Missing the auid settings in the audit rules on 3 STIG IDs

Question

Missing the auid settings in the audit rules on 3 STIG IDs

Closed this issue 2 months ago · 1 comments

Describe the Issue
Missing the auid settings in the audit rules on 3 STIG IDs

Expected Behavior
Should be set to include auid settings. For example,
RHEL-07-030819:
-a always,exit -F arch=b32 -S create_module -F auid>=1000 -F auid!=unset -k module-change
-a always,exit -F arch=b64 -S create_module -F auid>=1000 -F auid!=unset -k module-change

Actual Behavior
The three listed STIG IDs do not include the auid setting.

Control(s) Affected
RHEL-07-030819
RHEL-07-030820
RHEL-07-030830

Possible Solution
Add ‘-F auid>={{ rhel7stig_min_uid.stdout}} -F auid!=unset’ to the 99_auditd.rules.j2 for the 3 listed STIG IDs

Answer 1 · 2024-04-12T09:21:03.000Z

hi @prestonSeaman2

I believe this has now been merged, if you are happy the issues has been addressed we can close this issue?

Many thanks

uk-bolly