Select Git revision
logging.yml
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
logging.yml 2.32 KiB
---
# file: roles/common/task/logging.yml
- name: restrict dmesg access to only root
sysctl:
name: kernel.dmesg_restrict
value: '1'
state: present
sysctl_set: true
tags:
- security
- sysctl
- name: ensure system journal is a system-log-daemon with our package
apt:
name: systemd-journal-persistent
state: present
when:
- syslogserver is not defined or syslogserver.split(":")[0] != ansible_fqdn
- ansible_distribution_major_version|int >= 9
register: syslog_provider
tags:
- syslog
- journal
- name: ensure systemd journal is persistent
file:
path: /var/log/journal
state: directory
when:
- ansible_distribution_major_version|int < 9
notify:
- configure journal directory
tags:
- syslog
- journal
- name: ensure rsyslog is absent without broken dependecies
apt:
name: rsyslog
state: absent
purge: true
dpkg_options: "force-confdef,force-confold,force-depends"
when:
- not syslog_provider is skipped
- ansible_distribution_major_version|int >= 9
- syslogserver is not defined or syslogserver.split(":")[0] != ansible_fqdn
tags:
- syslog
- name: create systemd-journald config directory
file:
path: /etc/systemd/journald.conf.d
state: directory
mode: '0755'
tags:
- config
- syslog
- name: configure journal size and time limits
template:
src: size.conf.j2
dest: /etc/systemd/journald.conf.d/size.conf
mode: '0644'
notify: restart systemd-journald
tags:
- config
- syslog
- service