diff --git a/defaults/main.yml b/defaults/main.yml index 2a98ca1..06f85a0 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -9,6 +9,7 @@ auditd_exclude_rule_stages: [] # This option prevents auditd from performing change/restart actions at runtime and requires a reboot instead. # For security reasons, this option should only be disabled for testing purposes. auditd_refuse_manual_stop: True +auditd_reboot_on_change: False # @var auditd_config_immutable:description: > # The auditd daemon is configured to use the augenrules program to read audit rules during diff --git a/handlers/main.yml b/handlers/main.yml index 359b740..e4e27f8 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -9,3 +9,13 @@ listen: __auditd_restart become: True become_user: root + +- name: Reboot server + reboot: + reboot_timeout: 600 + when: + - auditd_reboot_on_change | bool + - auditd_refuse_manual_stop | bool + listen: __auditd_restart + become: True + become_user: root