V8.00.000.2025.06.17

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>

func/cdi_4400_hardening/4445_hardening_logrotate.sh

@@ -13,9 +13,11 @@
 guard_sourcing
 
 #######################################
-# Hardening logrotate.
+# Hardening '/etc/logrotate'.
 # Globals:
+#   RECOVERY
 #   TARGET
+#   VAR_RUN_RECOVERY
 # Arguments:
 #   None
 # Returns:
@@ -23,8 +25,6 @@ guard_sourcing
 #######################################
 hardening_logrotate() {
   ### Declare Arrays, HashMaps, and Variables.
-  declare -ar ary_logrotate=( "alternatives" "apt" "btmp" "chrony" "dpkg" "fail2ban" "rkhunter" "ufw" "unattended-upgrades" "usbguard")
-  declare     var_file="" var_log=""
   declare     var_target="${TARGET}"
 
   ### Check for TARGET / RECOVERY.
@@ -39,8 +39,8 @@ hardening_logrotate() {
 # rotate log files daily
 daily
 
-# keep 128 daily worth of backlogs
-rotate 128
+# keep 384 daily worth of backlogs
+rotate 384
 
 # hard cap: delete rotated logs older than 384 days
 maxage 384
@@ -65,16 +65,6 @@ include /etc/logrotate.d
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=conf
 EOF
 
-  for var_log in "${ary_logrotate[@]}"; do
-    var_file="${var_target}/etc/logrotate.d/${var_log}"
-    [[ -e "${var_file}" ]] || continue
-    ### Replace leading 'monthly'/'weekly' directives with 'daily', preserving indentation and trailing comments.
-    sed -E -i \
-      -e 's/^([[:space:]]*)(monthly|weekly)([[:space:]]*)(#.*)?$/\1daily\3\4/' \
-      -e 's/^([[:space:]]*)rotate([[:space:]]+[0-9]+)?([[:space:]]*)(#.*)?$/\1rotate 128\3\4/' \
-      "${var_file}"
-  done
-
   guard_dir && return 0
 }
 ### Prevents accidental 'unset -f'.