Idempotence

P4T12ICK · P4T12ICK · commit 11cd8afe9478 · 2025-12-15T09:36:37.000+01:00
diff --git a/tasks/install_art.yml b/tasks/install_art.yml
@@ -1,5 +1,11 @@
 ---
 
+- name: Check if Atomic Red Team is already installed
+  become: true
+  stat:
+    path: /opt/AtomicRedTeam
+  register: art_installed
+
 - name: Install Atomic Red Team
   become: true
   shell: |
@@ -8,6 +14,7 @@
     IEX (IWR https://raw.githubusercontent.com/redcanaryco/invoke-atomicredteam/master/install-atomicredteam.ps1); 
     Install-AtomicRedTeam -Force'
   register: output_art
+  when: not art_installed.stat.exists | default(false)
 
 - name: create directory for default powershell profile
   file: 
diff --git a/tasks/install_osquery_linux.yml b/tasks/install_osquery_linux.yml
@@ -21,6 +21,12 @@
   stat: path=/etc/init.d/osqueryd
   register: service_status 
 
+- name: Check if osquery is already installed
+  become: true
+  stat:
+    path: /usr/bin/osqueryd
+  register: osquery_installed
+
 - name: is osquery service exist? if yes stop it!
   become: true
   service: 
@@ -31,10 +37,13 @@
 - name: run osquery_install.sh
   become: true
   command: sh /tmp/osquery_install.sh
+  when: not osquery_installed.stat.exists | default(false)
 
 - name: clean the script
   become: true
-  command: rm /tmp/osquery_install.sh
+  file:
+    path: /tmp/osquery_install.sh
+    state: absent
 
 - name: copy template.osquery.conf
   become: true
@@ -74,7 +83,11 @@
 
 - name: make /var/log/osquery dir accessible to everyone (rwx)
   become: true
-  command: chmod a+rwx /var/log/osquery -R
+  file:
+    path: /var/log/osquery
+    state: directory
+    mode: '0777'
+    recurse: yes
 
 - name: Create folder directory for inputs configuration
   become: true
diff --git a/tasks/install_sysmon_linux.yml b/tasks/install_sysmon_linux.yml
@@ -5,6 +5,7 @@
   become: true
   ansible.builtin.shell: lsb_release -rs
   register: result
+  changed_when: false
 
 - name: add the microsoft repo
   become: true
@@ -37,9 +38,16 @@
     src: "SysMonLinux-CatchAll.xml"
     dest: "/tmp/SysMonLinux-CatchAll.xml"
 
+- name: Check if sysmon is already configured
+  become: true
+  stat:
+    path: /etc/sysmon/sysmon.xml
+  register: sysmon_configured
+
 - name: launch with config
   become: true
   ansible.builtin.shell: sysmon -accepteula -i /tmp/SysMonLinux-CatchAll.xml
+  when: not sysmon_configured.stat.exists | default(false)
 
 - name: install powershell
   become: true
diff --git a/tasks/install_universal_forwarder.yml b/tasks/install_universal_forwarder.yml
@@ -28,9 +28,17 @@
     mode: '0644'
     force: yes
 
+- name: Check if splunk is already configured
+  become: true
+  stat:
+    path: /opt/splunkforwarder/etc/.ui_login
+  register: splunk_configured
+
 - name: splunk license acceptance
   become: true
   shell: sudo -u splunkfwd /opt/splunkforwarder/bin/splunk start --accept-license --answer-yes --no-prompt --seed-passwd {{ ludus_ar_linux_splunk_password }}
+  when: not splunk_configured.stat.exists | default(false)
+  changed_when: false
 
 - name: Stop splunk uf
   become: true
