From 77228a4889e947416f59d8e2e38297250cabf46d Mon Sep 17 00:00:00 2001
From: Matthew Burket <mburket@redhat.com>
Date: Tue, 17 Dec 2024 17:23:08 -0600
Subject: [PATCH 1/2] Exclude autrace and audispd on RHEL 10

---
 .../file_groupownership_audit_binaries/rule.yml    | 12 ++++++------
 .../file_ownership_audit_binaries/rule.yml         | 14 +++++++-------
 .../file_permissions_audit_binaries/rule.yml       | 12 ++++++++----
 3 files changed, 21 insertions(+), 17 deletions(-)

diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_audit_binaries/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_audit_binaries/rule.yml
index 7ebf6715240..c869914a759 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_audit_binaries/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_audit_binaries/rule.yml
@@ -13,9 +13,9 @@ description: |-
     /sbin/auditctl root
     /sbin/aureport root
     /sbin/ausearch root
-    /sbin/autrace root
+    {{% if product not in ["rhel10"] %}}/sbin/autrace root{{% endif %}}
     /sbin/auditd root
-    /sbin/audispd root
+    {{% if 'rhel' not in product %}}/sbin/audispd root{{% endif %}}
     /sbin/augenrules root
     </pre>
 
@@ -53,9 +53,9 @@ ocil: |-
     /sbin/auditctl root
     /sbin/aureport root
     /sbin/ausearch root
-    /sbin/autrace root
+    {{% if product not in ["rhel10"] %}}/sbin/autrace root{{% endif %}}
     /sbin/auditd root
-    /sbin/audispd root
+    {{% if 'rhel' not in product %}}/sbin/audispd root{{% endif %}}
     /sbin/augenrules root
     </pre>
 
@@ -75,8 +75,8 @@ template:
             - /sbin/auditctl
             - /sbin/aureport
             - /sbin/ausearch
-            - /sbin/autrace
+            {{% if product not in ["rhel10"] %}}- /sbin/autrace{{% endif %}}
             - /sbin/auditd
-            - /sbin/audispd
+            {{% if 'rhel' not in product %}}- /sbin/audispd{{% endif %}}
             - /sbin/augenrules
         gid_or_name: '0'
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_audit_binaries/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_audit_binaries/rule.yml
index e22f6e07376..23a602ea6b2 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_audit_binaries/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_audit_binaries/rule.yml
@@ -13,9 +13,9 @@ description: |-
     /sbin/auditctl root
     /sbin/aureport root
     /sbin/ausearch root
-    /sbin/autrace root
+    {{% if product not in ["rhel10"] %}}/sbin/autrace root{{% endif %}}
     /sbin/auditd root
-    /sbin/audispd root
+    {{% if 'rhel' not in product %}}/sbin/audispd root{{% endif %}}
     /sbin/augenrules root
     </pre>
 
@@ -27,7 +27,7 @@ rationale: |-
     Protecting audit information also includes identifying and protecting the
     tools used to view and manipulate log data. Therefore, protecting audit
     tools is necessary to prevent unauthorized operation on audit information.
- 
+
     Operating systems providing tools to interface with audit information
     will leverage user permissions and roles identifying the user accessing the
     tools and the corresponding rights the user enjoys to make access decisions
@@ -54,9 +54,9 @@ ocil: |-
     /sbin/auditctl root
     /sbin/aureport root
     /sbin/ausearch root
-    /sbin/autrace root
+    {{% if product not in ["rhel10"] %}}/sbin/autrace root{{% endif %}}
     /sbin/auditd root
-    /sbin/audispd root
+    {{% if 'rhel' not in product %}}/sbin/audispd root{{% endif %}}
     /sbin/augenrules root
     </pre>
 
@@ -76,8 +76,8 @@ template:
             - /sbin/auditctl
             - /sbin/aureport
             - /sbin/ausearch
-            - /sbin/autrace
+            {{% if product not in ["rhel10"] %}}- /sbin/autrace{{% endif %}}
             - /sbin/auditd
-            - /sbin/audispd
+            {{% if 'rhel' not in product %}}- /sbin/audispd{{% endif %}}
             - /sbin/augenrules
         fileuid: '0'
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_audit_binaries/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_audit_binaries/rule.yml
index f59c9eca4be..b6f090a0e4b 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_audit_binaries/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_audit_binaries/rule.yml
@@ -13,9 +13,13 @@ description: |-
     /sbin/auditctl 755
     /sbin/aureport 755
     /sbin/ausearch 755
+    {{% if product not in ["rhel10"] %}}
     /sbin/autrace 755
+    {{% endif %}}
     /sbin/auditd 755
+    {{% if 'rhel' not in product %}}
     /sbin/audispd 755
+    {{% endif %}}
     /sbin/augenrules 755
     </pre>
 
@@ -54,9 +58,9 @@ ocil: |-
     /sbin/auditctl 755
     /sbin/aureport 755
     /sbin/ausearch 755
-    /sbin/autrace 755
+    {{% if product not in ["rhel10"] %}}/sbin/autrace 755{{% endif %}}
     /sbin/auditd 755
-    /sbin/audispd 755
+    {{% if 'rhel' not in product %}}/sbin/audispd 755{{% endif %}}
     /sbin/augenrules 755
     </pre>
 
@@ -77,8 +81,8 @@ template:
             - /sbin/auditctl
             - /sbin/aureport
             - /sbin/ausearch
-            - /sbin/autrace
+            {{% if product not in ["rhel10"] %}}- /sbin/autrace{{% endif %}}
             - /sbin/auditd
-            - /sbin/audispd
+            {{% if 'rhel' not in product %}}- /sbin/audispd{{% endif %}}
             - /sbin/augenrules
         filemode: '0755'

From e87f73c56465c21b4fbb9d0d930cf5358c70cf5c Mon Sep 17 00:00:00 2001
From: Matthew Burket <mburket@redhat.com>
Date: Wed, 18 Dec 2024 11:04:19 -0600
Subject: [PATCH 2/2] Adjust line breaks in file_permissions_audit_binaries

---
 .../file_permissions_audit_binaries/rule.yml              | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_audit_binaries/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_audit_binaries/rule.yml
index b6f090a0e4b..b84fe930909 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_audit_binaries/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_audit_binaries/rule.yml
@@ -13,13 +13,13 @@ description: |-
     /sbin/auditctl 755
     /sbin/aureport 755
     /sbin/ausearch 755
-    {{% if product not in ["rhel10"] %}}
+    {{%- if product not in ["rhel10"] %}}
     /sbin/autrace 755
-    {{% endif %}}
+    {{%- endif %}}
     /sbin/auditd 755
-    {{% if 'rhel' not in product %}}
+    {{%- if 'rhel' not in product %}}
     /sbin/audispd 755
-    {{% endif %}}
+    {{%- endif %}}
     /sbin/augenrules 755
     </pre>