From f13ed537d132f6f11c53e427f6ff5886d2980d6d Mon Sep 17 00:00:00 2001
From: Edgar Aguilar <edgar.aguilar@oracle.com>
Date: Fri, 25 Nov 2022 13:16:45 -0600
Subject: [PATCH] Add audit rule for create_module to OL7 STIG

Signed-off-by: Edgar Aguilar <edgar.aguilar@oracle.com>
---
 .../audit_rules_kernel_module_loading_create/rule.yml          | 3 ++-
 .../tests/default.fail.sh                                      | 1 +
 products/ol7/profiles/stig.profile                             | 1 +
 3 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_create/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_create/rule.yml
index 88cd4388005..1ef78befc16 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_create/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_create/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7
+prodtype: ol7,rhel7
 
 title: 'Ensure auditd Collects Information on Kernel Module Unloading - create_module'
 
@@ -29,6 +29,7 @@ identifiers:
 references:
     disa: CCI-000172
     srg: SRG-OS-000471-GPOS-00216,SRG-OS-000477-GPOS-00222
+    stigid@ol7: OL07-00-030819
     stigid@rhel7: RHEL-07-030819
 
 {{{ complete_ocil_entry_audit_syscall(syscall="create_module") }}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_create/tests/default.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_create/tests/default.fail.sh
index 11b58dd88ad..8daf483c5f4 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_create/tests/default.fail.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_create/tests/default.fail.sh
@@ -1,4 +1,5 @@
 #!/bin/bash
+# packages = audit
 # remediation = bash
 
 rm -f /etc/audit/rules.d/*
diff --git a/products/ol7/profiles/stig.profile b/products/ol7/profiles/stig.profile
index 66b54ef7ddc..f96ea79699e 100644
--- a/products/ol7/profiles/stig.profile
+++ b/products/ol7/profiles/stig.profile
@@ -205,6 +205,7 @@ selections:
     - audit_rules_privileged_commands_ssh_keysign
     - audit_rules_privileged_commands_crontab
     - audit_rules_privileged_commands_pam_timestamp_check
+    - audit_rules_kernel_module_loading_create
     - audit_rules_kernel_module_loading_init
     - audit_rules_kernel_module_loading_finit
     - audit_rules_kernel_module_loading_delete