From 235961e72d0411a5b754b09871081acf4e39527b Mon Sep 17 00:00:00 2001 From: Mark Bolwell Date: Wed, 26 Jan 2022 15:49:22 +0000 Subject: [PATCH 1/4] 4.2.4 logrotate update Signed-off-by: Mark Bolwell --- tasks/section_4/cis_4.2.x.yml | 28 +++++++++++++++++++++++++--- 1 file changed, 25 insertions(+), 3 deletions(-) diff --git a/tasks/section_4/cis_4.2.x.yml b/tasks/section_4/cis_4.2.x.yml index 8b60e241..3ec5fa3c 100644 --- a/tasks/section_4/cis_4.2.x.yml +++ b/tasks/section_4/cis_4.2.x.yml @@ -13,9 +13,31 @@ - rule_4.2.3 - name: "4.2.4 | L1 | AUDIT | Ensure logrotate is configured" - find: - paths: /etc/logrotate.d/ - register: log_rotates + block: + - name: "4.2.4 | L1 | AUDIT | Ensure logrotate is configured" + find: + paths: /etc/logrotate.d/ + register: log_rotate + + - debug: + var: log_rotate + + - name: "4.2.4 | L1 | AUDIT | Ensure logrotate is configured | set fact" + set_fact: + logrotate_files: "{{ logrotate_files + [ item.path ] }}" + with_items: "{{ log_rotate.files }}" + no_log: true + when: log_rotate.examined > 0 + + - name: "4.2.4 | L1 | AUDIT | Ensure logrotate is configured | output list" + debug: + msg: + - WARNING!! The following files need to confirm with site requirements + - /etc/logrotate.conf + - "{{ logrotate_files }}" + when: logrotate_files | length > 0 + vars: + logrotate_files: [] when: - rhel7cis_rule_4_2_4 tags: From 79f0f8ad9a97aeeb968b45bf663610ff2cb5d406 Mon Sep 17 00:00:00 2001 From: Mark Bolwell Date: Wed, 26 Jan 2022 16:43:22 +0000 Subject: [PATCH 2/4] removed debug statement Signed-off-by: Mark Bolwell --- tasks/section_4/cis_4.2.x.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/tasks/section_4/cis_4.2.x.yml b/tasks/section_4/cis_4.2.x.yml index 3ec5fa3c..a94bbfa7 100644 --- a/tasks/section_4/cis_4.2.x.yml +++ b/tasks/section_4/cis_4.2.x.yml @@ -19,9 +19,6 @@ paths: /etc/logrotate.d/ register: log_rotate - - debug: - var: log_rotate - - name: "4.2.4 | L1 | AUDIT | Ensure logrotate is configured | set fact" set_fact: logrotate_files: "{{ logrotate_files + [ item.path ] }}" From 1dfae54c6f80739a2faca469904ac9ca6badddb5 Mon Sep 17 00:00:00 2001 From: Mark Bolwell Date: Wed, 26 Jan 2022 16:49:46 +0000 Subject: [PATCH 3/4] streamline control Signed-off-by: Mark Bolwell --- tasks/section_4/cis_4.2.x.yml | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/tasks/section_4/cis_4.2.x.yml b/tasks/section_4/cis_4.2.x.yml index a94bbfa7..1e6a6c5d 100644 --- a/tasks/section_4/cis_4.2.x.yml +++ b/tasks/section_4/cis_4.2.x.yml @@ -19,20 +19,13 @@ paths: /etc/logrotate.d/ register: log_rotate - - name: "4.2.4 | L1 | AUDIT | Ensure logrotate is configured | set fact" - set_fact: - logrotate_files: "{{ logrotate_files + [ item.path ] }}" - with_items: "{{ log_rotate.files }}" - no_log: true - when: log_rotate.examined > 0 - - name: "4.2.4 | L1 | AUDIT | Ensure logrotate is configured | output list" debug: - msg: + msg: - WARNING!! The following files need to confirm with site requirements - /etc/logrotate.conf - - "{{ logrotate_files }}" - when: logrotate_files | length > 0 + - "{{ log_rotate.files | map(attribute='path') | list }}" + when: log_rotate.matched > 0 vars: logrotate_files: [] when: From 040f35afd93a7533dc65eaf3030661c196a833db Mon Sep 17 00:00:00 2001 From: Mark Bolwell Date: Thu, 27 Jan 2022 14:19:02 +0000 Subject: [PATCH 4/4] removed var not needed Signed-off-by: Mark Bolwell --- tasks/section_4/cis_4.2.x.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/tasks/section_4/cis_4.2.x.yml b/tasks/section_4/cis_4.2.x.yml index 1e6a6c5d..5e06700a 100644 --- a/tasks/section_4/cis_4.2.x.yml +++ b/tasks/section_4/cis_4.2.x.yml @@ -26,8 +26,6 @@ - /etc/logrotate.conf - "{{ log_rotate.files | map(attribute='path') | list }}" when: log_rotate.matched > 0 - vars: - logrotate_files: [] when: - rhel7cis_rule_4_2_4 tags: