make auditd 'max_log_file' configurable

roles/os_hardening/README.md

@@ -175,6 +175,9 @@ We know that this is the case on Raspberry Pi.
 - `os_auditd_max_log_file_action`
   - Default: `keep_logs`
   - Description: Defines the behaviour of auditd when its log file is filled up. Possible other values are described in the auditd.conf man page. The most common alternative to the default may be `rotate`.
+- `os_auditd_max_log_file`
+  - Default: `6`
+  - Description: This keyword specifies the maximum file size in megabytes. When this limit is reached, it will trigger a configurable action. The value given must be numeric.
 - `hidepid_option`
   - Default: `2` (on RHEL/CentOS7 `0`, see known limitations)
   - Description: `0`: This is the default setting and gives you the default behaviour. `1`: With this option an normal user would not see other processes but their own about ps, top etc, but he is still able to see process IDs in /proc. `2`: Users are only able too see their own processes (like with hidepid=1), but also the other process IDs are hidden for them in /proc.

roles/os_hardening/defaults/main.yml

@@ -273,6 +273,7 @@ os_hardening_enabled: true
 
 # Set to false to disable installing and configuring auditd.
 os_auditd_enabled: true
+os_auditd_max_log_file: 6
 os_auditd_max_log_file_action: keep_logs
 
 # Set the SELinux state, can be either disabled, permissive, or enforcing.

roles/os_hardening/templates/etc/audit/auditd.conf.j2

@@ -11,7 +11,7 @@ disp_qos = lossy
 dispatcher = /sbin/audispd
 name_format = NONE
 ##name = mydomain
-max_log_file = 6
+max_log_file = {{ os_auditd_max_log_file }}
 max_log_file_action = {{ os_auditd_max_log_file_action }}
 space_left = 75
 space_left_action = SYSLOG