---
- name: Install auditd
  apt:
    name:
      - auditd
      - audispd-plugins

- name: Configure auditd and auditsp
  template:
    src: "{{ item }}.j2"
    dest: "/etc/audit/{{ item }}"
    owner: root
    group: root
    mode: u=r,g=,o=
  loop:
    - auditd.conf
    - plugins.d/syslog.conf
    - plugins.d/au-remote.conf
    - plugins.d/af_unix.conf
    - plugins.d/audispd-zos-remote.conf
  notify: Restart auditd

- name: Configure auditd rules
  template:
    src: rules.d/audit.rules.j2
    dest: /etc/audit/rules.d/audit.rules
    owner: root
    group: root
    mode: u=r,g=,o=
  notify: Reload auditd rules

- name: Enable auditd
  systemd:
    name: auditd.service
    enabled: true
    state: started
...