From d1d38d672a3a98d50e8377b63675be07108b377a Mon Sep 17 00:00:00 2001
From: irl <iain@learmonth.me>
Date: Mon, 22 Dec 2025 11:04:08 +0000
Subject: [PATCH] feat(baseline): rotate auditd logs until a plan is in place
 to archive them

---
 roles/baseline/tasks/lockdown.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/roles/baseline/tasks/lockdown.yml b/roles/baseline/tasks/lockdown.yml
index 7180720..e47a3b1 100644
--- a/roles/baseline/tasks/lockdown.yml
+++ b/roles/baseline/tasks/lockdown.yml
@@ -32,4 +32,5 @@
     # ipaservers are part of Linux Identity Management. Joining your host to an IdM
     # domain automatically configures SSSD authentication on your host.
     rhel9cis_allow_authselect_updates: false
+    rhel9cis_auditd_max_log_file_action: rotate
   when: (ansible_distribution == "Rocky") and (ansible_distribution_major_version == "9")