Merge pull request #21 from millerthomasj/auditd4.1

Add auditd fixes for Centos7
dev-sec · Apr 11, 2018 · 09c9f7c · 09c9f7c
2 parents 4896578 + d93ce5b
commit 09c9f7c
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/controls/4_1_configure_system_accounting_auditd.rb b/controls/4_1_configure_system_accounting_auditd.rb
@@ -87,7 +87,7 @@
     tag level: 2
 
     describe.one do
-      %w(/boot/grub/grub.conf /boot/grub/grub.cfg /boot/grub/menu.lst /boot/boot/grub/grub.conf /boot/boot/grub/grub.cfg /boot/boot/grub/menu.lst).each do |f|
+      %w(/boot/grub/grub.conf /boot/grub/grub.cfg /boot/grub/menu.lst /boot/boot/grub/grub.conf /boot/boot/grub/grub.cfg /boot/boot/grub/menu.lst /boot/grub2/grub.cfg).each do |f|
         describe file(f) do
           its(:content) { should match(/audit=1/) }
         end
@@ -353,11 +353,11 @@
 
     if command('uname -m').stdout.strip == 'x86_64'
       describe file('/etc/audit/audit.rules') do
-        its(:content) { should match(/^-a (always,exit|exit,always) arch=b64 -S init_module -S delete_module -k modules$/) }
+        its(:content) { should match(/^-a (always,exit|exit,always) -F arch=b64 -S init_module -S delete_module -k modules$/) }
       end
     else
       describe file('/etc/audit/audit.rules') do
-        its(:content) { should match(/^-a (always,exit|exit,always) arch=b32 -S init_module -S delete_module -k modules$/) }
+        its(:content) { should match(/^-a (always,exit|exit,always) -F arch=b32 -S init_module -S delete_module -k modules$/) }
       end
     end
   end