Fix AIDE Database option deprecation

linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/ansible/debian.yml

@@ -9,14 +9,14 @@
     name: aide
     state: present
 
-- name: "{{{ rule_title }}} - Check if DB Path in /etc/aide/aide.conf Is Already Set"
+- name: "{{{ rule_title }}} - Check if DB In Path in /etc/aide/aide.conf Is Already Set"
   ansible.builtin.lineinfile:
     path: /etc/aide/aide.conf
-    regexp: ^#?(\s*)(database=)(.*)$
+    regexp: ^#?(\s*)({{ aide_db_in_key }}=)(.*)$
     state: absent
   check_mode: true
   changed_when: false
-  register: database_replace
+  register: database_in_replace
 
 - name: "{{{ rule_title }}} - Check if DB Out Path in /etc/aide/aide.conf Is Already Set"
   ansible.builtin.lineinfile:
@@ -27,13 +27,13 @@
   changed_when: false
   register: database_out_replace
 
-- name: "{{{ rule_title }}} - Fix DB Path in Config File if Necessary"
+- name: "{{{ rule_title }}} - Fix DB In Path in Config File if Necessary"
   ansible.builtin.lineinfile:
     path: /etc/aide/aide.conf
-    regexp: ^#?(\s*)(database)(\s*)=(\s*)(.*)$
+    regexp: ^#?(\s*)({{ aide_db_in_key }})(\s*)=(\s*)(.*)$
     line: \2\3=\4file:/var/lib/aide/aide.db
     backrefs: true
-  when: database_replace.found > 0
+  when: database_in_replace.found > 0
 
 - name: "{{{ rule_title }}} - Fix DB Out Path in Config File if Necessary"
   ansible.builtin.lineinfile:
@@ -43,14 +43,14 @@
     backrefs: true
   when: database_out_replace.found > 0
 
-- name: "{{{ rule_title }}} - Ensure the Default DB Path is Added"
+- name: "{{{ rule_title }}} - Ensure the Default DB In Path is Added"
   ansible.builtin.lineinfile:
     path: /etc/aide/aide.conf
-    line: database=file:/var/lib/aide/aide.db
+    line: "{{ aide_db_in_key }}=file:/var/lib/aide/aide.db"
     create: true
-  when: database_replace.found == 0
+  when: database_in_replace.found == 0
 
-- name: "{{{ rule_title }}} - Ensure the Default Out Path is Added"
+- name: "{{{ rule_title }}} - Ensure the Default DB Out Path is Added"
   ansible.builtin.lineinfile:
     path: /etc/aide/aide.conf
     line: database_out=file:/var/lib/aide/aide.db.new

linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/ansible/shared.yml

@@ -26,6 +26,15 @@
   with_items:
     - aide
 
+- name: "{{{ rule_title }}} - Gather AIDE Package Facts"
+  ansible.builtin.package_facts:
+    manager: auto
+    filter: aide
+
+- name: "{{{ rule_title }}} - Set AIDE DB Key"
+  ansible.builtin.set_fact:
+    aide_db_in_key: "{{ 'database_in' if (ansible_facts.packages['aide'][0].version is version('0.17', '>=')) else 'database' }}"
+
 - name: "{{{ rule_title }}} - Check Whether the Stock AIDE Database Exists"
   ansible.builtin.stat:
      path: {{{ aide_stage_src }}}

linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/ansible/ubuntu.yml

@@ -9,14 +9,14 @@
     name: aide
     state: present
 
-- name: "{{{ rule_title }}} - Check if DB Path in /etc/aide/aide.conf Is Already Set"
+- name: "{{{ rule_title }}} - Check if DB In Path in /etc/aide/aide.conf Is Already Set"
   ansible.builtin.lineinfile:
     path: /etc/aide/aide.conf
-    regexp: ^#?(\s*)(database=)(.*)$
+    regexp: ^#?(\s*)({{ aide_db_in_key }}=)(.*)$
     state: absent
   check_mode: true
   changed_when: false
-  register: database_replace
+  register: database_in_replace
 
 - name: "{{{ rule_title }}} - Check if DB Out Path in /etc/aide/aide.conf Is Already Set"
   ansible.builtin.lineinfile:
@@ -27,13 +27,13 @@
   changed_when: false
   register: database_out_replace
 
