Logrotate configuration for auditd logs

This commit implements logrotate configuration for auditd logs.
The auditd log rotation configuration in auditd.conf is disabled,
as it gets replaced by linux logrotate configuration.

Story: 2008849
Task: 43157

Signed-off-by: Carmen Rata <carmen.rata@windriver.com>
Change-Id: Ifd8038d8dcc1364e59c9dce0fea22917dc4c9b35

stx-audit-helm/centos/stx-audit-helm.spec

@@ -71,7 +71,11 @@ rm -fr %{app_staging}
 %install
 install -d -m 755 %{buildroot}/%{app_folder}
 install -p -D -m 755 %{_builddir}/%{app_tarball} %{buildroot}/%{app_folder}
+install -m 644 -p -D files/auditd.logrotate %{buildroot}%{_sysconfdir}/logrotate.d/auditd.logrotate
 
 %files
 %defattr(-,root,root,-)
 %{app_folder}/*
+
+# logfile config files
+%{_sysconfdir}/logrotate.d/auditd.logrotate

stx-audit-helm/stx-audit-helm/files/auditd.logrotate

@@ -0,0 +1,15 @@
+/var/log/audit/audit.log {
+maxsize 10M
+start 1
+compress
+dateext
+rotate 20
+daily
+missingok
+notifempty
+create 600 root root
+sharedscripts
+postrotate
+  /bin/kill -9 $(pidof auditd) 2> /dev/null > /dev/null || true
+endscript
+}

stx-audit-helm/stx-audit-helm/helm-charts/audit/values.yaml

@@ -35,7 +35,7 @@ auditdconf: |-
   dispatcher = /sbin/audispd
   name_format = NONE
   ##name = mydomain
-  max_log_file_action = ROTATE
+  max_log_file_action = IGNORE
   space_left = 75
   space_left_action = SYSLOG
   ##verify_email = yes