From 52f6d680674893e851b0bb48437e13b60b1f4f05 Mon Sep 17 00:00:00 2001 From: Carmen Rata Date: Wed, 1 Sep 2021 10:56:46 -0400 Subject: [PATCH] Logrotate configuration for auditd logs This commit implements logrotate configuration for auditd logs. The auditd log rotation configuration in auditd.conf is disabled, as it gets replaced by linux logrotate configuration. Story: 2008849 Task: 43157 Signed-off-by: Carmen Rata Change-Id: Ifd8038d8dcc1364e59c9dce0fea22917dc4c9b35 --- stx-audit-helm/centos/stx-audit-helm.spec | 4 ++++ .../stx-audit-helm/files/auditd.logrotate | 15 +++++++++++++++ .../stx-audit-helm/helm-charts/audit/values.yaml | 2 +- 3 files changed, 20 insertions(+), 1 deletion(-) create mode 100644 stx-audit-helm/stx-audit-helm/files/auditd.logrotate diff --git a/stx-audit-helm/centos/stx-audit-helm.spec b/stx-audit-helm/centos/stx-audit-helm.spec index 23c161f..1c8b40c 100644 --- a/stx-audit-helm/centos/stx-audit-helm.spec +++ b/stx-audit-helm/centos/stx-audit-helm.spec @@ -71,7 +71,11 @@ rm -fr %{app_staging} %install install -d -m 755 %{buildroot}/%{app_folder} install -p -D -m 755 %{_builddir}/%{app_tarball} %{buildroot}/%{app_folder} +install -m 644 -p -D files/auditd.logrotate %{buildroot}%{_sysconfdir}/logrotate.d/auditd.logrotate %files %defattr(-,root,root,-) %{app_folder}/* + +# logfile config files +%{_sysconfdir}/logrotate.d/auditd.logrotate diff --git a/stx-audit-helm/stx-audit-helm/files/auditd.logrotate b/stx-audit-helm/stx-audit-helm/files/auditd.logrotate new file mode 100644 index 0000000..573a896 --- /dev/null +++ b/stx-audit-helm/stx-audit-helm/files/auditd.logrotate @@ -0,0 +1,15 @@ +/var/log/audit/audit.log { +maxsize 10M +start 1 +compress +dateext +rotate 20 +daily +missingok +notifempty +create 600 root root +sharedscripts +postrotate + /bin/kill -9 $(pidof auditd) 2> /dev/null > /dev/null || true +endscript +} \ No newline at end of file diff --git a/stx-audit-helm/stx-audit-helm/helm-charts/audit/values.yaml b/stx-audit-helm/stx-audit-helm/helm-charts/audit/values.yaml index 5c53280..6a1e8c0 100755 --- a/stx-audit-helm/stx-audit-helm/helm-charts/audit/values.yaml +++ b/stx-audit-helm/stx-audit-helm/helm-charts/audit/values.yaml @@ -35,7 +35,7 @@ auditdconf: |- dispatcher = /sbin/audispd name_format = NONE ##name = mydomain - max_log_file_action = ROTATE + max_log_file_action = IGNORE space_left = 75 space_left_action = SYSLOG ##verify_email = yes