From 88ffe32137c841e4c1d63f9d7020aaa81026edc3 Mon Sep 17 00:00:00 2001 From: Ionut Pruteanu Date: Wed, 20 Dec 2023 21:58:49 +0200 Subject: [PATCH] Storing max_log_file under `rhel9cis_auditd` dict variable. Signed-off-by: Ionut Pruteanu --- defaults/main.yml | 11 ++--------- tasks/section_4/cis_4.1.2.x.yml | 2 +- 2 files changed, 3 insertions(+), 10 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 0bc0137..39d8691 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -525,26 +525,19 @@ rhel9cis_auditd: space_left_action: email action_mail_acct: root admin_space_left_action: halt + # The max_log_file parameter should be based on your sites policy. + max_log_file: 10 max_log_file_action: keep_logs # The audit_back_log_limit value should never be below 8192 rhel9cis_audit_back_log_limit: 8192 -# The max_log_file parameter should be based on your sites policy -rhel9cis_max_log_file_size: 10 - ### 4.1.3.x audit template update_audit_template: false ## Advanced option found in auditd post rhel9cis_allow_auditd_uid_user_exclusions: false -# This can be used to configure other keys in auditd.conf -rhel9cis_auditd_extra_conf: {} -# Example: -# rhel9cis_auditd_extra_conf: -# admin_space_left: '10%' - ## Preferred method of logging ## Whether rsyslog or journald preferred method for local logging ## Affects rsyslog cis 4.2.1.3 and journald cis 4.2.2.5 diff --git a/tasks/section_4/cis_4.1.2.x.yml b/tasks/section_4/cis_4.1.2.x.yml index b830b1f..f235493 100644 --- a/tasks/section_4/cis_4.1.2.x.yml +++ b/tasks/section_4/cis_4.1.2.x.yml @@ -4,7 +4,7 @@ ansible.builtin.lineinfile: path: /etc/audit/auditd.conf regexp: "^max_log_file( |=)" - line: "max_log_file = {{ rhel9cis_max_log_file_size }}" + line: "max_log_file = {{ rhel9cis_auditd['max_log_file'] }}" notify: Restart auditd when: - rhel9cis_rule_4_1_2_1