CCE-27129-6 (kernel auditing rules) on RHEL7

The check for the RHEL7 audit rules for kernel module loading and unloading specifies the following: -w /usr/sbin/insmod -p x -k modules -w /usr/sbin/rmmod -p x -k modules -w /usr/sbin/modprobe -p x -k modules However, at least on my RHEL7 system, these commands are located in /sbin, not /usr/sbin (as on RHEL6). This is using the latest git zip (can't manage to pull from git since the move to github, for some reason). -- Ray Shaw (Contractor, STG) Army Research Laboratory CISD, Unix Support