Puppet Class: cis_security_hardening::rules::logrotate

Defined in:
manifests/rules/logrotate.pp

Summary

Ensure logrotate is configured

Overview

The system includes the capability of rotating log files regularly to avoid filling up the system with logs or making the logs unmanageable large. The file /etc/logrotate.d/syslog is the configuration file used to rotate log files created by syslog or rsyslog.

Rationale: By keeping the log files smaller and more manageable, a system administrator can easily archive these files to another system and spend less time looking through inordinately large log files.

Examples:

class { 'cis_security_hardening::rules::logrotate':
    enforce => true,
}

Parameters:

  • enforce (Boolean) (defaults to: false)

    Enforce the rule

  • su_user (String) (defaults to: 'root')

    User for logrotate.

  • su_group (String) (defaults to: 'syslog')

    Group for logrotate.



25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
 
# File 'manifests/rules/logrotate.pp', line 25

class cis_security_hardening::rules::logrotate (
  Boolean $enforce = false,
  String $su_user  = 'root',
  String $su_group = 'syslog',
) {
  if $enforce {
    class { 'logrotate':
      create_base_rules => false,
      config            => {
        dateext      => true,
        compress     => true,
        rotate       => 7,
        rotate_every => 'week',
        ifempty      => true,
      },
    }
  }
}