From de47c63145d871e2b87a62e3854643fa480303f1 Mon Sep 17 00:00:00 2001
From: Mark Bolwell <mark.bollyuk@gmail.com>
Date: Tue, 10 Dec 2024 12:22:34 +0000
Subject: [PATCH] Updated auditd handler

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
---
 handlers/main.yml | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/handlers/main.yml b/handlers/main.yml
index 767ce90..0a462f7 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -250,10 +250,15 @@
     msg: "Reboot required for auditd to apply new rules as immutable set"
   notify: Set_reboot_required
 
-- name: Restart auditd
-  when: discovered_audit_rules_updated is defined
-  tags: skip_ansible_lint
-  ansible.builtin.shell: service auditd restart
+- name: Stop auditd process
+  ansible.builtin.shell: systemctl kill auditd
+  listen: Restart auditd
+
+- name: Start auditd process
+  ansible.builtin.systemd_service:
+    name: auditd
+    state: started
+  listen: Restart auditd
 
 - name: Restart sshd
   ansible.builtin.systemd: