ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-26 15:13:05 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

updated

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2022-03-30 16:18:11 +01:00
parent 398bc5bd0c
commit c6caa90059
No known key found for this signature in database
GPG key ID: F734FDFC154B83FB
36 changed files with 2584 additions and 2078 deletions
Download patch file Download diff file Expand all files Collapse all files

11
tasks/section_4/cis_4.3.yml
View file

@ -1,13 +1,13 @@
---
- name: "4.3 | L1 | PATCH | Ensure logrotate is configured"
- name: "4.3 | PATCH | Ensure logrotate is configured"
block:
- name: "4.3 | L1 | AUDIT | Ensure logrotate is configured | Get logrotate settings"
- name: "4.3 | AUDIT | Ensure logrotate is configured | Get logrotate settings"
find:
paths: /etc/logrotate.d/
register: log_rotates
- name: "4.3 | L1 | PATCH | Ensure logrotate is configured"
- name: "4.3 | PATCH | Ensure logrotate is configured"
replace:
path: "{{ item.path }}"
regexp: '^(\s*)(daily|weekly|monthly|yearly)$'
@ -15,11 +15,14 @@
with_items:
- "{{ log_rotates.files }}"
- { path: "/etc/logrotate.conf" }
loop_control:
label: "{{ item.path }}"
when:
- rhel9cis_rule_4_3
- "'logrotate' in ansible_facts.packages"
tags:
- level1-server
- level1-workstation
- manual
- patch
- logrotate
- rule_4.3