---
- name: Ensure auditd is installed
  ansible.builtin.package:
    name: audit
    state: present
  tags:
    - harden

- name: Ensure auditd is enabled
  ansible.builtin.service:
    name: auditd
    enabled: true

- name: Ensure auditd buffer is OK
  ansible.builtin.replace:
    path: /etc/audit/rules.d/audit.rules
    regexp: '-b \d+'
    replace: '-b {{ audit_buffer }}'
  notify:
    - regenerate_auditd_rules
  tags:
    - harden

- name: Collect specific executables for dynamic list
  ansible.builtin.command: "find /usr/bin /usr/sbin /usr/lib /usr/libexec -xdev -perm /6000 -type f"
  register: exec_find_output

- name: Set variable for above collection
  ansible.builtin.set_fact:
    audit_suid_list: "{{ exec_find_output.stdout_lines }}"

- name: Ensure collection audit rules are available
  ansible.builtin.template:
    src: "etc/audit/rules.d/collection.rules.j2"
    dest: "/etc/audit/rules.d/collection.rules"
    owner: root
    group: root
    mode: '0600'
    backup: true
  notify:
    - regenerate_auditd_rules
  tags:
    - harden
...