feat: Allow setup aide inside of cron job

README.md

@@ -85,6 +85,34 @@ Default: `false`
 
 Type: `bool`
 
+### aide_cron_check
+
+If set to `true`, configures periodic cron check for aide
+If set to `false`, removes the periodic cron check
+
+Default: `null`
+
+Type: `bool`
+
+### aide_cron_interval
+
+Set check interval for cron
+
+``` yaml
+# Example of job definition:
+# .---------------- minute (0 - 59)
+# |  .------------- hour (0 - 23)
+# |  |  .---------- day of month (1 - 31)
+# |  |  |  .------- month (1 - 12) OR jan,feb,mar,apr ...
+# |  |  |  |  .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
+# |  |  |  |  |
+# *  *  *  *  *
+```
+
+Default: `0 12 * * *`
+
+Type: `string`
+
 ## Example Playbook
 
 Including an example of how to use your role (for instance, with variables

defaults/main.yml

@@ -20,3 +20,17 @@ aide_check: false
 
 # Enable database update phase
 aide_update: false
+
+# Enable periodic check
+aide_cron_check: null
+
+# Example of job definition:
+# .---------------- minute (0 - 59)
+# |  .------------- hour (0 - 23)
+# |  |  .---------- day of month (1 - 31)
+# |  |  |  .------- month (1 - 12) OR jan,feb,mar,apr ...
+# |  |  |  |  .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
+# |  |  |  |  |
+# *  *  *  *  *
+# Set cron check interval
+aide_cron_interval: "0 12 * * *"

tasks/main.yml

@@ -26,7 +26,7 @@
   when: aide_db_template is not none
 
 # - name: Print Header
-#   ansible.builtin.shell: head /etc/aide.conf || true
+#   ansible.builtin.command: head /etc/aide.conf || true
 
 - name: Initialize AIDE database
   when: aide_init | bool
@@ -104,3 +104,21 @@
       ansible.builtin.file:
         path: "{{ __aide_db_new_name }}"
         state: absent
+
+- name: Update aide check cron configuration if necessary
+  ansible.builtin.lineinfile:
+    path: /etc/crontab
+    regexp: "^.* root /usr/sbin/aide --check"
+    line: "{{ aide_cron_interval }} root /usr/sbin/aide --check"
+  when:
+    - aide_cron_check is not none
+    - aide_cron_check | bool
+
+- name: Remove aide check cron configuration if necessary
+  ansible.builtin.lineinfile:
+    path: /etc/crontab
+    state: absent
+    regexp: "^.* root /usr/sbin/aide --check"
+  when:
+    - aide_cron_check is not none
+    - not aide_cron_check | bool

tests/tests_check_cron.yml

@@ -0,0 +1,47 @@
+# SPDX-License-Identifier: MIT
+---
+- name: Ensure that the cron is set up
+  hosts: all
+  gather_facts: false
+  roles:
+    - role: linux-system-roles.aide
+      vars:
+        aide_init: true
+        aide_cron_check: true
+        aide_cron_interval: "0 12 * * *"
+  tasks:
+ #   - name: Print crontab 1
+ #     ansible.builtin.command: cat /etc/crontab
+
+    - name: Check file content
+      ansible.builtin.lineinfile:
+        path: /etc/crontab
+        regexp: "^.* root /usr/sbin/aide --check"
+        line: "0 12 * * * root /usr/sbin/aide --check"
+        state: present
+      register: result
+      failed_when: result.changed
+      vars:
+        __fingerprint: system_role:aide
+
+- name: Ensure that the cron is not set up
+  hosts: all
+  gather_facts: false
+  roles:
+    - role: linux-system-roles.aide
+      vars:
+        aide_cron_check: false
+  tasks:
+#    - name: Print crontab 2
+#      ansible.builtin.command: cat /etc/crontab
+
+    - name: Check file content
+      ansible.builtin.lineinfile:
+        path: /etc/crontab
+        regexp: "^.* root /usr/sbin/aide --check"
+        line: "0 12 * * * root /usr/sbin/aide --check"
+        state: present
+      register: result
+      failed_when: not result.changed
+      vars:
+        __fingerprint: system_role:aide

vars/main.yml

@@ -6,7 +6,7 @@
 
 # Examples of non-distribution specific (generic) internal variables:
 __aide_config: aide.conf
-__aide_packages: ['aide']
+__aide_packages: ["aide", "crontabs"]
 __aide_services: []
 __aide_db_name: /var/lib/aide/aide.db.gz
 __aide_db_new_name: /var/lib/aide/aide.db.new.gz