7.0.1: (SIMP-2939) SIMP audit profile file paths (#50)
op-ct
released this
13 Jun 20:57
https://simp-project.atlassian.net/browse/SIMP-2939
I believe this line in the base.erb:
`-w /var/log/tallylock -p wa -k <%= @audit_session_files_tag %>`
should be:
`-w /var/log/tallylog -p wa -k <%= @audit_session_files_tag %>`
...and while insmod has both the /usr/sbin and /sbin paths listed, rmmod and modprobe do not, which causes some security scans to fail. For good measure, need to add:
```
-w /usr/sbin/rmmod -p x -k modules
-w /usr/sbin/modprobe -p x -k modules
```