Believe I found another one.  After running the generated fix script auditd fails to start with the message "Wrong number of arguments for line X in /etc/audit/auditd.conf". Looked at auditd.conf and found admin_space_left_action wasn't equal to any action:

admin_space_left_action =

Looks like was just a typo in the /RHEL6/input/fixes/bash/auditd_data_retention_admin_space_left_action.sh between the variable in the populate statement with the variable that is used in the sed/echo statements, updates those statements to use the populate variable, generated new fix content and admin_space_left_action now gets set correctly.

Again, if looks good and someone that can push this (thanks Jan for doing the last one!) doesn't mind it's appreciated.

Thanks!

Jeb Trayer, CTR
USCG Operations System Center
Jeb.D.Trayer@uscg.mil

Signed-off-by: Jeb Trayer <jeb.d.trayer@uscg.mil>
---
 ...uditd_data_retention_admin_space_left_action.sh |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/RHEL6/input/fixes/bash/auditd_data_retention_admin_space_left_action.sh b/RHEL6/input/fixes/bash/auditd_data_retention_admin_space_left_action.sh
index 68d684f..3499cc6 100644
--- a/RHEL6/input/fixes/bash/auditd_data_retention_admin_space_left_action.sh
+++ b/RHEL6/input/fixes/bash/auditd_data_retention_admin_space_left_action.sh
@@ -2,7 +2,7 @@ source ./templates/support.sh
 populate var_auditd_admin_space_left_action
 
 grep -q ^admin_space_left_action /etc/audit/auditd.conf && \
-  sed -i "s/admin_space_left_action.*/admin_space_left_action = $var_auditd_space_left_action/g" /etc/audit/auditd.conf
+  sed -i "s/admin_space_left_action.*/admin_space_left_action = $var_auditd_admin_space_left_action/g" /etc/audit/auditd.conf
 if ! [ $? -eq 0 ]; then
-    echo "admin_space_left_action = $var_auditd_space_left_action" >> /etc/audit/auditd.conf
+    echo "admin_space_left_action = $var_auditd_admin_space_left_action" >> /etc/audit/auditd.conf
 fi
-- 
1.7.1