From 17fff469b273891f1089b9055ade1212c61c0f8c Mon Sep 17 00:00:00 2001
From: Samson-W <sccxboy@gmail.com>
Date: Wed, 28 Nov 2018 07:52:29 -0500
Subject: [PATCH] Add audit item for iptables save path

---
 bin/hardening/8.1.27_record_Events_that_modify_conf_files.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/bin/hardening/8.1.27_record_Events_that_modify_conf_files.sh b/bin/hardening/8.1.27_record_Events_that_modify_conf_files.sh
index e91755c..1374889 100755
--- a/bin/hardening/8.1.27_record_Events_that_modify_conf_files.sh
+++ b/bin/hardening/8.1.27_record_Events_that_modify_conf_files.sh
@@ -25,6 +25,7 @@ AUDIT_PARAMS='-w /etc/audisp/audisp-remote.conf -p wa -k config_file_change
 -w /etc/profile -p wa -k config_file_change
 -w /etc/profile.d/ -p wa -k config_file_change
 -w /etc/security/ -p wa -k config_file_change
+-w /etc/iptables/ -p wa -k config_file_change
 -w /etc/sysctl.conf -p wa -k config_file_change'
 
 FILE='/etc/audit/rules.d/audit.rules'