We should follow SecGen convention and put the flag somewhere obvious (/home) -- successful exploitation doesn't always land the attacker in the directory we are using. Also check the filename passed in is used correctly (seems to be using defaults rather than what's passed in by the scenario).
https://github.com/cliffe/SecGen/blob/ee5c9c2a2c830ebd08e20e7ed202053d9c4e2382/modules/vulnerabilities/unix/misc/jboss_remoting_unified_invoker_rce/manifests/flags.pp#L7
We should follow SecGen convention and put the flag somewhere obvious (/home) -- successful exploitation doesn't always land the attacker in the directory we are using. Also check the filename passed in is used correctly (seems to be using defaults rather than what's passed in by the scenario).