From 043b309d4427f61138fbaea0a3ebeeabf37896dd Mon Sep 17 00:00:00 2001
From: samson <sccxboy@gmail.com>
Date: Wed, 28 Nov 2018 20:56:07 +0800
Subject: [PATCH 1/2] Modify description for 8.1.27

---
 docs/harbian_audit_Debian_9_Benchmark_v0.1.mkd | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docs/harbian_audit_Debian_9_Benchmark_v0.1.mkd b/docs/harbian_audit_Debian_9_Benchmark_v0.1.mkd
index 4c21162..f8f2ac8 100644
--- a/docs/harbian_audit_Debian_9_Benchmark_v0.1.mkd
+++ b/docs/harbian_audit_Debian_9_Benchmark_v0.1.mkd
@@ -837,6 +837,7 @@ Verify the operating system generates audit records that modify configuration. C
 -w /etc/profile -p wa -k config_file_change
 -w /etc/profile.d/ -p wa -k config_file_change
 -w /etc/security/ -p wa -k config_file_change
+-w /etc/iptables/ -p wa -k config_file_change
 -w /etc/sysctl.conf -p wa -k config_file_change
 ```
 If the command does not return any output, this is a finding.
@@ -855,6 +856,7 @@ Fixtext: Configure the operating system to generate audit records that modify co
 -w /etc/profile -p wa -k config_file_change
 -w /etc/profile.d/ -p wa -k config_file_change
 -w /etc/security/ -p wa -k config_file_change
+-w /etc/iptables/ -p wa -k config_file_change
 -w /etc/sysctl.conf -p wa -k config_file_change
 ```
 The audit daemon must be restarted for the changes to take effect.

From 37e2065bc7abc9c35252aa705022b13f6a8b730c Mon Sep 17 00:00:00 2001
From: samson <sccxboy@gmail.com>
Date: Thu, 29 Nov 2018 02:10:17 +0800
Subject: [PATCH 2/2] Add check item to auditd config.

---
 docs/examples/configurations/etc.audit.rules.d.audit.rules | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/docs/examples/configurations/etc.audit.rules.d.audit.rules b/docs/examples/configurations/etc.audit.rules.d.audit.rules
index c5f56b0..5aeeb67 100644
--- a/docs/examples/configurations/etc.audit.rules.d.audit.rules
+++ b/docs/examples/configurations/etc.audit.rules.d.audit.rules
@@ -90,3 +90,6 @@
 -w /etc/profile -p wa -k config_file_change
 -w /etc/profile.d/ -p wa -k config_file_change
 -w /etc/security/ -p wa -k config_file_change
+-w /etc/iptables/ -p wa -k config_file_change
+-w /etc/sysctl.conf -p wa -k config_file_change
+