578ce32998
If a deployer installs AIDE the first time they apply the role without initializing AIDE and they want to initialize it later, the handler that does the initialization never fires. This patch does a few things: - Ensures AIDE initialization if the initialize_aide bool is True - Doesn't intialize the AIDE db if it already exists - Moves the new db into place on Red Hat systems - Moves the AIDE tasks into its own file with tags - Prevents AIDE from trawling through /var Closes-bug: 1616281 Change-Id: I85d65738fde064b06b1147c529b22c3f44a33e94
18 lines
712 B
YAML
18 lines
712 B
YAML
---
|
|
features:
|
|
- |
|
|
AIDE is configured to skip the entire ``/var`` directory when it does the
|
|
database initialization and when it performs checks. This reduces disk
|
|
I/O and allows these jobs to complete faster.
|
|
|
|
This also allows the initialization to become a blocking process and
|
|
Ansible will wait for the initialization to complete prior to running the
|
|
next task.
|
|
fixes:
|
|
- |
|
|
AIDE initialization is now always run on subsequent playbook runs when
|
|
``security_initialize_aide`` is set to ``yes``. The initialization will
|
|
be skipped if AIDE isn't installed or if the AIDE database already exists.
|
|
|
|
See `bug 1616281 <https://launchpad.net/bugs/1616281>`_ for more details.
|