+Default: `0 12 * * *`
+
+Type: `string`
+
 ## Example Playbook
 
 Including an example of how to use your role (for instance, with variables

diff --git a/defaults/main.yml b/defaults/main.yml
@@ -20,3 +20,17 @@ aide_check: false
 
 # Enable database update phase
 aide_update: false
+
+# Enable periodic check
+aide_cron_check: false
+
+# Example of job definition:
+# .---------------- minute (0 - 59)
+# |  .------------- hour (0 - 23)
+# |  |  .---------- day of month (1 - 31)
+# |  |  |  .------- month (1 - 12) OR jan,feb,mar,apr ...
+# |  |  |  |  .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
+# |  |  |  |  |
+# *  *  *  *  *
+# Set cron check interval
+aide_cron_interval: "0 12 * * *"
diff --git a/examples/default.yml b/examples/default.yml
@@ -10,5 +10,6 @@
         aide_fetch_db: false
         aide_check: false
         aide_update: false
+        aide_cron_check: false
       ansible.builtin.include_role:
         name: linux-system-roles.aide
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -104,3 +104,17 @@
       ansible.builtin.file:
         path: "{{ __aide_db_new_name }}"
         state: absent
+
+- name: Update aide check cron configuration if necessary
+  ansible.builtin.lineinfile:
+    path: /etc/crontab
+    regexp: "^.* root /usr/sbin/aide --check"
+    line: "{{ aide_cron_interval }} root /usr/sbin/aide --check"
+  when: aide_cron_check | bool
+
+- name: Remove aide check cron configuration if necessary
+  ansible.builtin.lineinfile:
+    path: /etc/crontab
+    state: absent
+    regexp: "^.* root /usr/sbin/aide --check"
+  when: not aide_cron_check | bool
diff --git a/tests/tests_check_cron.yml b/tests/tests_check_cron.yml
@@ -0,0 +1,21 @@
+# SPDX-License-Identifier: MIT
+---
+- name: Ensure that the cron is set up
+  hosts: all
+  gather_facts: false  # test that role works in this case
+  roles:
+    - role: linux-system-roles.aide
+      vars:
+        aide_init: true
+        aide_cron_check: true
+        aide_cron_interval: "0 12 * * *"
+  tasks:
+    - name: Check file content
+      ansible.builtin.lineinfile:
+        path: /etc/crontab
+        regexp: "^0 12 \\* \\* \\* root /usr/bin/aide --check"
+        state: absent
+      check_mode: true
+      changed_when: false
+      vars:
+        __fingerprint: system_role:aide