audit_ospp_general rule content is misaligned

[marcusburghardt]

Description of problem:

After applying the remediation for the audit_ospp_general rule, there is a difference in rules when comparing the `/usr/share/audit/sample-rules/30-ospp-v42.rules and /etc/audit/rules.d/30-ospp-v42.rules files.

SCAP Security Guide Version:

master and stabilization-0.1.72 branches as of 2024-01-31

Operating System Version:

RHEL 8 and RHEL 9

Steps to Reproduce:

1. ./build_product rhel9
2. Apply the remediation for the audit_ospp_general rule in the system
3. Compare the files /usr/share/audit/sample-rules/30-ospp-v42.rules and /etc/audit/rules.d/30-ospp-v42.rules

Actual Results:

 -a always,exit -F path=/usr/bin/passwd -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes
 -a always,exit -F path=/usr/bin/crontab -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes
 -a always,exit -F path=/usr/bin/at -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes
+-a always,exit -F path=/usr/sbin/grub2-set-bootflag -F perm=x -F auid>=1000 -F auid!=unset -F key=special-config-changes
+-a always,exit -F path=/usr/bin/systemd-run -F perm=x -F auid!=unset -F key=maybe-escalation
+-a always,exit -F path=/usr/bin/pkexec -F perm=x -F key=maybe-escalation
 -a always,exit -F path=/etc/sudoers -F perm=wa -F key=special-config-changes
 -a always,exit -F dir=/etc/sudoers.d/ -F perm=wa -F key=special-config-changes
 -a always,exit -F dir=/var/log/audit/ -F perm=r -F auid>=1000 -F auid!=unset -F key=access-audit-trail

Expected Results:

Both files should be aligned.

Additional Information/Debugging Steps:

[marcusburghardt]

Already fixed in stabilization branch via https://github.com/ComplianceAsCode/content/pull/11520

[Mab879]

After a rerun of stabilization still seems to be can issue.