Describe the Issue
Missing the auid settings in the audit rules on 3 STIG IDs
Expected Behavior
Should be set to include auid settings. For example,
RHEL-07-030819:
-a always,exit -F arch=b32 -S create_module -F auid>=1000 -F auid!=unset -k module-change
-a always,exit -F arch=b64 -S create_module -F auid>=1000 -F auid!=unset -k module-change
Actual Behavior
The three listed STIG IDs do not include the auid setting.
Describe the Issue Missing the auid settings in the audit rules on 3 STIG IDs
Expected Behavior Should be set to include auid settings. For example, RHEL-07-030819: -a always,exit -F arch=b32 -S create_module -F auid>=1000 -F auid!=unset -k module-change -a always,exit -F arch=b64 -S create_module -F auid>=1000 -F auid!=unset -k module-change
Actual Behavior The three listed STIG IDs do not include the auid setting.
Control(s) Affected RHEL-07-030819 RHEL-07-030820 RHEL-07-030830
Possible Solution Add ‘-F auid>={{ rhel7stig_min_uid.stdout}} -F auid!=unset’ to the 99_auditd.rules.j2 for the 3 listed STIG IDs