diff --git a/defaults/main.yml b/defaults/main.yml index ff21216..decf352 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -528,26 +528,30 @@ rhel9cis_auditd: space_left_action: email action_mail_acct: root admin_space_left_action: halt + # The max_log_file parameter should be based on your sites policy. + max_log_file: 10 max_log_file_action: keep_logs +# This value governs if the below extra-vars for auditd should be used by the role +rhel9cis_auditd_extra_conf_usage: false + +# This can be used to configure other keys in auditd.conf +# Example: +# rhel9cis_auditd_extra_conf: +# admin_space_left: '10%' +rhel9cis_auditd_extra_conf: + admin_space_left: 50 + space_left: 75 + # The audit_back_log_limit value should never be below 8192 rhel9cis_audit_back_log_limit: 8192 -# The max_log_file parameter should be based on your sites policy -rhel9cis_max_log_file_size: 10 - ### 4.1.3.x audit template update_audit_template: false ## Advanced option found in auditd post rhel9cis_allow_auditd_uid_user_exclusions: false -# This can be used to configure other keys in auditd.conf -rhel9cis_auditd_extra_conf: {} -# Example: -# rhel9cis_auditd_extra_conf: -# admin_space_left: '10%' - ## Preferred method of logging ## Whether rsyslog or journald preferred method for local logging ## Affects rsyslog cis 4.2.1.3 and journald cis 4.2.2.5 diff --git a/tasks/section_4/cis_4.1.2.x.yml b/tasks/section_4/cis_4.1.2.x.yml index b830b1f..8370114 100644 --- a/tasks/section_4/cis_4.1.2.x.yml +++ b/tasks/section_4/cis_4.1.2.x.yml @@ -4,7 +4,7 @@ ansible.builtin.lineinfile: path: /etc/audit/auditd.conf regexp: "^max_log_file( |=)" - line: "max_log_file = {{ rhel9cis_max_log_file_size }}" + line: "max_log_file = {{ rhel9cis_auditd['max_log_file'] }}" notify: Restart auditd when: - rhel9cis_rule_4_1_2_1 @@ -58,6 +58,7 @@ notify: Restart auditd when: - rhel9cis_auditd_extra_conf.keys() | length > 0 + - rhel9cis_auditd_extra_conf_usage tags: - level2-server - level2-workstation