auditd increasing logfiles

[markuman]

Describe the bug
After applying devsec.hardening, auditd is configured, but its logs are increasing without beeing deleted after some time

Expected behavior
Logs are deleted and/or beeing compressed (logrotate)

Actual behavior

~$ sudo ls -lh /var/log/audit/
total 257M
-rw------- 1 root root 4.3M Oct  7 06:15 audit.log
-r-------- 1 root root 6.1M Oct  4 12:15 audit.log.1
-r-------- 1 root root 6.1M Aug 23 06:38 audit.log.10
-r-------- 1 root root 6.1M Aug 17 08:06 audit.log.11
-r-------- 1 root root 6.1M Aug 13 02:17 audit.log.12
-r-------- 1 root root 6.1M Aug  7 13:38 audit.log.13
-r-------- 1 root root 6.1M Aug  1 08:17 audit.log.14
-r-------- 1 root root 6.1M Jul 26 20:37 audit.log.15
-r-------- 1 root root 6.1M Jul 21 09:18 audit.log.16
-r-------- 1 root root 6.1M Jul 11 07:45 audit.log.17
-r-------- 1 root root 6.1M Jun 28 15:30 audit.log.18
-r-------- 1 root root 6.1M Jun 14 17:00 audit.log.19
-r-------- 1 root root 6.1M Sep 29 09:00 audit.log.2
-r-------- 1 root root 6.1M Jun  1 10:03 audit.log.20
-r-------- 1 root root 6.1M May 19 03:15 audit.log.21
-r-------- 1 root root 6.1M May  8 11:45 audit.log.22
-r-------- 1 root root 6.1M Apr 25 10:38 audit.log.23
-r-------- 1 root root 6.1M Apr 12 04:17 audit.log.24
-r-------- 1 root root 6.1M Mar 29  2022 audit.log.25
-r-------- 1 root root 6.1M Mar 12  2022 audit.log.26
-r-------- 1 root root 6.1M Feb 25  2022 audit.log.27
-r-------- 1 root root 6.1M Feb 10  2022 audit.log.28
-r-------- 1 root root 6.1M Jan 26  2022 audit.log.29
-r-------- 1 root root 6.1M Sep 24 10:42 audit.log.3
-r-------- 1 root root 6.1M Dec 24  2021 audit.log.30
-r-------- 1 root root 6.1M Dec  6  2021 audit.log.31
-r-------- 1 root root 6.1M Nov 26  2021 audit.log.32
-r-------- 1 root root 6.1M Nov 19  2021 audit.log.33
-r-------- 1 root root 6.1M Nov 19  2021 audit.log.34
-r-------- 1 root root 6.1M Nov 17  2021 audit.log.35
-r-------- 1 root root 6.1M Nov  8  2021 audit.log.36
-r-------- 1 root root 6.1M Oct 29  2021 audit.log.37
-r-------- 1 root root 6.1M Oct 20  2021 audit.log.38
-r-------- 1 root root 6.1M Oct 10  2021 audit.log.39
-r-------- 1 root root 6.1M Sep 19 08:01 audit.log.4
-r-------- 1 root root 6.1M Oct  7  2021 audit.log.40
-r-------- 1 root root 6.1M Sep 23  2021 audit.log.41
-r-------- 1 root root 6.1M Sep  6  2021 audit.log.42
-r-------- 1 root root 6.1M Sep 12 22:00 audit.log.5
-r-------- 1 root root 6.1M Sep  9 03:10 audit.log.6
-r-------- 1 root root 6.1M Sep  5 13:15 audit.log.7
-r-------- 1 root root 6.1M Sep  1 07:02 audit.log.8
-r-------- 1 root root 6.1M Aug 27 22:17 audit.log.9

~$ sudo du -sh /var/log/audit/
257M	/var/log/audit/

Example Playbook

---
- hosts: localhost
  connection: local
  gather_facts: yes
  become: yes

  collections:
    - devsec.hardening

  roles:
    - devsec.hardening.os_hardening
    - devsec.hardening.ssh_hardening

OS / Environment

Ubuntu 20.04 & Ubuntu 22.04

Ansible Version

ansible [core 2.12.5]
  config file = /home/m/git/lekker/linux/ansible.cfg
  configured module search path = ['/home/m/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/m/.local/lib/python3.10/site-packages/ansible
  ansible collection location = /home/m/.ansible/collections:/usr/share/ansible/collections
  executable location = /home/m/.local/bin/ansible
  python version = 3.10.6 (main, Aug 10 2022, 11:40:04) [GCC 11.3.0]
  jinja version = 3.1.2
  libyaml = True

Role Version

devsec.hardening   7.14.1  

Additional context
Add any other context about the problem here.

[rndmh3ro]

See here for the rationale: dev-sec/linux-baseline#171

You can change the behaviour with the variable os_auditd_max_log_file_action