Configure journald.conf anyway

ansible-lockdown · Sep 27, 2023 · 1cf0271 · 1cf0271
1 parent a07b03c
commit 1cf0271
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 34 deletions.
diff --git a/tasks/section_4/cis_4.2.2.x.yml b/tasks/section_4/cis_4.2.2.x.yml
@@ -103,40 +103,6 @@
       - journald
       - rule_4.2.2.2
 
-- name: "4.2.2.3 | PATCH | Ensure journald is configured to compress large log files"
-  ansible.builtin.lineinfile:
-      path: /etc/systemd/journald.conf
-      regexp: 'Compress='
-      line: Compress=yes
-      insertafter: ^#Compress
-      validate: /usr/bin/bash -n %s
-  when:
-      - rhel8cis_rule_4_2_2_3
-  tags:
-      - level1-server
-      - level1-workstation
-      - automated
-      - patch
-      - journald
-      - rule_4.2.2.3
-
-- name: "4.2.2.4 | PATCH | Ensure journald is configured to write logfiles to persistent disk"
-  ansible.builtin.lineinfile:
-      path: /etc/systemd/journald.conf
-      regexp: 'Storage='
-      line: Storage=persistent
-      state: present
-      insertafter: ^#Storage
-      validate: /usr/bin/bash -n %s
-  when:
-      - rhel8cis_rule_4_2_2_4
-  tags:
-      - level1-server
-      - level1-workstation
-      - automated
-      - patch
-      - journald
-      - rule_4.2.2.4
 
 # This is counter to control 4.2.1.3??
 - name: "4.2.2.5 | PATCH | Ensure journald is not configured to send logs to rsyslog"

diff --git a/tasks/section_4/cis_4.2.extra.yml b/tasks/section_4/cis_4.2.extra.yml
@@ -0,0 +1,35 @@
+---
+- name: "4.2.2.3 | PATCH | Ensure journald is configured to compress large log files"
+  ansible.builtin.lineinfile:
+      path: /etc/systemd/journald.conf
+      regexp: 'Compress='
+      line: Compress=yes
+      insertafter: ^#Compress
+      validate: /usr/bin/bash -n %s
+  when:
+      - rhel8cis_rule_4_2_2_3
+  tags:
+      - level1-server
+      - level1-workstation
+      - automated
+      - patch
+      - journald
+      - rule_4.2.2.3
+
+- name: "4.2.2.4 | PATCH | Ensure journald is configured to write logfiles to persistent disk"
+  ansible.builtin.lineinfile:
+      path: /etc/systemd/journald.conf
+      regexp: 'Storage='
+      line: Storage=persistent
+      state: present
+      insertafter: ^#Storage
+      validate: /usr/bin/bash -n %s
+  when:
+      - rhel8cis_rule_4_2_2_4
+  tags:
+      - level1-server
+      - level1-workstation
+      - automated
+      - patch
+      - journald
+      - rule_4.2.2.4
diff --git a/tasks/section_4/main.yml b/tasks/section_4/main.yml
@@ -21,6 +21,9 @@
   ansible.builtin.import_tasks: cis_4.2.2.x.yml
   when: rhel8cis_syslog == 'journald'
 
+- name: "SECTION | 4.2.1.x| Configure journald.conf"
+  ansible.builtin.import_tasks: cis_4.2.extra.yml
+
 - name: "SECTION | 4.2.3 | Configure logile perms"
   ansible.builtin.import_tasks: cis_4.2.3.yml