From b54bfd2155eb24076cbc4a758d12d1d093c6204e Mon Sep 17 00:00:00 2001
From: Will Szumski <will@stackhpc.com>
Date: Wed, 18 Oct 2023 17:51:52 +0100
Subject: [PATCH] ...

---
 etc/kayobe/inventory/group_vars/overcloud/cis | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/etc/kayobe/inventory/group_vars/overcloud/cis b/etc/kayobe/inventory/group_vars/overcloud/cis
index 63f605d8f..c456c0be1 100644
--- a/etc/kayobe/inventory/group_vars/overcloud/cis
+++ b/etc/kayobe/inventory/group_vars/overcloud/cis
@@ -55,12 +55,16 @@ rhel9cis_rule_5_3_4: false
 # Please double-check yourself with: sudo paswd -S root
 rhel9cis_rule_5_5_6: false
 
+# Configure log rotation to prevent audit logs from filling the disk
 rhel9cis_auditd:
     space_left_action: syslog
     action_mail_acct: root
     admin_space_left_action: halt
     max_log_file_action: rotate
 
+# Max size of audit logs (MB)
+rhel9cis_max_log_file_size: 1024
+
 ##############################################################################
 # Ubuntu Jammy CIS Hardening Configuration
 
@@ -133,6 +137,9 @@ ubtu22cis_auditd:
     admin_space_left_action: halt
     max_log_file_action: rotate
 
+# Max size of audit logs (MB)
+ubtu22cis_max_log_file_size: 1024
+
 # Disable grub bootloader password. Requires overriding
 # ubtu22cis_bootloader_password_hash
 ubtu22cis_rule_1_4_1: false