section 4 updates

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
2023-01-12 11:38:53 +00:00 · 2023-01-12 11:38:53 +00:00 · e62e5630b4
commit e62e5630b4
parent 95ad5fac9d
10 changed files with 413 additions and 270 deletions
--- a/tasks/section_4/cis_4.3.yml
+++ b/tasks/section_4/cis_4.3.yml
@ -1,43 +1,25 @@
 ---

- name: "4.3.1 | PATCH | Ensure logrotate is installed"
-  package:
-      name: rsyslog-logrotate
-      state: present
-  when:
-      - rhel9cis_rule_4_3_1
-  tags:
-      - level1-server
-      - level1-workstation
-      - manual
-      - patch
-      - logrotate
-      - rule_4.3.1
-
- name: "4.3.2 | PATCH | Ensure logrotate is running and enabled"
-  systemd:
-      name: logrotate.timer
-      state: started
-      enabled: true
-  when:
-      - rhel9cis_rule_4_3_2
-  tags:
-      - level1-server
-      - level1-workstation
-      - manual
-      - patch
-      - logrotate
-      - rule_4.3.2
-
- name: "4.3.3 | PATCH | Ensure logrotate is configured"
+- name: "4.3 | PATCH | Ensure logrotate is configured"
  block:
-      - name: "4.3.3 | AUDIT | Ensure logrotate is configured | Get logrotate settings"
-        find:
+      - name: "4.3 | PATCH | Ensure logrotate is configured | installed"
+        ansible.builtin.package:
+            name: rsyslog-logrotate
+            state: present
+
+      - name: "4.3.2 | PATCH | Ensure logrotate is configured | scheduled"
+        ansible.builtin.systemd:
+            name: logrotate.timer
+            state: started
+            enabled: true
+
+      - name: "4.3 | AUDIT | Ensure logrotate is configured | Get logrotate settings"
+        ansible.builtin.find:
            paths: /etc/logrotate.d/
        register: log_rotates

-      - name: "4.3.3 | PATCH | Ensure logrotate is configured"
-        replace:
+      - name: "4.3 | PATCH | Ensure logrotate is configured"
+        ansible.builtin.replace:
            path: "{{ item.path }}"
            regexp: '^(\s*)(daily|weekly|monthly|yearly)$'
            replace: "\\1{{ rhel9cis_logrotate }}"
@ -47,11 +29,11 @@
        loop_control:
            label: "{{ item.path }}"
  when:
-      - rhel9cis_rule_4_3_3
+      - rhel9cis_rule_4_3
  tags:
      - level1-server
      - level1-workstation
      - manual
      - patch
      - logrotate
-      - rule_4.3.3
+      - rule_4.3.1