---

- name: "4.3 | PATCH | Ensure logrotate is configured"
  block:
      - name: "4.3 | PATCH | Ensure logrotate is configured | installed"
        ansible.builtin.package:
            name: rsyslog-logrotate
            state: present

      - name: "4.3.2 | PATCH | Ensure logrotate is configured | scheduled"
        ansible.builtin.systemd:
            name: logrotate.timer
            state: started
            enabled: true

      - name: "4.3 | AUDIT | Ensure logrotate is configured | Get logrotate settings"
        ansible.builtin.find:
            paths: /etc/logrotate.d/
        register: log_rotates

      - name: "4.3 | PATCH | Ensure logrotate is configured"
        ansible.builtin.replace:
            path: "{{ item.path }}"
            regexp: '^(\s*)(daily|weekly|monthly|yearly)$'
            replace: "\\1{{ rhel9cis_logrotate }}"
        with_items:
            - "{{ log_rotates.files }}"
            - { path: "/etc/logrotate.conf" }
        loop_control:
            label: "{{ item.path }}"
  when:
      - rhel9cis_rule_4_3
  tags:
      - level1-server
      - level1-workstation
      - manual
      - patch
      - logrotate
      - rule_4.3.1