diff --git a/roles/cis_security/defaults/main.yml b/roles/cis_security/defaults/main.yml index f4cfa2b..75230e1 100644 --- a/roles/cis_security/defaults/main.yml +++ b/roles/cis_security/defaults/main.yml @@ -53,6 +53,8 @@ log_host: false # Linux: Whether this machine will host rsyslog messages for oth log_port: 514 # Linux: Port to listen to RSYSLOG messages on (if log_host is true) log_file_size: 8 # Linux: log file size. RHEL default is 8MB, control has no default # rsyslog_file: # Linux: Uncomment to copy file listed to /etc/rsyslog.d +space_left_disk_size: 10000 +max_log_file_actions: keep_logs # network security settings tcpwrappers: false # Linux: Configure tcpwrappers controls. RHEL 7 control only diff --git a/roles/cis_security/tasks/type-files/redhat-7-type.yml b/roles/cis_security/tasks/type-files/redhat-7-type.yml index 545df4d..f94410a 100644 --- a/roles/cis_security/tasks/type-files/redhat-7-type.yml +++ b/roles/cis_security/tasks/type-files/redhat-7-type.yml @@ -1609,9 +1609,10 @@ replace: "{{ item.replace }}" loop: - {find: '^max_log_file\s+=\s+[^{{ log_file_size }}]', replace: 'max_log_file = {{ log_file_size }}'} # 4.1.1.1 - - {find: '^max_log_file_action\s+=\s+((?!keep_logs).)*$', replace: 'max_log_file_action = keep_logs'} # 4.1.1.2 + - {find: '^max_log_file_action\s+=\s+((?!{{ max_log_file_action }}).)*$', replace: 'max_log_file_action ={{ max_log_file_action }} '} # 4.1.1.2 - {find: '^space_left_action\s+=\s+((?!email).)*$', replace: 'space_left_action = email'} # 4.1.1.2 - {find: '^action_mail_acct\s+=\s+((?!root).)*$', replace: 'action_mail_acct = root'} # 4.1.1.2 + - {find: '^admin_space_left\s+=\s+\d+$', replace: 'admin_space_left = {{ space_left_disk_size }}'} # - {find: '^admin_space_left_action\s+=\s+((?!suspend).)*$', replace: 'admin_space_left_action = suspend'} # 4.1.1.2 notify: Restart auditd tags: diff --git a/roles/cis_security/tasks/type-files/redhat-8-type.yml b/roles/cis_security/tasks/type-files/redhat-8-type.yml index 82e2fa8..e74c88d 100644 --- a/roles/cis_security/tasks/type-files/redhat-8-type.yml +++ b/roles/cis_security/tasks/type-files/redhat-8-type.yml @@ -1585,9 +1585,10 @@ replace: "{{ item.replace }}" loop: - { find: "^max_log_file\\s+=\\s+[^{{ log_file_size }}]", replace: "max_log_file = {{ log_file_size }}" } # 4.1.2.1 - - { find: "^max_log_file_action\\s+=\\s+((?!keep_logs).)*$", replace: max_log_file_action = keep_logs } # 4.1.2.2 + - { find: "^max_log_file_action\\s+=\\s+((?!{{ max_log_file_action }}).)*$", replace: max_log_file_action = {{ max_log_file_action }} } # 4.1.2.2 - { find: "^space_left_action\\s+=\\s+((?!email).)*$", replace: space_left_action = email } # 4.1.2.2 - { find: "^action_mail_acct\\s+=\\s+((?!root).)*$", replace: action_mail_acct = root } # 4.1.2.2 + - { find: "^admin_space_left\\s+=\\s+\\d+$", replace: "admin_space_left = {{ space_left_disk_size }}"} # - { find: "^admin_space_left_action\\s+=\\s+((?!suspend).)*$", replace: admin_space_left_action = suspend } # 4.1.2.2 notify: Restart auditd tags: diff --git a/roles/cis_security/tasks/type-files/ubuntu-18-type.yml b/roles/cis_security/tasks/type-files/ubuntu-18-type.yml index 3aef8fe..0570fe7 100644 --- a/roles/cis_security/tasks/type-files/ubuntu-18-type.yml +++ b/roles/cis_security/tasks/type-files/ubuntu-18-type.yml @@ -1566,9 +1566,10 @@ replace: "{{ item.replace }}" loop: - { find: "^max_log_file\\s+=\\s+[^{{ log_file_size }}]", replace: "max_log_file = {{ log_file_size }}" } # 4.1.2.1 - - { find: "^max_log_file_action\\s+=\\s+((?!keep_logs).)*$", replace: max_log_file_action = keep_logs } # 4.1.2.2 + - { find: "^max_log_file_action\\s+=\\s+((?!{{ max_log_file_action }}).)*$", replace: max_log_file_action = {{ max_log_file_action }} } # 4.1.2.2 - { find: "^space_left_action\\s+=\\s+((?!email).)*$", replace: space_left_action = email } # 4.1.2.2 - { find: "^action_mail_acct\\s+=\\s+((?!root).)*$", replace: action_mail_acct = root } # 4.1.2.2 + - { find: "^admin_space_left\\s+=\\s+\\d+$", replace: "admin_space_left = {{ space_left_disk_size }}"} # - { find: "^admin_space_left_action\\s+=\\s+((?!suspend).)*$", replace: admin_space_left_action = suspend } # 4.1.2.2 tags: - 4.1.2.1