only run log rotation when actually configured

infothrill · Nov 12, 2018 · 0de787e · 0de787e
1 parent 97aabab
commit 0de787e
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -95,6 +95,10 @@ in 2018 by Paul Kremer.
 
 ## Changes
 
+### v2.1.0
+
+* only run log rotation when actually configured (`lynis_cron_rotate` > 1)
+
 ### v2.0.0
 
 * added feature to run lynis on initial install or version change (`lynis_cron_initial_run`)

diff --git a/tasks/cron.yml b/tasks/cron.yml
@@ -22,6 +22,7 @@
     owner: root
     group: root
     mode: 0644
+  when: lynis_cron_rotate|int > 1
 
 - name: "[cron] Ensure Lynis cron script exists"
   template:

diff --git a/templates/cron.sh.j2 b/templates/cron.sh.j2
@@ -1,5 +1,13 @@
 #!/bin/sh
 # cron script to run lynis automatically
 
+{# only run logrotate if we actually have to keep a history #}
+{% if lynis_cron_rotate|default(1)|int > 1 %}
 /usr/sbin/logrotate -f /etc/lynis/logrotate.conf
+{% else %}
+{# if we don't want rotation, we should also ensure we have no rotated files flying around #}
+rm -f {{ lynis_log_directory }}/report.log.*
+rm -f {{ lynis_log_directory }}/report.dat.*
+rm -f {{ lynis_log_directory }}/report.txt.*
+{% endif %}
 cd {{ lynis_directory }} && nice ./lynis audit system --auditor "automated" --cronjob > {{ lynis_log_directory }}/report.txt && mv /var/log/lynis.log {{ lynis_log_directory }}/report.log && mv /var/log/lynis-report.dat {{ lynis_log_directory }}/report.dat && chmod 640 {{ lynis_log_directory }}/* && chgrp {{ lynis_log_group }} {{ lynis_log_directory }}/* >/dev/null 2>&1