UBUNTU24-CIS/tasks/section_6/cis_6.1.3.8.yml

---

- name: "6.1.3.8 | PATCH | Ensure logrotate is configured"
  when:
    - ubtu24cis_rule_6_1_3_8
    - "'logrotate' in ansible_facts.packages"
  tags:
    - level1-server
    - level1-workstation
    - manual
    - patch
    - logrotate
    - rule_6.1.3.8
    - NIST800-53R5_AU-8
  block:
    - name: "6.1.3.8 | AUDIT | Ensure logrotate is configured | Get logrotate settings"
      ansible.builtin.find:
        paths: /etc/logrotate.d/
      register: discovered_log_rotate_conf

    - name: "6.1.3.8 | PATCH | Ensure logrotate is configured | conf files"
      ansible.builtin.replace:
        path: "{{ item.path }}"
        regexp: '^(\s*)(daily|weekly|monthly|yearly)$'
        replace: "\\1{{ ubtu24cis_logrotate }}"
      loop: "{{ discovered_log_rotate_conf.files }}"

    - name: "6.1.3.8 | PATCH | Ensure logrotate is configured | logrotate.conf"
      ansible.builtin.replace:
        path: /etc/logrotate.conf
        regexp: '^(\s*)(daily|weekly|monthly|yearly)$'
        replace: "\\1{{ ubtu24cis_logrotate }}"