---
- name: auditd | Copy auditd configuration
  copy:
    src: auditd/auditd.conf
    dest: /etc/audit/auditd.conf
    mode: '644'
    owner: root
    group: root

- name: auditd | Copy audit rules
  template:
    src: auditd/audit.rules.j2
    dest: /etc/audit/audit.rules
    mode: '644'
    owner: root
    group: root

- name: auditd | Copy daily cron job to rotate audit log
  copy:
    src: auditd/cron
    dest: /etc/periodic/daily/rotate-audit-log
    mode: '755'
    owner: root
    group: root
  when: auditd_logrotate_daily | bool

- name: auditd | Start auditd service on runlevel 'boot'
  service:
    name: auditd
    enabled: true
    state: started
    runlevel: boot
  notify: Notify auditd kernel parameter