From 139e9fb683f0424effd9608b64ffcf365b3dcd02 Mon Sep 17 00:00:00 2001
From: SG <13872653+mmguero@users.noreply.github.com>
Date: Fri, 4 Oct 2019 09:02:32 -0600
Subject: [PATCH] remove trailing space from '-w /sbin/insmod -p x -k modules'
 line which causes check from 8.1.17_record_kernel_modules.sh to fail unless
 audit rule also contains trailing space

---
 bin/hardening/8.1.17_record_kernel_modules.sh | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/bin/hardening/8.1.17_record_kernel_modules.sh b/bin/hardening/8.1.17_record_kernel_modules.sh
index b00ef48..fe43549 100755
--- a/bin/hardening/8.1.17_record_kernel_modules.sh
+++ b/bin/hardening/8.1.17_record_kernel_modules.sh
@@ -14,13 +14,13 @@ set -u # One variable unset, it's over
 
 HARDENING_LEVEL=4
 
-ARCH64_AUDIT_PARAMS='-w /sbin/insmod -p x -k modules 
+ARCH64_AUDIT_PARAMS='-w /sbin/insmod -p x -k modules
 -w /sbin/rmmod -p x -k modules
 -w /sbin/modprobe -p x -k modules
 -w /bin/kmod -p x -k modules
 -a always,exit -F arch=b32 -S init_module -S delete_module -S create_module -S finit_module -k modules
 -a always,exit -F arch=b64 -S init_module -S delete_module -S create_module -S finit_module -k modules'
-ARCH32_AUDIT_PARAMS='-w /sbin/insmod -p x -k modules 
+ARCH32_AUDIT_PARAMS='-w /sbin/insmod -p x -k modules
 -w /sbin/rmmod -p x -k modules
 -w /sbin/modprobe -p x -k modules
 -w /bin/kmod -p x -k modules
@@ -34,8 +34,8 @@ audit () {
     d_IFS=$IFS
     IFS=$'\n'
 	is_64bit_arch
-	if [ $FNRET=0 ]; then 
-		AUDIT_PARAMS=$ARCH64_AUDIT_PARAMS			
+	if [ $FNRET=0 ]; then
+		AUDIT_PARAMS=$ARCH64_AUDIT_PARAMS
 	else
 		AUDIT_PARAMS=$ARCH32_AUDIT_PARAMS
 	fi