Profile Applicability:
Level 1
Description:
logrotate is a utility designed to manage the automatic rotation, compression, removal, and mailing of log files. Proper configuration of logrotate ensures that log files do not consume excessive disk space and remain manageable over time.
Rationale:
Configuring logrotate helps maintain system stability by preventing log files from growing indefinitely, ensuring that logs are archived and rotated regularly to support auditing and troubleshooting.
Impact:
Pros:
Prevents disk space exhaustion due to large log files.
Facilitates organized log management and retention.
Cons:
Misconfiguration may result in loss of important logs or premature deletion.
Default Value:
Logrotate is typically installed but may not be fully configured for all log files by default.
Pre-requisites:
Root or sudo privileges to configure logrotate.
Remediation:
Test Plan:
Using Linux command line:
Verify logrotate is installed:
rpm -q logrotate # RPM-based dpkg -l | grep logrotate # Debian-based
Review the main configuration file and any included configurations:
cat /etc/logrotate.conf ls /etc/logrotate.d/
Confirm that relevant log files are covered by logrotate rules.
Implementation Plan:
Using Linux command line:
Configure /etc/logrotate.conf and files in /etc/logrotate.d/ to specify rotation policies for log files, including rotation frequency, compression, retention, and permissions. For example, add or edit:
/var/log/*.log { daily rotate 7 compress missingok notifempty create 0640 root adm sharedscripts postrotate /usr/bin/systemctl reload rsyslog > /dev/null 2>&1 || true endscript }
Test the logrotate configuration:
logrotate --debug /etc/logrotate.conf
Perform a manual rotation test:
logrotate --force /etc/logrotate.conf
Backout Plan:
Using Linux command line:
Revert any changes to logrotate configuration files if issues occur.
Verify system logging functionality after reversion.
References:
CIS Amazon Linux 2 Benchmark v3.0.0
Logrotate Documentation