uk-bolly
commented
4 months ago hi @prestonSeaman2
I believe this has now been merged, if you are happy the issues has been addressed we can close this issue?
Many thanks
uk-bolly
Open prestonSeaman2 opened 7 months ago
uk-bolly
commented
4 months ago hi @prestonSeaman2
I believe this has now been merged, if you are happy the issues has been addressed we can close this issue?
Many thanks
uk-bolly
Describe the Issue Missing the auid settings in the audit rules on 3 STIG IDs
Expected Behavior Should be set to include auid settings. For example, RHEL-07-030819: -a always,exit -F arch=b32 -S create_module -F auid>=1000 -F auid!=unset -k module-change -a always,exit -F arch=b64 -S create_module -F auid>=1000 -F auid!=unset -k module-change
Actual Behavior The three listed STIG IDs do not include the auid setting.
Control(s) Affected RHEL-07-030819 RHEL-07-030820 RHEL-07-030830
Possible Solution Add ‘-F auid>={{ rhel7stig_min_uid.stdout}} -F auid!=unset’ to the 99_auditd.rules.j2 for the 3 listed STIG IDs