Corrections in aide_periodic_cron_checking and aide_scan_notification…

linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_checking_systemd_timer/ansible/shared.yml

@@ -16,7 +16,7 @@
         Description=Aide Check
         [Service]
         Type=simple
-        ExecStart=/usr/sbin/aide --check
+        ExecStart={{{ aide_bin_path }}} --check
         [Install]
         WantedBy=multi-user.target
 

linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_checking_systemd_timer/bash/shared.sh

@@ -8,7 +8,7 @@ cat > /etc/systemd/system/aidecheck.service <<EOF
 Description=Aide Check
 [Service]
 Type=simple
-ExecStart=/usr/sbin/aide --check
+ExecStart={{{ aide_bin_path }}} --check
 [Install]
 WantedBy=multi-user.target
 EOF

linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_checking_systemd_timer/tests/aide_timer_weekly.pass.sh

@@ -7,7 +7,7 @@ cat > /etc/systemd/system/aidecheck.service <<EOF
 Description=Aide Check
 [Service]
 Type=simple
-ExecStart=/usr/sbin/aide --check
+ExecStart={{{ aide_bin_path }}} --check
 [Install]
 WantedBy=multi-user.target
 EOF

linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/policy/stig/shared.yml

@@ -27,7 +27,7 @@ checktext: |-
     $ sudo more /etc/cron.daily/aide
 
     #!/bin/bash
-    /usr/sbin/aide --check | /bin/mail -s "$HOSTNAME - Daily aide integrity check run" root@sysname.mil
+    {{{ aide_bin_path }}} --check | /bin/mail -s "$HOSTNAME - Daily aide integrity check run" root@sysname.mil
 
     If the file integrity application does not exist, or a script file controlling the execution of the file integrity application does not exist, or the file integrity application does not notify designated personnel of changes, this is a finding.
 
@@ -39,4 +39,4 @@ fixtext: |-
     $ sudo more /etc/cron.daily/aide
 
     #!/bin/bash
-    /usr/sbin/aide --check | /bin/mail -s "$HOSTNAME - Daily aide integrity check run" root@sysname.mil
+    {{{ aide_bin_path }}} --check | /bin/mail -s "$HOSTNAME - Daily aide integrity check run" root@sysname.mil

linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/tests/aide_not_installed.fail.sh

@@ -3,4 +3,4 @@
 
 {{{ bash_package_remove("aide") }}}
 
-echo '21    21    *    *    *    root    /usr/sbin/aide --check &>/dev/null' >> /etc/crontab
+echo '21    21    *    *    *    root    {{{ aide_bin_path }}} --check &>/dev/null' >> /etc/crontab

linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/tests/cron_daily.pass.sh

@@ -2,4 +2,4 @@
 # packages = aide,crontabs
 
 mkdir -p /etc/cron.daily
-echo "/usr/sbin/aide --check" > /etc/cron.daily/aide
+echo "{{{ aide_bin_path }}} --check" > /etc/cron.daily/aide

linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/tests/cron_daily_complex.pass.sh

@@ -6,7 +6,7 @@
 mkdir -p /etc/cron.daily
 cat > /etc/cron.daily/aide << EOF
 #!/bin/sh
-nice ionice /usr/sbin/aide --check
-nice ionice /usr/sbin/aide --init
+nice ionice {{{ aide_bin_path }}} --check
+nice ionice {{{ aide_bin_path }}} --init
 /bin/mv -f /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz
 EOF

linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/tests/crontab_daily.pass.sh

@@ -1,4 +1,4 @@
 #!/bin/bash
 # packages = aide,crontabs
 
-echo '21    21    *    *    *    root    /usr/sbin/aide --check &>/dev/null' >> /etc/crontab
+echo '21    21    *    *    *    root    {{{ aide_bin_path }}} --check &>/dev/null' >> /etc/crontab

linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/tests/crontab_daily_shortcut.pass.sh

