Configure auditd rules for security compliance

Currently no audit rules are set within the auditd system.

This results in events that modify the follow system attributes as not logged by auditd

* Events that Modify Date and Time Information
* Events that Modify the System's Discretionary Access Controls
* Record Events that Modify User/Group Information
* Record Events that Modify the System's Network Environment
* Record Events that Modify the System's Mandatory Access Controls (SELinux)
* Collection of Unauthorized Access Attempts to Files (unsuccessful)
* Collection of Information on the Use of Privileged Commands
* Collection of Information on Exporting to Media (successful)
* Collection of File Deletion Events by User
* Collection of System Administrator Actions
* Collection of Information on Kernel Module Loading and Unloading

A`/usr/share/doc/audit-2.4.1/stig.rules` file already exists which can be used to overwrite the file `/etc/audit/audit.rules`

For example:

~]# cp /etc/audit/audit.rules /etc/audit/audit.rules_backup
~]# cp /usr/share/doc/audit-version/stig.rules /etc/audit/audit.rules

This will then insure each of the above audit areas will be implemented and result in a system being DISA STIG compliant.

In the /usr/share/doc/audit-version/ directory, the audit package provides a further set of pre-configured rules files according to various certification security standards:

* nispom.rules — Audit rule configuration that meets the requirements specified in Chapter 8 of the National Industrial Security Program Operating Manual.

* capp.rules — Audit rule configuration that meets the requirements set by Controlled Access Protection Profile (CAPP), which is a part of the Common Criteria certification.

* lspp.rules — Audit rule configuration that meets the requirements set by Labeled Security Protection Profile (LSPP), which is a part of the Common Criteria certification.

* stig.rules — Audit rule configuration that meets the requirements set by Security Technical Implementation Guides (STIG).

If possible, name could be sourced / passed with a flag or key / value such as `stig` which will copy and overwrite the relevant rules file to /etc/audit/audit.rules.

Further details: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/sec-Defining_Audit_Rules_and_Controls_in_the_audit.rules_file.html