sr2/RHEL9-CIS
4
0
Fork 0
forked from ansible-lockdown/RHEL9-CIS
Code Activity

Updated rsyslog server variable

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2023-01-19 14:51:30 +00:00
parent 999d7b5b1e
commit 499b67ceb2
No known key found for this signature in database
GPG key ID: 1DE02A772D0908F9
3 changed files with 13 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

4
defaults/main.yml
View file

@ -530,12 +530,14 @@ rhel9cis_syslog: rsyslog
rhel9cis_rsyslog_ansiblemanaged: true rhel9cis_rsyslog_ansiblemanaged: true
#### 4.2.1.6 remote and destation log server name #### 4.2.1.6 remote and destation log server name
rhel9cis_remote_log_server: logagg.example.com rhel9cis_remote_log_server: false
rhel9cis_remote_log_host: logagg.example.com
rhel9cis_remote_log_port: 514 rhel9cis_remote_log_port: 514
rhel9cis_remote_log_protocol: tcp rhel9cis_remote_log_protocol: tcp
rhel9cis_remote_log_retrycount: 100 rhel9cis_remote_log_retrycount: 100
rhel9cis_remote_log_queuesize: 1000 rhel9cis_remote_log_queuesize: 1000
#### 4.2.1.7 #### 4.2.1.7
rhel9cis_system_is_log_server: false rhel9cis_system_is_log_server: false

2
tasks/section_4/cis_4.2.1.x.yml
View file

@ -165,7 +165,7 @@
state: present state: present
block: | block: |
# target can be IP or FQDN # target can be IP or FQDN
*.* action(type="omfwd" target="{{ rhel9cis_remote_log_server }}" port="{{ rhel9cis_remote_log_port }}" protocol="{{ rhel9cis_remote_log_protocol }}" action.resumeRetryCount="{{ rhel9cis_remote_log_retrycount }}" queue.type="LinkedList" queue.size="{{ rhel9cis_remote_log_queuesize }}") *.* action(type="omfwd" target="{{ rhel9cis_remote_log_host }}" port="{{ rhel9cis_remote_log_port }}" protocol="{{ rhel9cis_remote_log_protocol }}" action.resumeRetryCount="{{ rhel9cis_remote_log_retrycount }}" queue.type="LinkedList" queue.size="{{ rhel9cis_remote_log_queuesize }}")
insertafter: EOF insertafter: EOF
register: result register: result
failed_when: failed_when:

10
templates/ansible_vars_goss.yml.j2
View file

@ -448,8 +448,16 @@ rhel9cis_nft_tables_autochaincreate: {{ rhel9cis_nft_tables_autochaincreate }}
# Section 4 # Section 4
## Set if server is logserver ## Set if host is a logserver
rhel9cis_remote_log_server: {{ rhel9cis_remote_log_server }} rhel9cis_remote_log_server: {{ rhel9cis_remote_log_server }}
# Remote logserver settings
rhel9cis_remote_log_host: {{ rhel9cis_remote_log_host }}
rhel9cis_remote_log_port: {{ rhel9cis_remote_log_port }}
rhel9cis_remote_log_protocol: {{ rhel9cis_remote_log_protocol }}
rhel9cis_remote_log_retrycount: {{ rhel9cis_remote_log_retrycount }}
rhel9cis_remote_log_queuesize: {{ rhel9cis_remote_log_queuesize }}
## syslog ## syslog
rhel9cis_syslog: {{ rhel9cis_syslog }} rhel9cis_syslog: {{ rhel9cis_syslog }}