-- name: "{{{ rule_title }}} - Fix DB Path in Config File if Necessary"
+- name: "{{{ rule_title }}} - Fix DB In Path in Config File if Necessary"
   ansible.builtin.lineinfile:
     path: /etc/aide/aide.conf
-    regexp: ^#?(\s*)(database)(\s*)=(\s*)(.*)$
+    regexp: ^#?(\s*)({{ aide_db_in_key }})(\s*)=(\s*)(.*)$
     line: \2\3=\4file:/var/lib/aide/aide.db
     backrefs: true
-  when: database_replace.found > 0
+  when: database_in_replace.found > 0
 
 - name: "{{{ rule_title }}} - Fix DB Out Path in Config File if Necessary"
   ansible.builtin.lineinfile:
@@ -43,14 +43,14 @@
     backrefs: true
   when: database_out_replace.found > 0
 
-- name: "{{{ rule_title }}} - Ensure the Default DB Path is Added"
+- name: "{{{ rule_title }}} - Ensure the Default DB In Path is Added"
   ansible.builtin.lineinfile:
     path: /etc/aide/aide.conf
-    line: database=file:/var/lib/aide/aide.db
+    line: "{{ aide_db_in_key }}=file:/var/lib/aide/aide.db"
     create: true
-  when: database_replace.found == 0
+  when: database_in_replace.found == 0
 
-- name: "{{{ rule_title }}} - Ensure the Default Out Path is Added"
+- name: "{{{ rule_title }}} - Ensure the Default DB Out Path is Added"
   ansible.builtin.lineinfile:
     path: /etc/aide/aide.conf
     line: database_out=file:/var/lib/aide/aide.db.new

linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/bash/debian.sh

@@ -2,21 +2,21 @@
 
 {{{ bash_package_install("aide") }}}
 
+AIDE_VERSION=$(aide -v | grep -oP 'aide \K[0-9]+\.[0-9]+')
+if [ "$(echo "$AIDE_VERSION >= 0.17" | bc -l)" -eq 1 ]; then
+    AIDE_DB__KEY="database_in"
+else
+    AIDE_DB_IN_KEY="database"
+fi
 AIDE_CONFIG=/etc/aide/aide.conf
 DEFAULT_DB_PATH=/var/lib/aide/aide.db
 
 # Fix db path in the config file, if necessary
-{{% if product == 'debian13' %}}
-if ! grep -q '^database_in=file:' ${AIDE_CONFIG}; then
-    echo "database_in=file:${DEFAULT_DB_PATH}" >> ${AIDE_CONFIG}
-fi
-{{% else %}}
-if ! grep -q '^database=file:' ${AIDE_CONFIG}; then
+if ! grep -q "^${AIDE_DB_IN_KEY}=file:" ${AIDE_CONFIG}; then
     # replace_or_append gets confused by 'database=file' as a key, so should not be used.
     #replace_or_append "${AIDE_CONFIG}" '^database=file' "${DEFAULT_DB_PATH}" '@CCENUM@' '%s:%s'
-    echo "database=file:${DEFAULT_DB_PATH}" >> ${AIDE_CONFIG}
+    echo "${AIDE_DB_IN_KEY}=file:${DEFAULT_DB_PATH}" >> ${AIDE_CONFIG}
 fi
-{{% endif %}}
 
 # Fix db out path in the config file, if necessary
 if ! grep -q '^database_out=file:' ${AIDE_CONFIG}; then

linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/bash/ubuntu.sh

@@ -2,14 +2,20 @@
 
 {{{ bash_package_install("aide") }}}
 
+AIDE_VERSION=$(aide -v | grep -oP 'aide \K[0-9]+\.[0-9]+')
+if [ "$(echo "$AIDE_VERSION >= 0.17" | bc -l)" -eq 1 ]; then
+    AIDE_DB__KEY="database_in"
+else
+    AIDE_DB_IN_KEY="database"
+fi
 AIDE_CONFIG=/etc/aide/aide.conf
 DEFAULT_DB_PATH=/var/lib/aide/aide.db
 
 # Fix db path in the config file, if necessary
-if ! grep -q '^database=file:' ${AIDE_CONFIG}; then
+if ! grep -q "^${AIDE_DB_IN_KEY}=file:" ${AIDE_CONFIG}; then
     # replace_or_append gets confused by 'database=file' as a key, so should not be used.
     #replace_or_append "${AIDE_CONFIG}" '^database=file' "${DEFAULT_DB_PATH}" '@CCENUM@' '%s:%s'
-    echo "database=file:${DEFAULT_DB_PATH}" >> ${AIDE_CONFIG}
+    echo "${AIDE_DB_IN_KEY}=file:${DEFAULT_DB_PATH}" >> ${AIDE_CONFIG}
 fi
 
