We have a playbook that runs every night that will do a "yum update" on all of our servers, then performs an "aide --update" to keep AIDE up to date. Whenever a difference is found, Ansible flags it as a fatal error. The msg is "non zero return code" and the rc value is 7.
Here'a sample of the output:
AIDE 0.15.1 found differences between database and filesystem!!
Start timestamp: 2019-08-12 02:39:23
Summary:
Total number of files: 188094
Added files: 137
Removed files: 4
Changed files: 16
---------------------------------------------------
Added files:
---------------------------------------------------
added: /bin/insights-client
added: /bin/insights-client-run
added: /bin/redhat-access-insights
added: /bin/sha1hmac
added: /bin/sha256hmac
added: /bin/sha384hmac
added: /bin/sha512hmac
added: /boot/initramfs-3.10.0-957.21.2.el7.x86_64.img.bak
added: /etc/cron.daily/aide.check
added: /etc/insights-client
added: /etc/insights-client/.cache.json
added: /etc/insights-client/.cache.json.asc
added: /etc/insights-client/.exp.sed
added: /etc/insights-client/.fallback.json
added: /etc/insights-client/.fallback.json.asc
added: /etc/insights-client/.insights-core-gpg-sig.etag
added: /etc/insights-client/.insights-core.etag
added: /etc/insights-client/.last-upload.results
added: /etc/insights-client/.lastupload
added: /etc/insights-client/.registered
added: /etc/insights-client/cert-api.access.redhat.com.pem
added: /etc/insights-client/insights-client.conf
added: /etc/insights-client/machine-id
added: /etc/insights-client/redhattools.pub.gpg
added: /etc/insights-client/rpm.egg
added: /etc/insights-client/rpm.egg.asc
added: /etc/pki/entitlement/7834364010455541223-key.pem
added: /etc/pki/entitlement/7834364010455541223.pem
added: /etc/redhat-access-insights
added: /etc/redhat-access-insights/.lastupload
added: /etc/redhat-access-insights/.registered
added: /etc/redhat-access-insights/machine-id
added: /etc/redhat-access-insights/redhat-access-insights.conf
added: /etc/redhat-access-insights/redhat-access-insights.cron
added: /etc/sysctl.d/99-tcpsack.conf
added: /etc/system-fips
added: /etc/systemd/system/multi-user.target.wants/insights-client.timer
added: /lib/dracut/dracut.conf.d/40-fips.conf
added: /lib/dracut/modules.d/01fips
added: /lib/dracut/modules.d/01fips/fips-boot.sh
added: /lib/dracut/modules.d/01fips/fips-noboot.sh
added: /lib/dracut/modules.d/01fips/fips.sh
added: /lib/dracut/modules.d/01fips/module-setup.sh
added: /lib/python2.7/site-packages/insights_client
added: /lib/python2.7/site-packages/insights_client/__init__.py
added: /lib/python2.7/site-packages/insights_client/__init__.pyc
added: /lib/python2.7/site-packages/insights_client/__init__.pyo
added: /lib/python2.7/site-packages/insights_client/constants.py
added: /lib/python2.7/site-packages/insights_client/constants.pyc
added: /lib/python2.7/site-packages/insights_client/constants.pyo
added: /lib/python2.7/site-packages/insights_client/major_version.py
added: /lib/python2.7/site-packages/insights_client/major_version.pyc
added: /lib/python2.7/site-packages/insights_client/major_version.pyo
added: /lib/python2.7/site-packages/insights_client/run.py
added: /lib/python2.7/site-packages/insights_client/run.pyc
added: /lib/python2.7/site-packages/insights_client/run.pyo
added: /lib/python2.7/site-packages/insights_client-3.0.3-py2.7.egg-info
added: /lib/python2.7/site-packages/insights_client-3.0.3-py2.7.egg-info/PKG-INFO
added: /lib/python2.7/site-packages/insights_client-3.0.3-py2.7.egg-info/SOURCES.txt
added: /lib/python2.7/site-packages/insights_client-3.0.3-py2.7.egg-info/dependency_links.txt
