From d4177e98f6b96f7562a97188b0fcc5e317d724b1 Mon Sep 17 00:00:00 2001
From: "root@DERVISHx" <nuno.carvalho@siemens.com>
Date: Tue, 3 Oct 2023 16:28:15 +0100
Subject: [PATCH] 4.2.2.3/4 journald compress & persistent.

---
 tasks/section_4/cis_4.2.1.x.yml        | 16 ++++++++++++++++
 templates/etc/systemd/journald.conf.j2 |  7 +++++++
 2 files changed, 23 insertions(+)
 create mode 100644 templates/etc/systemd/journald.conf.j2

diff --git a/tasks/section_4/cis_4.2.1.x.yml b/tasks/section_4/cis_4.2.1.x.yml
index 10e0ac2..765ad98 100644
--- a/tasks/section_4/cis_4.2.1.x.yml
+++ b/tasks/section_4/cis_4.2.1.x.yml
@@ -214,3 +214,19 @@
       - patch
       - rsyslog
       - rule_4.2.1.7
+- name: "4.2.2.3/4 | PATCH | Ensure journald is configured to compress large log files into persistent storage."
+  ansible.builtin.template:
+      src: "etc/systemd/{{ item }}.j2"
+      dest: "/etc/systemd/{{ item }}"
+      owner: root
+      group: root
+      mode: '0644'
+  register: sysctl_updated
+  notify: Reload sysctl
+  loop:
+      - journald.conf
+  when:
+      - rhel9cis_sysctl_update
+      - not system_is_container
+      - "'procps-ng' in ansible_facts.packages"
+
diff --git a/templates/etc/systemd/journald.conf.j2 b/templates/etc/systemd/journald.conf.j2
new file mode 100644
index 0000000..ba4a17a
--- /dev/null
+++ b/templates/etc/systemd/journald.conf.j2
@@ -0,0 +1,7 @@
+# journald configure.
+
+{% if rhel9cis_rule_4_2_2_3 %}
+# CIS 4.2.2.3/4
+Compress=yes
+Storage=persistent 
+{% endif %}