@@ -1,4 +1,4 @@
 #!/bin/bash
 # packages = aide,crontabs
 
-echo '@daily    root    /usr/sbin/aide --check &>/dev/null' >> /etc/crontab
+echo '@daily    root    {{{ aide_bin_path }}} --check &>/dev/null' >> /etc/crontab

linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/tests/crontab_monthly.fail.sh

@@ -4,4 +4,4 @@
 # aide installs automatically a file that is periodically run on /etc/cron.daily/aide
 rm -f /etc/cron.daily/aide
 
-echo '21    21    1    *    *    root    /usr/sbin/aide --check &>/dev/null' >> /etc/crontab
+echo '21    21    1    *    *    root    {{{ aide_bin_path }}} --check &>/dev/null' >> /etc/crontab

linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/tests/crontab_two_days_week.pass.sh

@@ -1,4 +1,4 @@
 #!/bin/bash
 # packages = aide,crontabs
 
-echo '21    21    *    *    1-2    root    /usr/sbin/aide --check &>/dev/null' >> /etc/crontab
+echo '21    21    *    *    1-2    root    {{{ aide_bin_path }}} --check &>/dev/null' >> /etc/crontab

linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/tests/crontab_weekly_on_exact_day.pass.sh

@@ -1,4 +1,4 @@
 #!/bin/bash
 # packages = aide,crontabs
 
-echo '21    21    *    *    3    root    /usr/sbin/aide --check &>/dev/null' >> /etc/crontab
+echo '21    21    *    *    3    root    {{{ aide_bin_path }}} --check &>/dev/null' >> /etc/crontab

linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/tests/crontab_weekly_shortcut.pass.sh

@@ -1,4 +1,4 @@
 #!/bin/bash
 # packages = aide,crontabs
 
-echo '@weekly    root    /usr/sbin/aide --check &>/dev/null' >> /etc/crontab
+echo '@weekly    root    {{{ aide_bin_path }}} --check &>/dev/null' >> /etc/crontab

linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/tests/crontab_weekly_word.pass.sh

@@ -1,4 +1,4 @@
 #!/bin/bash
 # packages = aide,crontabs
 
-echo '21    21    *    *    mon    root    /usr/sbin/aide --check &>/dev/null' >> /etc/crontab
+echo '21    21    *    *    mon    root    {{{ aide_bin_path }}} --check &>/dev/null' >> /etc/crontab

linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/tests/crontab_yearly.fail.sh

@@ -4,4 +4,4 @@
 # aide installs automatically a file that is periodically run on /etc/cron.daily/aide
 rm -f /etc/cron.daily/aide
 
-echo '21    21    1    2    *    root    /usr/sbin/aide --check &>/dev/null' >> /etc/crontab
+echo '21    21    1    2    *    root    {{{ aide_bin_path }}} --check &>/dev/null' >> /etc/crontab

linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/policy/stig/shared.yml

@@ -19,7 +19,7 @@ checktext: |-
     To determine that periodic AIDE execution has been scheduled, run the following command:
      $ grep aide /etc/crontab
     The output should return something similar to the following:
-     05 4 * * * root /usr/sbin/aide --check | /bin/mail -s "$(hostname) - AIDE Integrity Check" root@localhost
+     05 4 * * * root {{{ aide_bin_path }}} --check | /bin/mail -s "$(hostname) - AIDE Integrity Check" root@localhost
     The email address that the notifications are sent to can be changed by overriding
      root@localhost .
 