added: /lib/python2.7/site-packages/insights_client-3.0.3-py2.7.egg-info/entry_points.txt
added: /lib/python2.7/site-packages/insights_client-3.0.3-py2.7.egg-info/requires.txt
added: /lib/python2.7/site-packages/insights_client-3.0.3-py2.7.egg-info/top_level.txt
added: /lib/systemd/system/insights-client.service
added: /lib/systemd/system/insights-client.timer
added: /lib64/hmaccalc
added: /lib64/hmaccalc/sha1hmac.hmac
added: /lib64/hmaccalc/sha256hmac.hmac
added: /lib64/hmaccalc/sha384hmac.hmac
added: /lib64/hmaccalc/sha512hmac.hmac
added: /root/.ansible
added: /root/.ansible/tmp
added: /root/.cache/imsettings/log.bak
added: /root/.gnupg/trustdb.gpg
added: /root/.local/share/gvfs-metadata/root
added: /root/.local/share/gvfs-metadata/root-bf61d634.log
added: /root/.local/share/gvfs-metadata/uuid-a128602d-0ebd-4c04-9260-4e8096c041f8-6ebc08c3.log
added: /root/.local/share/keyrings
added: /root/.local/share/keyrings/login.keyring
added: /root/.local/share/keyrings/user.keystore
added: /root/.ssh/known_hosts
added: /root/fips_part1.sh
added: /root/fips_part2.sh
added: /root/temp
added: /root/temp/gpg.conf
added: /root/temp/pubring.gpg
added: /root/temp/secring.gpg
added: /root/temp/trustdb.gpg
added: /usr/bin/insights-client
added: /usr/bin/insights-client-run
added: /usr/bin/redhat-access-insights
added: /usr/bin/sha1hmac
added: /usr/bin/sha256hmac
added: /usr/bin/sha384hmac
added: /usr/bin/sha512hmac
added: /usr/lib/dracut/dracut.conf.d/40-fips.conf
added: /usr/lib/dracut/modules.d/01fips
added: /usr/lib/dracut/modules.d/01fips/fips-boot.sh
added: /usr/lib/dracut/modules.d/01fips/fips-noboot.sh
added: /usr/lib/dracut/modules.d/01fips/fips.sh
added: /usr/lib/dracut/modules.d/01fips/module-setup.sh
added: /usr/lib/python2.7/site-packages/insights_client
added: /usr/lib/python2.7/site-packages/insights_client/__init__.py
added: /usr/lib/python2.7/site-packages/insights_client/__init__.pyc
added: /usr/lib/python2.7/site-packages/insights_client/__init__.pyo
added: /usr/lib/python2.7/site-packages/insights_client/constants.py
added: /usr/lib/python2.7/site-packages/insights_client/constants.pyc
added: /usr/lib/python2.7/site-packages/insights_client/constants.pyo
added: /usr/lib/python2.7/site-packages/insights_client/major_version.py
added: /usr/lib/python2.7/site-packages/insights_client/major_version.pyc
added: /usr/lib/python2.7/site-packages/insights_client/major_version.pyo
added: /usr/lib/python2.7/site-packages/insights_client/run.py
added: /usr/lib/python2.7/site-packages/insights_client/run.pyc
added: /usr/lib/python2.7/site-packages/insights_client/run.pyo
added: /usr/lib/python2.7/site-packages/insights_client-3.0.3-py2.7.egg-info
added: /usr/lib/python2.7/site-packages/insights_client-3.0.3-py2.7.egg-info/PKG-INFO
added: /usr/lib/python2.7/site-packages/insights_client-3.0.3-py2.7.egg-info/SOURCES.txt
added: /usr/lib/python2.7/site-packages/insights_client-3.0.3-py2.7.egg-info/dependency_links.txt
added: /usr/lib/python2.7/site-packages/insights_client-3.0.3-py2.7.egg-info/entry_points.txt
added: /usr/lib/python2.7/site-packages/insights_client-3.0.3-py2.7.egg-info/requires.txt
added: /usr/lib/python2.7/site-packages/insights_client-3.0.3-py2.7.egg-info/top_level.txt
added: /usr/lib/systemd/system/insights-client.service
added: /usr/lib/systemd/system/insights-client.timer
added: /usr/lib64/hmaccalc
added: /usr/lib64/hmaccalc/sha1hmac.hmac
added: /usr/lib64/hmaccalc/sha256hmac.hmac
added: /usr/lib64/hmaccalc/sha384hmac.hmac
added: /usr/lib64/hmaccalc/sha512hmac.hmac
added: /usr/share/doc/hmaccalc-0.9.13
added: /usr/share/doc/hmaccalc-0.9.13/LICENSE
added: /usr/share/doc/hmaccalc-0.9.13/README
added: /usr/share/man/man5/insights-client.conf.5.gz
added: /usr/share/man/man8/insights-client.8.gz
added: /usr/share/man/man8/sha1hmac.8.gz
added: /usr/share/man/man8/sha256hmac.8.gz
added: /usr/share/man/man8/sha384hmac.8.gz
added: /usr/share/man/man8/sha512hmac.8.gz
---------------------------------------------------
Removed files:
---------------------------------------------------
removed: /etc/pki/entitlement/2145996793070099965-key.pem
removed: /etc/pki/entitlement/2145996793070099965.pem
removed: /root/.gnupg/secring.gpg
removed: /root/.local/share/gvfs-metadata/uuid-a128602d-0ebd-4c04-9260-4e8096c041f8-f370c3c2.log
---------------------------------------------------
Changed files:
---------------------------------------------------
changed: /boot/efi/EFI/redhat/grub.cfg
changed: /boot/initramfs-3.10.0-957.21.2.el7.x86_64.img
changed: /boot/initramfs-3.10.0-957.21.2.el7.x86_64kdump.img
changed: /etc/group
changed: /etc/gshadow
changed: /etc/passwd
changed: /etc/shadow
changed: /etc/ssh/sshd_config
changed: /etc/sysconfig/network-scripts/ifcfg-em1
changed: /etc/yum.repos.d/redhat.repo
changed: /lib/dracut/modules.d
changed: /lib/python2.7/site-packages
changed: /usr/lib/dracut/modules.d
changed: /usr/lib/python2.7/site-packages
changed: /usr/lib64
changed: /usr/share/doc
---------------------------------------------------
Detailed information about changes:
---------------------------------------------------
File: /boot/efi/EFI/redhat/grub.cfg
SHA256 : xe1Df3lqjzE9xW98fqbQYCLrJ0HsYZZ4 , v5UhwoPnZH+0UOf/hn4Q671kreptd6QH
File: /boot/initramfs-3.10.0-957.21.2.el7.x86_64.img
SHA256 : FZpBgcK79j+KFxhKCd0DGbB9Ej/pvdSX , ICU/9a+jTsDD9PIfD5g6QOfxwyj20J30
SELinux : system_u:object_r:boot_t:s0 , unconfined_u:object_r:boot_t:s0
File: /boot/initramfs-3.10.0-957.21.2.el7.x86_64kdump.img
SHA256 : z4xF6KhC5h6tGCVXxgiBaueA/GFqxVa1 , CIf2TMcaOqlKTeI/Hr20MbU6G87IUURE
File: /etc/group
SHA256 : qGq+Ew69WkAPiKcIcqKu58CQLtaRmOdS , sn6BqRCXHJwYe7lFwjm5mr2WuyUvQ55x
File: /etc/gshadow
SHA256 : EfiOHQk7jP1ROuSKz7PmcoZqluPPcbgj , pSSCKc1sM3wpYqh3/11SmMtGR/6gHITR
File: /etc/passwd
SHA256 : +xnEaC5BmsE1xgs8k3jVii06RKdliG03 , sgwWHcGTAe1AoZi8LEfIe9yyuyKsBeO9
File: /etc/shadow
SHA256 : m9S0G9ByZLIxSUNDDxtKY3A3gFi8U9fx , i40ldV7xMJVwi+p6gyKAGWqOsxKIFDm2
File: /etc/ssh/sshd_config
SHA256 : LFERiUyFoz+gNGYa03lgfxq6F4jG098n , Wz0X/cSHDD6/sV52wbfZuUOiwmRzHWvG
File: /etc/sysconfig/network-scripts/ifcfg-em1
SHA256 : UIhQCZTs+kvvF29gLgVzZFQmJ3O1iR3z , DuZF4xhCU/Ba1IIjgHxaDZ7RdZT0byfV
File: /etc/yum.repos.d/redhat.repo
SHA256 : FkgVgM5NAhEkrAPalWhchoTmEqAOlhgG , eEmfpz41JvgfDRxcjfiW4nFkVmHydmRA
Directory: /lib/dracut/modules.d
Linkcount: 66 , 67
Directory: /lib/python2.7/site-packages
Linkcount: 114 , 116
Directory: /usr/lib/dracut/modules.d
Linkcount: 66 , 67
Directory: /usr/lib/python2.7/site-packages
Linkcount: 114 , 116
Directory: /usr/lib64
Linkcount: 153 , 154
Directory: /usr/share/doc
Linkcount: 1148 , 1149
Here's the playbook (it's included to a main playbook via "include_tasks":
---
- name: Capture aide binary path
command: "which aide"
register: aide_path
- name: Check for existing aide database
stat:
path: "/var/lib/aide/aide.db.gz"
register: aide_db_check
- name: Update aide database
command: "{{ aide_path.stdout }} -u"
register: aide_update
- name: Move new aide database into place
copy:
remote_src: true
src: /var/lib/aide/aide.db.new.gz
dest: /var/lib/aide/aide.db.gz
- name: Remove aide.db.new.gz
file:
path: /var/lib/aide/aide.db.new.gz
state: absent
Thanks,
Harry