Filter Ansible logs on CentOS 7
CentOS 7 and Redhat 7 seem to love shoving logs into /var/log/messages and if you run ansible in-house then it generates a lot of noise and if you run Splunk or ELK then getting your logs ‘just right’ is important to O.C.D type levels!
To send your ansible generated logs to /var/log/ansible.log perform the following:
Create the file /etc/rsyslog.d/ansible.conf
if ( $programname contains "ansible" ) then /var/log/ansible.log & stop
and if you are creating log files you will want to manage those log files too!
Create the file /etc/logrotate.d/ansible
/var/log/ansible.log { notifempty weekly rotate 4 missingok compress }
And restart / reload rsyslog
service rsyslog restart
Using OpenSCAP to scan and harden your servers
Determine which profile you want to use: oscap info /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml replacing the –profile line as required.
Perform a scan:
oscap xccdf eval --report report.html --profile xccdf_org.ssgproject.content_profile_CS2 /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml
Apply a remediation:
oscap xccdf eval --remediate --report report.html --profile xccdf_org.ssgproject.content_profile_CS2 /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml