We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Describe the bug After applying devsec.hardening, auditd is configured, but its logs are increasing without beeing deleted after some time
Expected behavior Logs are deleted and/or beeing compressed (logrotate)
Actual behavior
~$ sudo ls -lh /var/log/audit/ total 257M -rw------- 1 root root 4.3M Oct 7 06:15 audit.log -r-------- 1 root root 6.1M Oct 4 12:15 audit.log.1 -r-------- 1 root root 6.1M Aug 23 06:38 audit.log.10 -r-------- 1 root root 6.1M Aug 17 08:06 audit.log.11 -r-------- 1 root root 6.1M Aug 13 02:17 audit.log.12 -r-------- 1 root root 6.1M Aug 7 13:38 audit.log.13 -r-------- 1 root root 6.1M Aug 1 08:17 audit.log.14 -r-------- 1 root root 6.1M Jul 26 20:37 audit.log.15 -r-------- 1 root root 6.1M Jul 21 09:18 audit.log.16 -r-------- 1 root root 6.1M Jul 11 07:45 audit.log.17 -r-------- 1 root root 6.1M Jun 28 15:30 audit.log.18 -r-------- 1 root root 6.1M Jun 14 17:00 audit.log.19 -r-------- 1 root root 6.1M Sep 29 09:00 audit.log.2 -r-------- 1 root root 6.1M Jun 1 10:03 audit.log.20 -r-------- 1 root root 6.1M May 19 03:15 audit.log.21 -r-------- 1 root root 6.1M May 8 11:45 audit.log.22 -r-------- 1 root root 6.1M Apr 25 10:38 audit.log.23 -r-------- 1 root root 6.1M Apr 12 04:17 audit.log.24 -r-------- 1 root root 6.1M Mar 29 2022 audit.log.25 -r-------- 1 root root 6.1M Mar 12 2022 audit.log.26 -r-------- 1 root root 6.1M Feb 25 2022 audit.log.27 -r-------- 1 root root 6.1M Feb 10 2022 audit.log.28 -r-------- 1 root root 6.1M Jan 26 2022 audit.log.29 -r-------- 1 root root 6.1M Sep 24 10:42 audit.log.3 -r-------- 1 root root 6.1M Dec 24 2021 audit.log.30 -r-------- 1 root root 6.1M Dec 6 2021 audit.log.31 -r-------- 1 root root 6.1M Nov 26 2021 audit.log.32 -r-------- 1 root root 6.1M Nov 19 2021 audit.log.33 -r-------- 1 root root 6.1M Nov 19 2021 audit.log.34 -r-------- 1 root root 6.1M Nov 17 2021 audit.log.35 -r-------- 1 root root 6.1M Nov 8 2021 audit.log.36 -r-------- 1 root root 6.1M Oct 29 2021 audit.log.37 -r-------- 1 root root 6.1M Oct 20 2021 audit.log.38 -r-------- 1 root root 6.1M Oct 10 2021 audit.log.39 -r-------- 1 root root 6.1M Sep 19 08:01 audit.log.4 -r-------- 1 root root 6.1M Oct 7 2021 audit.log.40 -r-------- 1 root root 6.1M Sep 23 2021 audit.log.41 -r-------- 1 root root 6.1M Sep 6 2021 audit.log.42 -r-------- 1 root root 6.1M Sep 12 22:00 audit.log.5 -r-------- 1 root root 6.1M Sep 9 03:10 audit.log.6 -r-------- 1 root root 6.1M Sep 5 13:15 audit.log.7 -r-------- 1 root root 6.1M Sep 1 07:02 audit.log.8 -r-------- 1 root root 6.1M Aug 27 22:17 audit.log.9 ~$ sudo du -sh /var/log/audit/ 257M /var/log/audit/
Example Playbook
--- - hosts: localhost connection: local gather_facts: yes become: yes collections: - devsec.hardening roles: - devsec.hardening.os_hardening - devsec.hardening.ssh_hardening
OS / Environment
Ubuntu 20.04 & Ubuntu 22.04
Ansible Version
ansible [core 2.12.5] config file = /home/m/git/lekker/linux/ansible.cfg configured module search path = ['/home/m/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /home/m/.local/lib/python3.10/site-packages/ansible ansible collection location = /home/m/.ansible/collections:/usr/share/ansible/collections executable location = /home/m/.local/bin/ansible python version = 3.10.6 (main, Aug 10 2022, 11:40:04) [GCC 11.3.0] jinja version = 3.1.2 libyaml = True
Role Version
devsec.hardening 7.14.1
Additional context Add any other context about the problem here.
The text was updated successfully, but these errors were encountered:
See here for the rationale: dev-sec/linux-baseline#171
You can change the behaviour with the variable os_auditd_max_log_file_action
os_auditd_max_log_file_action
Sorry, something went wrong.
No branches or pull requests
Describe the bug
After applying devsec.hardening, auditd is configured, but its logs are increasing without beeing deleted after some time
Expected behavior
Logs are deleted and/or beeing compressed (logrotate)
Actual behavior
Example Playbook
OS / Environment
Ubuntu 20.04 & Ubuntu 22.04
Ansible Version
Role Version
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: