RHEL-07-030840 kmod audit rules not correct
JuddTracy-DAS opened this issue · comments
The STIG states that the audit rule should be:
-w /usr/bin/kmod -p x -F auid!=4294967295 -k module-change
But the rule that is created is:
-w /usr/bin/kmod -p x -k module-change
Please confirm you are using the latest version from the "devel" branch on github. I cannot reproduce the issue.
Sorry, I was using the latest tagged version not the master branch.