Describe the Issue
One of the parts of 1.3.1 installs AIDE and then configures it with aide init. However, this doesn't run if aide was already existing in the packages which can be the case. Remembering that Ansible modules are predominantly idempotent this check isn't necessary as it won't install if its already there. Also, the configure aide task doesn't run which causes the whole lot to fail an audit as AIDE hasn't initialised the db.
Also with this task it calls the command aide init This for my version of ubuntu (22.04) did not work. My version of aide is: 0.17.4-1
When I try the aide init option I get:
aide: extra parameter: 'init'
When I try the --init option I get:
aide --initERROR: missing configuration (use '--config' '--before' or '--after' command line parameter)
The command aide --config /etc/aide/aide.conf --init works
Also the command: aideinit works
Also, another issue is 1.3.2 that the file /usr/bin/aide.wrapper is not found and may be from an older version of AIDE. So the cron job variable for AIDE called: ubtu22cis_aide_cron needs to be updated to just /usr/bin/aide
Expected Behavior
AIDE is installed if required or initialised and configured correctly if already there.
Actual Behavior
AIDE isn't configured as it is already installed and also the cron job is calling the wrong file. Additionally, the command it runs is incorrect and fails. but the task continues on.
Control(s) Affected
1.3.x
Possible Solution
Remove condition in
when: - "'aide' not in ansible_facts.packages or'aide-common' not in ansible_facts.packages"
As the modules are idempotent anyway so won't install.
Move the 1.3.1 | PATCH | Ensure AIDE is installed | Configure AIDE outside of the block as it should be separate to installing.
Change the aide init command to aide --config /etc/aide/aide.conf --init
Change cron job to call /usr/bin/aide
Describe the Issue One of the parts of 1.3.1 installs AIDE and then configures it with aide init. However, this doesn't run if aide was already existing in the packages which can be the case. Remembering that Ansible modules are predominantly idempotent this check isn't necessary as it won't install if its already there. Also, the configure aide task doesn't run which causes the whole lot to fail an audit as AIDE hasn't initialised the db.
Also with this task it calls the command
aide initThis for my version of ubuntu (22.04) did not work. My version of aide is:0.17.4-1When I try the
aide initoption I get:aide: extra parameter: 'init'When I try the
--initoption I get:aide --initERROR: missing configuration (use '--config' '--before' or '--after' command line parameter)The command
aide --config /etc/aide/aide.conf --initworks Also the command:aideinitworksAlso, another issue is 1.3.2 that the file
/usr/bin/aide.wrapperis not found and may be from an older version of AIDE. So the cron job variable for AIDE called:ubtu22cis_aide_cronneeds to be updated to just/usr/bin/aideExpected Behavior AIDE is installed if required or initialised and configured correctly if already there.
Actual Behavior AIDE isn't configured as it is already installed and also the cron job is calling the wrong file. Additionally, the command it runs is incorrect and fails. but the task continues on.
Control(s) Affected 1.3.x
Possible Solution Remove condition in
when: - "'aide' not in ansible_facts.packages or'aide-common' not in ansible_facts.packages"As the modules are idempotent anyway so won't install. Move the1.3.1 | PATCH | Ensure AIDE is installed | Configure AIDEoutside of the block as it should be separate to installing. Change theaide initcommand toaide --config /etc/aide/aide.conf --initChange cron job to call/usr/bin/aide