 # Fix db out path in the config file, if necessary

linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/oval/debian.xml

@@ -39,11 +39,7 @@
   <!-- OVAL object to collect filename for Aide build database -->
   <ind:textfilecontent54_object id="object_aide_operational_database_filepath" version="1">
     <ind:filepath>/etc/aide/aide.conf</ind:filepath>
-    {{% if product == "debian13" %}}
-    <ind:pattern operation="pattern match">^database_in=file:(?:@@{DBDIR}/)?([a-z./]+)$</ind:pattern>
-    {{% else %}}
-    <ind:pattern operation="pattern match">^database=file:(?:@@{DBDIR}/)?([a-z./]+)$</ind:pattern>
-    {{% endif %}}
+    <ind:pattern operation="pattern match">^database(?:_in)?=file:(?:@@{DBDIR}/)?([a-z./]+)$</ind:pattern>
     <!-- From aide.conf(5) - "If there are multiple database lines, then the first one is used" =>
                   therefore we will retrieve only the first instance -->
     <ind:instance operation="equals" datatype="int">1</ind:instance>

linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/oval/ubuntu.xml

@@ -39,7 +39,7 @@
   <!-- OVAL object to collect filename for Aide build database -->
   <ind:textfilecontent54_object id="object_aide_operational_database_filepath" version="1">
     <ind:filepath>/etc/aide/aide.conf</ind:filepath>
-    <ind:pattern operation="pattern match">^database=file:(?:@@{DBDIR}/)?([a-z./]+)$</ind:pattern>
+    <ind:pattern operation="pattern match">^database(?:_in)?=file:(?:@@{DBDIR}/)?([a-z./]+)$</ind:pattern>
     <!-- From aide.conf(5) - "If there are multiple database lines, then the first one is used" =>
                   therefore we will retrieve only the first instance -->
     <ind:instance operation="equals" datatype="int">1</ind:instance>

linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/tests/get_db_path_absolute.pass.sh

@@ -16,8 +16,10 @@ DB_CONF=/etc/aide.conf
 
 cp "$DB_PATH/$DB_NAME_NEW" "$DB_PATH/$DB_NAME"
 
-{{% if product in [ 'ol10', 'rhel10', 'fedora' ] %}}
-sed -i "s#^database_in=file:.*#database_in=file:$DB_PATH/$DB_NAME#" $DB_CONF
-{{% else %}}
-sed -i "s#^database=file:.*#database=file:$DB_PATH/$DB_NAME#" $DB_CONF
-{{% endif %}}
+AIDE_VERSION=$(aide -v | grep -oP 'aide \K[0-9]+\.[0-9]+')
+if [ "$(echo "$AIDE_VERSION >= 0.17" | bc -l)" -eq 1 ]; then
+    AIDE_DB__KEY="database_in"
+else
+    AIDE_DB_IN_KEY="database"
+fi
+sed -i "s#^$AIDE_DB_IN_KEY}=file:.*#${AIDE_DB_IN_KEY}=file:$DB_PATH/$DB_NAME#" $DB_CONF

linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/tests/get_db_path_dbdir.pass.sh

@@ -16,8 +16,11 @@ DB_CONF=/etc/aide.conf
 
 cp "$DB_PATH/$DB_NAME_NEW" "$DB_PATH/$DB_NAME"
 
-{{% if product in [ 'ol10', 'rhel10', 'fedora' ] %}}
-sed -i "s#^database_in=file:.*#database_in=file:@@{DBDIR}/$DB_NAME#" $DB_CONF
-{{% else %}}
-sed -i "s#^database=file:.*#database=file:@@{DBDIR}/$DB_NAME#" $DB_CONF
-{{% endif %}}
+
+AIDE_VERSION=$(aide -v | grep -oP 'aide \K[0-9]+\.[0-9]+')
+if [ "$(echo "$AIDE_VERSION >= 0.17" | bc -l)" -eq 1 ]; then
+    AIDE_DB__KEY="database_in"
+else
+    AIDE_DB_IN_KEY="database"
+fi
+sed -i "s#^${AIDE_DB_IN_KEY}=file:.*#${AIDE_DB_IN_KEY}=file:@@{DBDIR}/$DB_NAME#" $DB_CONF