From 7c53c0d96e60797a36c2a343518f5172a3bb0ff9 Mon Sep 17 00:00:00 2001
From: Mark Bolwell <mark.bollyuk@gmail.com>
Date: Tue, 9 Apr 2024 16:29:49 +0100
Subject: [PATCH] PR - #198 addressed thanks to @brakkio86

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
---
 tasks/section_1/cis_1.3.x.yml | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/tasks/section_1/cis_1.3.x.yml b/tasks/section_1/cis_1.3.x.yml
index 3010b5a..5d39428 100644
--- a/tasks/section_1/cis_1.3.x.yml
+++ b/tasks/section_1/cis_1.3.x.yml
@@ -59,12 +59,12 @@
       path: /etc/aide.conf
       marker: "# {mark} Audit tools - CIS benchmark - Ansible-lockdown"
       block: |
-        /sbin/auditctl p+i+n+u+g+s+b+acl+xattrs+sha512
-        /sbin/auditd p+i+n+u+g+s+b+acl+xattrs+sha512
-        /sbin/augenrules p+i+n+u+g+s+b+acl+xattrs+sha512
-        /sbin/aureport p+i+n+u+g+s+b+acl+xattrs+sha512
-        /sbin/ausearch p+i+n+u+g+s+b+acl+xattrs+sha512
-        /sbin/autrace p+i+n+u+g+s+b+acl+xattrs+sha512
+        /usr/sbin/auditctl p+i+n+u+g+s+b+acl+xattrs+sha512
+        /usr/sbin/auditd p+i+n+u+g+s+b+acl+xattrs+sha512
+        /usr/sbin/augenrules p+i+n+u+g+s+b+acl+xattrs+sha512
+        /usr/sbin/aureport p+i+n+u+g+s+b+acl+xattrs+sha512
+        /usr/sbin/ausearch p+i+n+u+g+s+b+acl+xattrs+sha512
+        /usr/sbin/autrace p+i+n+u+g+s+b+acl+xattrs+sha512
       validate: aide -D --config %s
   when:
       - rhel9cis_rule_1_3_3