sr2/RHEL9-CIS
4
0
Fork 0
forked from ansible-lockdown/RHEL9-CIS
Code Activity

logrotate changes reflected

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2022-04-11 17:39:13 +01:00
parent 4bd971fdcd
commit 2a421fcea6
No known key found for this signature in database
GPG key ID: F734FDFC154B83FB
1 changed files with 34 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

39
tasks/section_4/cis_4.3.yml
View file

@ -1,13 +1,42 @@
--- ---
- name: "4.3 | PATCH | Ensure logrotate is configured" - name: "4.3.1 | PATCH | Ensure logrotate is installed"
package:
name: rsyslog-logrotate
state: present
when:
- rhel9cis_rule_4_3_1
tags:
- level1-server
- level1-workstation
- manual
- patch
- logrotate
- rule_4.3.1
- name: "4.3.2 | PATCH | Ensure logrotate is running and enabled"
systemd:
name: rsyslog-logrotate
state: started
enabled: true
when:
- rhel9cis_rule_4_3_2
tags:
- level1-server
- level1-workstation
- manual
- patch
- logrotate
- rule_4.3.2
- name: "4.3.3 | PATCH | Ensure logrotate is configured"
block: block:
- name: "4.3 | AUDIT | Ensure logrotate is configured | Get logrotate settings" - name: "4.3.3 | AUDIT | Ensure logrotate is configured | Get logrotate settings"
find: find:
paths: /etc/logrotate.d/ paths: /etc/logrotate.d/
register: log_rotates register: log_rotates
- name: "4.3 | PATCH | Ensure logrotate is configured" - name: "4.3.3 | PATCH | Ensure logrotate is configured"
replace: replace:
path: "{{ item.path }}" path: "{{ item.path }}"
regexp: '^(\s*)(daily|weekly|monthly|yearly)$' regexp: '^(\s*)(daily|weekly|monthly|yearly)$'
@ -18,11 +47,11 @@
loop_control: loop_control:
label: "{{ item.path }}" label: "{{ item.path }}"
when: when:
- rhel9cis_rule_4_3 - rhel9cis_rule_4_3_3
tags: tags:
- level1-server - level1-server
- level1-workstation - level1-workstation
- manual - manual
- patch - patch
- logrotate - logrotate
- rule_4.3 - rule_4.3.3