From d13c361de22f3f45cddb95fe949a7126154553fd Mon Sep 17 00:00:00 2001
From: Gabriel Becker <ggasparb@redhat.com>
Date: Mon, 28 Oct 2024 14:51:23 +0100
Subject: [PATCH] Update audit_rules_suid_privilege_function to use ExecStart
 instead of ExecStartPost.

RHEL10 does not use the old ExecStartPost directive anymore.
---
 .../ansible/shared.yml                                 | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/ansible/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/ansible/shared.yml
index 64e8dde853e..0e882f8c99a 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/ansible/shared.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/ansible/shared.yml
@@ -12,12 +12,20 @@
 
 {{% set rx_end = "(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$" %}}
 
+{{% if product == 'rhel10' %}}
+{{% set audit_loading_systemd_directive="ExecStart" %}}
+{{% set audit_loading_service_file="audit-rules.service" %}}
+{{% else %}}
+{{% set audit_loading_systemd_directive="ExecStartPost" %}}
+{{% set audit_loading_service_file="auditd.service" %}}
+{{% endif %}}
+
 - name: Service facts
   ansible.builtin.service_facts:
 
 - name: Check the rules script being used
   ansible.builtin.command:
-    grep '^ExecStartPost' /usr/lib/systemd/system/auditd.service
+    grep '^{{{ audit_loading_systemd_directive }}}' /usr/lib/systemd/system/{{{ audit_loading_service_file }}}
   register: check_rules_scripts_result
   changed_when: false
   failed_when: false