Apply check_audit_is_immutable_mode method for auditd rules check item.

bin/hardening/8.1.10_record_dac_edit.sh

@@ -58,7 +58,7 @@ apply () {
         if [ $FNRET != 0 ]; then
             warn "$AUDIT_VALUE is not in file $FILE, adding it"
             add_end_of_file $FILE $AUDIT_VALUE
-            eval $(pkill -HUP -P 1 auditd)
+			check_auditd_is_immutable_mode
         else
             ok "$AUDIT_VALUE is present in $FILE"
         fi

bin/hardening/8.1.11_record_failed_access_file.sh

@@ -55,7 +55,7 @@ apply () {
         if [ $FNRET != 0 ]; then
             warn "$AUDIT_VALUE is not in file $FILE, adding it"
             add_end_of_file $FILE $AUDIT_VALUE
-            eval $(pkill -HUP -P 1 auditd)
+			check_auditd_is_immutable_mode
         else
             ok "$AUDIT_VALUE is present in $FILE"
         fi

bin/hardening/8.1.12_record_privileged_commands.sh

@@ -48,7 +48,7 @@ apply () {
         if [ $FNRET != 0 ]; then
             warn "$AUDIT_VALUE is not in file $FILE, adding it"
             add_end_of_file $FILE $AUDIT_VALUE
-            eval $(pkill -HUP -P 1 auditd)
+			check_auditd_is_immutable_mode
         else
             ok "$AUDIT_VALUE is present in $FILE"
         fi

bin/hardening/8.1.13_record_successful_mount.sh

@@ -53,7 +53,7 @@ apply () {
         if [ $FNRET != 0 ]; then
             warn "$AUDIT_VALUE is not in file $FILE, adding it"
             add_end_of_file $FILE $AUDIT_VALUE
-            eval $(pkill -HUP -P 1 auditd)
+			check_auditd_is_immutable_mode
         else
             ok "$AUDIT_VALUE is present in $FILE"
         fi

bin/hardening/8.1.14_record_file_deletions.sh

@@ -53,7 +53,7 @@ apply () {
         if [ $FNRET != 0 ]; then
             warn "$AUDIT_VALUE is not in file $FILE, adding it"
             add_end_of_file $FILE $AUDIT_VALUE
-            eval $(pkill -HUP -P 1 auditd)
+			check_auditd_is_immutable_mode
         else
             ok "$AUDIT_VALUE is present in $FILE"
         fi

bin/hardening/8.1.15_record_sudoers_edit.sh

@@ -44,7 +44,7 @@ apply () {
         if [ $FNRET != 0 ]; then
             warn "$AUDIT_VALUE is not in file $FILE, adding it"
             add_end_of_file $FILE $AUDIT_VALUE
-            eval $(pkill -HUP -P 1 auditd)
+			check_auditd_is_immutable_mode
         else
             ok "$AUDIT_VALUE is present in $FILE"
         fi

bin/hardening/8.1.16_record_sudo_usage.sh

@@ -51,12 +51,12 @@ apply () {
 		if [ $FNRET != 0 ]; then
 			warn "$AUDIT_VALUE is not in file $FILE, adding it"
             add_end_of_file $FILE $AUDIT_VALUE
-            eval $(pkill -HUP -P 1 auditd)
+			check_auditd_is_immutable_mode
 		fi
 	elif [ $FNRET = 2 ]; then
 		warn "$AUDIT_VALUE is not in file $FILE, adding it"
 		add_end_of_file $FILE $AUDIT_VALUE
-		eval $(pkill -HUP -P 1 auditd)
+		check_auditd_is_immutable_mode
 	else
 		ok "$AUDIT_VALUE is present in $FILE"
 	fi

bin/hardening/8.1.17_record_kernel_modules.sh

@@ -61,7 +61,7 @@ apply () {
         if [ $FNRET != 0 ]; then
             warn "$AUDIT_VALUE is not in file $FILE, adding it"
             add_end_of_file $FILE $AUDIT_VALUE
-            eval $(pkill -HUP -P 1 auditd)
+			check_auditd_is_immutable_mode
         else
             ok "$AUDIT_VALUE is present in $FILE"
         fi

bin/hardening/8.1.18_freeze_auditd_conf.sh

@@ -44,7 +44,7 @@ apply () {
         if [ $FNRET != 0 ]; then
             warn "$AUDIT_VALUE is not in file $FILE, adding it"
             add_end_of_file $FILE $AUDIT_VALUE
-            eval $(pkill -HUP -P 1 auditd)
+			check_auditd_is_immutable_mode
         else
             ok "$AUDIT_VALUE is present in $FILE"
         fi

