OS-236 periodically trim audit logs

man/man/man1m/joycomm.1m

@@ -10,7 +10,7 @@ joycomm \- display the last commands executed, in reverse order
 .SH SYNOPSIS
 .LP
 .nf
-\fBjoycomm\fR [\fB-v\fR] [\fB-x\fR]
+\fBjoycomm\fR [\fB-R days\fR] [\fB-v\fR] [\fB-x\fR]
 .fi
 
 .SH DESCRIPTION
@@ -53,6 +53,17 @@ The command name under which the process was called.
 .sp
 .LP
 The following options are supported:
+.sp
+.ne 2
+.mk
+.na
+\fB\fB-R\fR \fBdays\fR\fR 
+.ad
+.RS 11n
+.rt  
+Rotates the audit log and removes any logs older than \fBdays\fR.  This option cannot be used with any other options.
+.RE
+
 .sp
 .ne 2
 .mk

manifest

@@ -21663,6 +21663,7 @@ d var/spool/clientmqueue 0770 smmsp smmsp
 d var/spool/cron 0755 root sys
 d var/spool/cron/atjobs 0755 root sys
 d var/spool/cron/crontabs 0755 root sys
+f var/spool/cron/crontabs/root 0600 root root
 d var/spool/locks 0755 uucp uucp
 d var/spool/mqueue 0750 root bin
 d var/spool/pkg 1777 root bin

overlay/usr/sbin/joycomm

@@ -28,18 +28,27 @@ unset LD_LIBRARY_PATH
 
 OPT_V=0
 OPT_X=0
-while getopts "vx" opt
+while getopts "R:vx" opt
 do
 	case "$opt" in
+		R)	DAYS="$OPTARG";;
 		v)	OPT_V="1";;
 		x)	OPT_X="1";;
-		*)	echo "usage: [-v] [-x]"
+		*)	echo "usage: [-R days] [-v] [-x]"
 			exit 1
 			;;
 	esac
 done
 shift OPTIND-1
 
+if [[ -n $DAYS ]]; then
+	# Rotate and trim the audit logs
+	audit -n
+	cd /var/audit
+	find . -mtime +$DAYS -exec rm -f "{}" \; 
+	exit 0
+fi
+
 f=`ls /var/audit/* | wc -l`
 if [ $f -eq 0 ]; then
 	echo "no audit files"

overlay/var/spool/cron/crontabs/root

@@ -0,0 +1,2 @@
+## Rotate and trim the audit logs nightly at midnight.
+0 0 * * * /usr/sbin/joycomm -R 30