From e4743a7588bf030a4bfef042a27dd90d2788d679 Mon Sep 17 00:00:00 2001
From: Samson-W <sccxboy@gmail.com>
Date: Sat, 17 Jul 2021 22:46:18 +0800
Subject: [PATCH] Fix a bug space_left of auditd.conf

---
 bin/hardening/8.1.1.9_set_space_left_audit.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/bin/hardening/8.1.1.9_set_space_left_audit.sh b/bin/hardening/8.1.1.9_set_space_left_audit.sh
index 78bd3e5..c87757e 100755
--- a/bin/hardening/8.1.1.9_set_space_left_audit.sh
+++ b/bin/hardening/8.1.1.9_set_space_left_audit.sh
@@ -6,6 +6,7 @@
 
 #
 # 8.1.1.9 Set space left for auditd service (Scored)
+# If the value of the "space_left" keyword is set to more than 25 percent of the total partition size, this is a finding.
 # Author : Samson wen, Samson <sccxboy@gmail.com>
 #
 
@@ -34,7 +35,7 @@ audit () {
                     FNRET=3
                 else                
                     SETSIZE=$(grep "^space_left.=.*"  $FILE | awk '{printf $3}')
-                    if [ "${SETSIZE}" -lt "${LEFTSIZE}" ]; then
+                    if [ "${SETSIZE}" -gt "${LEFTSIZE}" ]; then
                         crit "Space left value: ${SETSIZE} is more than audit log filesystem 25%"
                         FNRET=4
                     else