bin/hardening/8.1.19_record_sshkeysign_usage.sh

@@ -48,7 +48,7 @@ apply () {
         if [ $FNRET != 0 ]; then
             warn "$AUDIT_VALUE is not in file $FILE, adding it"
             add_end_of_file $FILE $AUDIT_VALUE
-            eval $(pkill -HUP -P 1 auditd)
+            check_auditd_is_immutable_mode
         else
             ok "$AUDIT_VALUE is present in $FILE"
         fi

bin/hardening/8.1.20_record_open_by_handle_at_syscall.sh

@@ -47,7 +47,7 @@ apply () {
         if [ $FNRET != 0 ]; then
             warn "$AUDIT_VALUE is not in file $FILE, adding it"
             add_end_of_file $FILE $AUDIT_VALUE
-            eval $(pkill -HUP -P 1 auditd)
+			check_auditd_is_immutable_mode
         else
             ok "$AUDIT_VALUE is present in $FILE"
         fi

bin/hardening/8.1.21_record_Events_that_privileged_passwd_cmd_usage.sh

@@ -50,7 +50,7 @@ apply () {
         if [ $FNRET != 0 ]; then
             warn "$AUDIT_VALUE is not in file $FILE, adding it"
             add_end_of_file $FILE $AUDIT_VALUE
-            eval $(pkill -HUP -P 1 auditd)
+			check_auditd_is_immutable_mode
         else
             ok "$AUDIT_VALUE is present in $FILE"
         fi

bin/hardening/8.1.22_record_Events_that_privileged_priv_change_cmd_usage.sh

@@ -52,7 +52,7 @@ apply () {
         if [ $FNRET != 0 ]; then
             warn "$AUDIT_VALUE is not in file $FILE, adding it"
             add_end_of_file $FILE $AUDIT_VALUE
-            eval $(pkill -HUP -P 1 auditd)
+			check_auditd_is_immutable_mode
         else
             ok "$AUDIT_VALUE is present in $FILE"
         fi

bin/hardening/8.1.23_record_Events_that_privileged_postfix_cmd_usage.sh

@@ -48,7 +48,7 @@ apply () {
         if [ $FNRET != 0 ]; then
             warn "$AUDIT_VALUE is not in file $FILE, adding it"
             add_end_of_file $FILE $AUDIT_VALUE
-            eval $(pkill -HUP -P 1 auditd)
+			check_auditd_is_immutable_mode
         else
             ok "$AUDIT_VALUE is present in $FILE"
         fi

bin/hardening/8.1.24_record_crontab_cmd_usage.sh

@@ -46,7 +46,7 @@ apply () {
         if [ $FNRET != 0 ]; then
             warn "$AUDIT_VALUE is not in file $FILE, adding it"
             add_end_of_file $FILE $AUDIT_VALUE
-            eval $(pkill -HUP -P 1 auditd)
+			check_auditd_is_immutable_mode
         else
             ok "$AUDIT_VALUE is present in $FILE"
         fi

bin/hardening/8.1.25_record_pam_timestamp_check_cmd_usage.sh

@@ -46,7 +46,7 @@ apply () {
         if [ $FNRET != 0 ]; then
             warn "$AUDIT_VALUE is not in file $FILE, adding it"
             add_end_of_file $FILE $AUDIT_VALUE
-            eval $(pkill -HUP -P 1 auditd)
+			check_auditd_is_immutable_mode
         else
             ok "$AUDIT_VALUE is present in $FILE"
         fi

bin/hardening/8.1.26_record_pam_tally_cmd_usage.sh

@@ -47,7 +47,7 @@ apply () {
         if [ $FNRET != 0 ]; then
             warn "$AUDIT_VALUE is not in file $FILE, adding it"
             add_end_of_file $FILE $AUDIT_VALUE
-            eval $(pkill -HUP -P 1 auditd)
+			check_auditd_is_immutable_mode
         else
             ok "$AUDIT_VALUE is present in $FILE"
         fi

bin/hardening/8.1.27_record_Events_that_modify_conf_files.sh

@@ -59,7 +59,7 @@ apply () {
         if [ $FNRET != 0 ]; then
             warn "$AUDIT_VALUE is not in file $FILE, adding it"
             add_end_of_file $FILE $AUDIT_VALUE
-            #eval $(pkill -HUP -P 1 auditd)
+			check_auditd_is_immutable_mode
         else
             ok "$AUDIT_VALUE is present in $FILE"
         fi

bin/hardening/8.1.28_record_acl_cmd_usage.sh

@@ -48,7 +48,7 @@ apply () {
         if [ $FNRET != 0 ]; then
             warn "$AUDIT_VALUE is not in file $FILE, adding it"
             add_end_of_file $FILE $AUDIT_VALUE
-            eval $(pkill -HUP -P 1 auditd)
+			check_auditd_is_immutable_mode
         else
             ok "$AUDIT_VALUE is present in $FILE"
         fi

bin/hardening/8.1.29_record_usermod_cmd_usage.sh

@@ -47,7 +47,7 @@ apply () {
         if [ $FNRET != 0 ]; then
             warn "$AUDIT_VALUE is not in file $FILE, adding it"
             add_end_of_file $FILE $AUDIT_VALUE
-            eval $(pkill -HUP -P 1 auditd)
+			check_auditd_is_immutable_mode
         else
             ok "$AUDIT_VALUE is present in $FILE"
         fi

bin/hardening/8.1.30_record_unix_update_cmd_usage.sh

@@ -47,7 +47,7 @@ apply () {
         if [ $FNRET != 0 ]; then
             warn "$AUDIT_VALUE is not in file $FILE, adding it"
             add_end_of_file $FILE $AUDIT_VALUE
-            eval $(pkill -HUP -P 1 auditd)
+			check_auditd_is_immutable_mode
         else
             ok "$AUDIT_VALUE is present in $FILE"
         fi

bin/hardening/8.1.31_record_syscall_execve.sh

@@ -55,7 +55,7 @@ apply () {
         if [ $FNRET != 0 ]; then
             warn "$AUDIT_VALUE is not in file $FILE, adding it"
             add_end_of_file $FILE $AUDIT_VALUE
-            eval $(pkill -HUP -P 1 auditd)
+			check_auditd_is_immutable_mode
         else
             ok "$AUDIT_VALUE is present in $FILE"
         fi

bin/hardening/8.1.4_record_date_time_edit.sh

@@ -59,7 +59,7 @@ apply () {
         if [ $FNRET != 0 ]; then
             warn "$AUDIT_VALUE is not in file $FILE, adding it"
             add_end_of_file $FILE $AUDIT_VALUE
-			check_audit_is_immutable_mode
+			check_auditd_is_immutable_mode
         else
             ok "$AUDIT_VALUE is present in $FILE"
         fi

bin/hardening/8.1.5_record_user_group_edit.sh

@@ -47,7 +47,7 @@ apply () {
         if [ $FNRET != 0 ]; then
             warn "$AUDIT_VALUE is not in file $FILE, adding it"
             add_end_of_file $FILE $AUDIT_VALUE
-            eval $(pkill -HUP -P 1 auditd)
+			check_auditd_is_immutable_mode
         else
             ok "$AUDIT_VALUE is present in $FILE"
         fi

bin/hardening/8.1.6_record_network_edit.sh

@@ -60,7 +60,7 @@ apply () {
         if [ $FNRET != 0 ]; then
             warn "$AUDIT_VALUE is not in file $FILE, adding it"
             add_end_of_file $FILE $AUDIT_VALUE
-            eval $(pkill -HUP -P 1 auditd)
+			check_auditd_is_immutable_mode
         else
             ok "$AUDIT_VALUE is present in $FILE"
         fi

bin/hardening/8.1.7_record_mac_edit.sh

@@ -77,7 +77,7 @@ apply () {
         if [ $FNRET != 0 ]; then
             warn "$AUDIT_VALUE is not in file $FILE, adding it"
             add_end_of_file $FILE $AUDIT_VALUE
-            eval $(pkill -HUP -P 1 auditd)
+			check_auditd_is_immutable_mode
         else
             ok "$AUDIT_VALUE is present in $FILE"
         fi

bin/hardening/8.1.8_record_login_logout.sh

@@ -45,7 +45,7 @@ apply () {
         if [ $FNRET != 0 ]; then
             warn "$AUDIT_VALUE is not in file $FILE, adding it"
             add_end_of_file $FILE $AUDIT_VALUE
-            eval $(pkill -HUP -P 1 auditd)
+			check_auditd_is_immutable_mode
         else
             ok "$AUDIT_VALUE is present in $FILE"
         fi

bin/hardening/8.1.9_record_session_init.sh

@@ -45,7 +45,7 @@ apply () {
         if [ $FNRET != 0 ]; then
             warn "$AUDIT_VALUE is not in file $FILE, adding it"
             add_end_of_file $FILE $AUDIT_VALUE
-            eval $(pkill -HUP -P 1 auditd)
+			check_auditd_is_immutable_mode
         else
             ok "$AUDIT_VALUE is present in $FILE"
         fi

lib/utils.sh

@@ -872,10 +872,10 @@ check_ipv6_is_enable()
 	fi
 }
 
-check_audit_is_immutable_mode()
+check_auditd_is_immutable_mode()
 {
 	if [ $(auditctl -s | head -n 1 | awk '{print $2}') -eq 2 ]; then
-		warn "The audit system is in immutable mode, no rule changes allowed. So must need reboot after adding/modifying the auditd rule!"
+		warn "The auditd system is in immutable mode, no rule changes allowed. So must need reboot after adding/modifying the auditd rule!"
 	else
 		eval $(pkill -HUP -P 1 auditd)
 	fi