add separate handlers for audit restart

Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
2024-11-10 09:14:18 +00:00 · 2023-11-21 21:45:05 +01:00 · 2023-11-21 21:45:05 +01:00 · 60d10811d4
commit 60d10811d4
parent 84c43c0550
1 changed files with 11 additions and 1 deletions
--- a/roles/os_hardening/handlers/main.yml
+++ b/roles/os_hardening/handlers/main.yml
@ -2,10 +2,20 @@
 - name: Update-initramfs # noqa no-changed-when
  ansible.builtin.command: update-initramfs -u

+- name: Restart auditd
+  ansible.builtin.systemd:
+    name: auditd
+    state: restarted
+  when: 
+    - molecule_yml.driver.name | default() != "docker" # restarting auditd in a container does not 
+    - not ansible_facts.os_family == 'RedHat'
+
 - name: Restart auditd # noqa command-instead-of-module no-changed-when
  ansible.builtin.command:
    cmd: service auditd restart # rhel: see: https://access.redhat.com/solutions/2664811
-  when: molecule_yml.driver.name | default() != "docker" # restarting auditd in a container does not work
+  when: 
+    - molecule_yml.driver.name | default() != "docker" # restarting auditd in a container does not work
+    - ansible_facts.os_family == 'RedHat'

 - name: Reload systemd
  ansible.builtin.systemd: