added setfacl to /etc/logrotate.d/syslog conf Fixes #109 (#152)

splunk · Nov 23, 2022 · 9df2892 · 9df2892
1 parent e27e14c
commit 9df2892
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 12 deletions.
diff --git a/roles/splunk/tasks/configure_facl.yml b/roles/splunk/tasks/configure_facl.yml
@@ -20,13 +20,12 @@
         - true
         - false
 
-    - name: Add logrotate script to enforce splunk user facls
-      template:
-        src: splunk_facl.j2
-        dest: /etc/logrotate.d/splunk_facl
-        owner: root
-        group: root
-      become: true
+    - name: Add setfacl to logrotate script
+      lineinfile:
+        path: /etc/logrotate.d/syslog
+        insertbefore: '  endscript'
+        line: '        /usr/bin/setfacl -Rm u:{{ splunk_nix_user }}:rx /var/log'
+      become: True
 
     - name: Check if auditd.conf is present
       stat:

diff --git a/roles/splunk/templates/splunk_facl.j2 b/roles/splunk/templates/splunk_facl.j2