From 7fe27dcea496c68c6662e3c90688e5bb51bc6f66 Mon Sep 17 00:00:00 2001
From: Jonathan Metzger <9845417+jrmetzger@users.noreply.github.com>
Date: Sun, 30 Mar 2025 13:20:24 -0400
Subject: [PATCH 1/2] audit_conf_mode outside of resource

---
 controls/SV-258171.rb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/controls/SV-258171.rb b/controls/SV-258171.rb
index 6fb0109..f00db86 100644
--- a/controls/SV-258171.rb
+++ b/controls/SV-258171.rb
@@ -38,7 +38,8 @@
 
   rules_files = bash('ls -d /etc/audit/rules.d/*.rules').stdout.strip.split.append('/etc/audit/auditd.conf')
 
-  failing_files = rules_files.select { |rf| file(rf).more_permissive_than?(input('audit_conf_mode')) }
+  audit_conf_mode = input('audit_conf_mode')
+  failing_files = rules_files.select { |rf| file(rf).more_permissive_than?(audit_conf_mode) }
 
   describe 'Audit configuration files' do
     it "should be no more permissive than '#{input('audit_conf_mode')}'" do

From 93c74dc4c3bd6a3b6ffabfa10106ebb6d20b9b2f Mon Sep 17 00:00:00 2001
From: Jonathan Metzger <9845417+jrmetzger@users.noreply.github.com>
Date: Sun, 30 Mar 2025 13:20:59 -0400
Subject: [PATCH 2/2] Update controls/SV-258171.rb

---
 controls/SV-258171.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/controls/SV-258171.rb b/controls/SV-258171.rb
index f00db86..71aba4c 100644
--- a/controls/SV-258171.rb
+++ b/controls/SV-258171.rb
@@ -42,7 +42,7 @@
   failing_files = rules_files.select { |rf| file(rf).more_permissive_than?(audit_conf_mode) }
 
   describe 'Audit configuration files' do
-    it "should be no more permissive than '#{input('audit_conf_mode')}'" do
+    it "should be no more permissive than '#{audit_conf_mode}'" do
       expect(failing_files).to be_empty, "Failing files:\n\t- #{failing_files.join("\n\t- ")}"
     end
   end