---
- name: Ensure auditd is installed
  ansible.builtin.package:
    name: audit
    state: present
  tags:
    - harden

- name: Ensure auditd is enabled
  ansible.builtin.service:
    name: auditd
    enabled: true

- name: Ensure auditd buffer is OK
  ansible.builtin.replace:
    path: /etc/audit/rules.d/audit.rules
    regexp: '-b \d+'
    replace: '-b {{ audit_buffer }}'
  notify:
    - regenerate_auditd_rules
  tags:
    - harden

- name: Ensure collection audit rules are available
  ansible.builtin.template:
    src: "etc/audit/rules.d/collection.rules.j2"
    dest: "/etc/audit/rules.d/collection.rules"
    owner: root
    group: root
    mode: '0600'
    backup: true
  notify:
    - regenerate_auditd_rules
  tags:
    - harden
...