aide_cron_check immediately modifies monitored files after aide_init

[bparry02]

On a brand-new system that has not yet configured aide, if applying the aide role with both aide_init and aide_cron_check set to true, the following events occur:

1. The aide database is initialized, recording the state of /etc/crontab
2. The /etc/crontab file is modified

This causes the role to leave the system in a state where aide --check would flag the modification to /etc/crontab.

Consider moving the tasks to edit the /etc/crontab file before any tasks that create or update the aide database.

A workaround would be to run the aide role once with only aide_cron_check set to true, then run it again with both aide_init and aide_cron_check set to true, but this is not ideal.

[richm]

@Cropi Looking at the current role, it performs tasks in this order (if the appropriate flags are set e.g. the role won't do aide --update unless aide_update: true: https://github.com/linux-system-roles/aide/blob/main/tasks/main.yml

• aide --init - https://github.com/linux-system-roles/aide/blob/main/tasks/main.yml#L45
• fetch new aide db - https://github.com/linux-system-roles/aide/blob/main/tasks/main.yml#L70
• aide --check - https://github.com/linux-system-roles/aide/blob/main/tasks/main.yml#L83
• aide --update - https://github.com/linux-system-roles/aide/blob/main/tasks/main.yml#L101
• manage crontab file

Does this seem right? Seems like managing the crontab can be moved to be the first task, and aide --check should be the last?