Ansible tasks for auditd and logrotate
Auditd does not play nicely with logrotate on CentOS7. Here is my solution, in ansible format:
tasks
---
# the intention with auditd is to minimize the disk usage of the logs
# modify auditd.conf which notifies the handler
- name: auditd does not keep logs
lineinfile:
path: "{{ auditd_conf }}"
regexp: "{{ item.r }}"
backrefs: yes
line: "{{ item.l }}"
create: no
state: present
notify: auditd handler
with_items:
- { r: '^max_log_file_action.*$', l: 'max_log_file_action = ignore' }
- { r: '^max_log_file.*$', l: 'max_log_file = 0' }
# tarball and cleanup any existing audit.log.1 files
- name: list all old auditd logs which need to be compressed and cleaned up
shell: warn=no find /var/log/audit -regex {{ auditd_log_cleanup_regex }}
register: cleanup_list
ignore_errors: yes
- name: touch archive file
file:
path: "{{ auditd_log_dir }}/old-audit.log.tgz"
state: touch
owner: root
group: root
mode: 0600
- name: archive and cleanup existing audit.log.1 files
archive:
dest: "{{ auditd_log_dir }}/old-audit.log.tgz"
#path: "{{ auditd_log_dir }}/audit.log.*"
path: "{{ cleanup_list.stdout_lines }}"
format: gz
owner: root
group: root
remove: yes
ignore_errors: yes
#check_mode: yes
- name: apply logrotate script for audit
copy:
src: etc/logrotate.d/audit
dest: "{{ auditd_logrotate_conf }}"
owner: root
group: root
mode: 0644
backup: yes
- name: run logrotate
shell: warn=no /sbin/logrotate -f "{{ auditd_logrotate_conf }}"
register: run_logrotate
- debug:
msg: "{{run_logrotate}}"
vars or defaults
auditd_conf: /etc/audit/auditd.conf
auditd_log_dir: /var/log/audit
auditd_log_cleanup_regex: '.*audit\.log\.[0-9]+'
auditd_service: auditd
auditd_logrotate_conf: /etc/logrotate.d/audit
Comments