# platform = multi_platform_rhel,multi_platform_fedora
# reboot = true
# strategy = restrict
# complexity = low
# disruption = low

#
# What architecture are we on?
#
- name: Set architecture for audit %NAME% tasks
  set_fact:
    audit_arch: "b{{ ansible_architecture | regex_replace('.*(\\d\\d$)','\\1') }}"

#
# Inserts/replaces the rule in /etc/audit/rules.d
#
- name: Search /etc/audit/rules.d for other user/group modification audit rules
  find:
    paths: "/etc/audit/rules.d"
    recurse: no
    contains: "-k audit_rules_usergroup_modification$"
    patterns: "*.rules"
  register: find_%NAME%

- name: If existing user/group modification ruleset not found, use /etc/audit/rules.d/privileged.rules as the recipient for the rule
  set_fact:
    all_files: 
      - /etc/audit/rules.d/privileged.rules
  when: find_%NAME%.matched == 0

- name: Use matched file as the recipient for the rule
  set_fact:
    all_files:
      - "{{ find_%NAME%.files | map(attribute='path') | list | first }}"
  when: find_%NAME%.matched > 0

- name: Inserts/replaces the %NAME% rule in rules.d when on x86
  lineinfile:
    path: "{{ all_files[0] }}"
    line: "-w %PATH% -p wa -k audit_rules_usergroup_modification"
    create: yes
  tags:
    @ANSIBLE_TAGS@

#    
# Inserts/replaces the rule in /etc/audit/audit.rules
#
- name: Inserts/replaces the %NAME% rule in /etc/audit/audit.rules 
  lineinfile:
    line: "{{ item }}"
    state: present
    dest: /etc/audit/audit.rules
  with_items:
    - "-w %PATH% -p wa -k audit_rules_usergroup_modification"
  tags:
    @ANSIBLE_TAGS@
