V-72095 Does not Check for Blanket auditd Rules

[Bialogs]

This check finds all setuid and setgid programs on the system and attempts to match them with an auditd rule. However, this does not account for blanket rules such as the ones SIMP creates with the auditd:: audit_suid_sgid parameter.

This check could be updated to describe.one either the blanket rule or the individual rules.

[trevor-vaughan]

I think this is a good idea. Also, if you check for the blanket rule, you can prevent trolling the entire filesystem which would be great.