logrotate changes reflected

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
2025-12-25 14:43:06 +00:00 · 2022-04-11 17:39:13 +01:00 · 2022-04-11 17:39:13 +01:00 · 2a421fcea6
commit 2a421fcea6
parent 4bd971fdcd
1 changed files with 34 additions and 5 deletions
--- a/tasks/section_4/cis_4.3.yml
+++ b/tasks/section_4/cis_4.3.yml
@ -1,13 +1,42 @@
 ---

- name: "4.3 | PATCH | Ensure logrotate is configured"
+- name: "4.3.1 | PATCH | Ensure logrotate is installed"
+  package:
+    name: rsyslog-logrotate
+    state: present
+  when:
+      - rhel9cis_rule_4_3_1
+  tags:
+      - level1-server
+      - level1-workstation
+      - manual
+      - patch
+      - logrotate
+      - rule_4.3.1
+
+- name: "4.3.2 | PATCH | Ensure logrotate is running and enabled"
+  systemd:
+    name: rsyslog-logrotate
+    state: started
+    enabled: true
+  when:
+      - rhel9cis_rule_4_3_2
+  tags:
+      - level1-server
+      - level1-workstation
+      - manual
+      - patch
+      - logrotate
+      - rule_4.3.2
+
+- name: "4.3.3 | PATCH | Ensure logrotate is configured"
  block:
-      - name: "4.3 | AUDIT | Ensure logrotate is configured | Get logrotate settings"
+      - name: "4.3.3 | AUDIT | Ensure logrotate is configured | Get logrotate settings"
        find:
            paths: /etc/logrotate.d/
        register: log_rotates

-      - name: "4.3 | PATCH | Ensure logrotate is configured"
+      - name: "4.3.3 | PATCH | Ensure logrotate is configured"
        replace:
            path: "{{ item.path }}"
            regexp: '^(\s*)(daily|weekly|monthly|yearly)$'
@ -18,11 +47,11 @@
        loop_control:
            label: "{{ item.path }}"
  when:
-      - rhel9cis_rule_4_3
+      - rhel9cis_rule_4_3_3
  tags:
      - level1-server
      - level1-workstation
      - manual
      - patch
      - logrotate
-      - rule_4.3
+      - rule_4.3.3