@@ -33,4 +33,4 @@ fixtext: |-
     $ sudo more /etc/cron.daily/aide
 
     #!/bin/bash
-    /usr/sbin/aide --check | /bin/mail -s "$HOSTNAME - Daily aide integrity check run" root@sysname.mil
+    {{{ aide_bin_path }}} --check | /bin/mail -s "$HOSTNAME - Daily aide integrity check run" root@sysname.mil

linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/rule.yml

@@ -9,7 +9,7 @@ description: |-
     following line to the existing AIDE line:
     <pre> | /bin/mail -s "$(hostname) - AIDE Integrity Check" root@localhost</pre>
     Otherwise, add the following line to <tt>/etc/crontab</tt>:
-    <pre>05 4 * * * root /usr/sbin/aide --check | /bin/mail -s "$(hostname) - AIDE Integrity Check" root@localhost</pre>
+    <pre>05 4 * * * root {{{ aide_bin_path }}} --check | /bin/mail -s "$(hostname) - AIDE Integrity Check" root@localhost</pre>
     AIDE can be executed periodically through other means; this is merely one example.
 
 rationale: |-
@@ -64,7 +64,7 @@ ocil: |-
 {{% else %}}
     <pre>$ grep aide /etc/crontab</pre>
     The output should return something similar to the following:
-    <pre>05 4 * * * root /usr/sbin/aide --check | /bin/mail -s "$(hostname) - AIDE Integrity Check" root@localhost</pre>
+    <pre>05 4 * * * root {{{ aide_bin_path }}} --check | /bin/mail -s "$(hostname) - AIDE Integrity Check" root@localhost</pre>
     The email address that the notifications are sent to can be changed by overriding
     <pre><sub idref="var_aide_scan_notification_email" /></pre>.
 {{% endif %}}
@@ -88,7 +88,7 @@ fixtext: |-
 
     #!/bin/bash
 
-    /usr/sbin/aide --check | /bin/mail -s "$HOSTNAME - Daily aide integrity check run" root@sysname.mil
+    {{{ aide_bin_path }}} --check | /bin/mail -s "$HOSTNAME - Daily aide integrity check run" root@sysname.mil
 {{% endif %}}
 
 srg_requirement: |-

linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/tests/cron_weekly_configured.pass.sh

@@ -2,4 +2,4 @@
 # packages = aide,crontabs
 
 # configured in crontab
-echo '0 5 * * * root /usr/sbin/aide  --check | /bin/mail -s "Automatus - AIDE Integrity Check" admin@automatus' > /etc/cron.weekly/aidescan
+echo '0 5 * * * root {{{ aide_bin_path }}}  --check | /bin/mail -s "Automatus - AIDE Integrity Check" admin@automatus' > /etc/cron.weekly/aidescan

linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/tests/crontab_configured.pass.sh

@@ -2,4 +2,4 @@
 # packages = aide,crontabs
 
 # configured in crontab
-echo '0 5 * * * root /usr/sbin/aide  --check | /bin/mail -s "Automatus - AIDE Integrity Check" admin@automatus' >> /etc/crontab
+echo '0 5 * * * root {{{ aide_bin_path }}}  --check | /bin/mail -s "Automatus - AIDE Integrity Check" admin@automatus' >> /etc/crontab

linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/tests/crontab_just_periodic_checking.fail.sh

@@ -2,4 +2,4 @@
 # packages = aide,crontabs
 
 # configured in crontab
-echo '0 5 * * * root /usr/sbin/aide  --check' >> /etc/crontab
+echo '0 5 * * * root {{{ aide_bin_path }}}  --check' >> /etc/crontab

linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/tests/var_cron_configured.pass.sh

@@ -2,4 +2,4 @@
 # packages = aide,cronie
 
 # configured in crontab
-echo '0 5 * * * root /usr/sbin/aide  --check | /bin/mail -s "Automatus - AIDE Integrity Check" admin@automatus' >> /var/spool/cron/root
+echo '0 5 * * * root {{{ aide_bin_path }}}  --check | /bin/mail -s "Automatus - AIDE Integrity Check" admin@automatus' >> /var/spool/cron/root

products/sle15/profiles/stig.profile

@@ -71,6 +71,7 @@ selections:
     - agent_mfetpd_running
     - aide_build_database
     - aide_check_audit_tools
+    - aide_periodic_cron_checking
     - aide_scan_notification
     - aide_verify_acls
     - aide_verify_ext_attributes