From f428b943d20d28dc26c75d047da98796d8cbddac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= Date: Wed, 4 Dec 2024 15:53:27 +0100 Subject: [PATCH] Fix audit access rules in ISM_O The rules `audit_access_failed` and `audit_access_success` fail after building and booting a CentOS Stream 9 hardened container image with the `ism_o` profile. The reason is that the remediation fails to create the files required by these rules because the package `audit` that provides the directory `/etc/audit/rules.d` where these files should be created isn't installed by default. The solution is to install the `audit` package as a part of the profile remediation. --- products/rhel9/profiles/e8.profile | 1 + 1 file changed, 1 insertion(+) diff --git a/products/rhel9/profiles/e8.profile b/products/rhel9/profiles/e8.profile index c431224a247..1b043ae709d 100644 --- a/products/rhel9/profiles/e8.profile +++ b/products/rhel9/profiles/e8.profile @@ -95,6 +95,7 @@ selections: ### Audit - package_rsyslog_installed - service_rsyslog_enabled + - package_audit_installed - service_auditd_enabled - var_auditd_flush=incremental_async - auditd_data_retention_flush