Overall Review of Changes:
/var/log/faillog → /var/run/faillock
Issue Fixes:
N/A
Enhancements:
I think this is a transition error from an old implementation. In CIS Ubuntu 20.04 v1.1 it was still /var/log/faillog, but in CIS Ubuntu 20.04 v2.0 it has changed to /var/run/faillock and hence in CIS Ubuntu 22.04 v1.0 it is also /var/run/faillock.
How has this been tested?:
Executed the task, the /etc/audit/rules.d/99_auditd.rules is correctly generated, and sudo auditctl -l showed that it was loaded.
Overall Review of Changes: /var/log/faillog → /var/run/faillock
Issue Fixes: N/A
Enhancements: I think this is a transition error from an old implementation. In CIS Ubuntu 20.04 v1.1 it was still /var/log/faillog, but in CIS Ubuntu 20.04 v2.0 it has changed to /var/run/faillock and hence in CIS Ubuntu 22.04 v1.0 it is also /var/run/faillock.
How has this been tested?:
Executed the task, the
/etc/audit/rules.d/99_auditd.rulesis correctly generated, andsudo auditctl -lshowed that it was loaded.