Puppet Class: security_baseline::rules::common::sec_logrotate

Defined in:
manifests/rules/common/sec_logrotate.pp

Summary

Ensure logrotate is configured (Not Scored)

Overview

The system includes the capability of rotating log files regularly to avoid filling up the system with logs or making the logs unmanageable large. The file /etc/logrotate.d/syslog is the configuration file used to rotate log files created by syslog or rsyslog.

Rationale: By keeping the log files smaller and more manageable, a system administrator can easily archive these files to another system and spend less time looking through inordinately large log files.

Examples:

class security_baseline::rules::common::sec_logrotate {
    enforce => true,
    message => 'Test',
    log_level => 'info'
}

Parameters:

  • enforce (Boolean) (defaults to: true)

    Enforce the rule or just test and log

  • message (String) (defaults to: '')

    Message to print into the log

  • log_level (String) (defaults to: '')

    The log_level for the above message



29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
 
# File 'manifests/rules/common/sec_logrotate.pp', line 29

class security_baseline::rules::common::sec_logrotate (
  Boolean $enforce = true,
  String $message = '',
  String $log_level = ''
) {
  if($enforce) {
    if($facts['security_baseline']['packages_installed']['logrotate'] == false) {
      class { '::logrotate':
        config => {
          dateext      => true,
          compress     => true,
          rotate       => 7,
          rotate_every => 'week',
          ifempty      => true,
        },
      }
    }
  } else {
    if($facts['security_baseline']['packages_installed']['logrotate'] == false) {
      echo { 'logrotate':
        message  => $message,
        loglevel => $log_level,
        withpath => false,
      }
    }
  }
}