Fix RHEL 7

[bdwyertech]

• RHEL audit rules should be dropped in /etc/audit/rules.d/
• On RHEL under systemd, you need to call a helper script to get the expected restart behavior
• Add basic Inspec tests

This should address #30

Background

augenrules is enabled by default, which builds /etc/audit/audit.rules with rules from /etc/audit/rules.d/

Also, I tried simply swapping to :reload for RHEL, but you need a restart to make this stuff work; :reload did not seem to trigger /etc/audit/audit.rules generation. It seems within in the past two years or so, the ability to restart auditd using systemctl was disabled. 2-3 years ago I had a branch of this cookbook that only needed a rulefile location swap to function; that is no longer the case.

Finally, I threw some crappy inspec tests in here to smoke test the content of /etc/audit/audit.rules. A successful Chef run can be misleading when the ruleset is dynamically generated -- Years ago I was running this for a month or so before I realized all the rules weren't active.

Final Note -- I don't think you can test this with Dokken -- I tried, and auditd is just all kinds of FUBAR in Docker.

[bdwyertech]

@tas50 no love?

[tas50]

Sorry for the delay here. Thanks for the tests. We'll have to figure something out with dokken or just remove that

[bdwyertech]

No problem @tas50 I know your busy as hell, you're in commit trails all over the place

Yeh, the regular kitchen-vagrant tests work alright, if Dokken gets a little more polished e.g. GitLab CI fixed I'll see if I can get it working in my own tests and contribute back.