From 9d68c4bdf2c2e582de96ddb8822d739a2b30dff3 Mon Sep 17 00:00:00 2001
From: Karl DeBisschop <kdebisschop@gmail.com>
Date: Sat, 26 Mar 2022 03:25:57 -0400
Subject: [PATCH] Ensure AIDE runs regularly. (#40)

Do not create weekly cron if the apt-provided /etc/cron.daily/aide file exists.
Update cron file settings to match comment and run weekly, not daily.

Co-authored-by: Karl DeBisschop <karl.debisschop@bioraft.com>
---
 tasks/section1.yml | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/tasks/section1.yml b/tasks/section1.yml
index 8cbcf36..4ca7e63 100644
--- a/tasks/section1.yml
+++ b/tasks/section1.yml
@@ -661,6 +661,17 @@
       - patch
       - rule_1.4.1
 
+- name: "SCORED | 1.4.1 | PATCH | Stat AIDE daily cron"
+  stat: path=/etc/cron.daily/aide
+  register: aide_daily_cron
+  tags:
+    - level1
+    - scored
+    - aide
+    - file_integrity
+    - patch
+    - rule_1.4.2
+
 - name: "SCORED | 1.4.2 | PATCH | Ensure filesystem integrity is regularly checked"
   cron:
       name: Run AIDE integrity check weekly
@@ -670,10 +681,11 @@
       hour: "{{ ubuntu2004cis_aide_cron['aide_hour'] | default('5') }}"
       day: "{{ ubuntu2004cis_aide_cron['aide_day'] | default('*') }}"
       month: "{{ ubuntu2004cis_aide_cron['aide_month'] | default('*') }}"
-      weekday: "{{ ubuntu2004cis_aide_cron['aide_weekday'] | default('*') }}"
+      weekday: "{{ ubuntu2004cis_aide_cron['aide_weekday'] | default('0') }}"
       job: "{{ ubuntu2004cis_aide_cron['aide_job'] }}"
   when:
       - ubuntu2004cis_rule_1_4_2
+      - not aide_daily_cron.stat.exists
   tags:
       - level1
       - scored