Use shared remediations for non-template applicable OS's

This commit will remove specific remediations for sle15 and sle12 to adopt shared remediations. This is necessary for the following OS's because the supplied template within rule.yml is not applicable.

linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/ansible/shared.yml

@@ -0,0 +1,8 @@
+# platform = multi_platform_sle,multi_platform_ubuntu
+# reboot = false
+# strategy = restrict
+# complexity = low
+# disruption = low
+
+{{{ ansible_audit_augenrules_add_watch_rule(path='/usr/bin/kmod', permissions='x', key='modules') }}}
+{{{ ansible_audit_auditctl_add_watch_rule(path='/usr/bin/kmod', permissions='x', key='modules') }}}

linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/bash/sle15.sh → linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/bash/shared.sh

@@ -1,4 +1,4 @@
-# platform = multi_platform_sle
+# platform = multi_platform_sle,multi_platform_ubuntu
 
 # Perform the remediation for both possible tools: 'auditctl' and 'augenrules'
 {{{ bash_fix_audit_watch_rule("auditctl", "/usr/bin/kmod", "x", "modules") }}}

linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/oval/ubuntu2004.xml → linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/oval/shared.xml

@@ -23,7 +23,7 @@
     </ind:textfilecontent54_test>
     <ind:textfilecontent54_object id="object_kmod_augenrules" version="1">
       <ind:filepath operation="pattern match">^/etc/audit/rules\.d/.*\.rules$</ind:filepath>
-      <ind:pattern operation="pattern match">^[\s]*-w[\s]+/bin/kmod[\s]+-p[\s]+x[\s]+-k[\s]+modules[\s]*$</ind:pattern>
+      <ind:pattern operation="pattern match">^[\s]*-w[\s]+/usr/bin/kmod[\s]+-p[\s]+x[\s]+-k[\s]+modules[\s]*$</ind:pattern>
       <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
     </ind:textfilecontent54_object>
 
@@ -32,8 +32,9 @@
     </ind:textfilecontent54_test>
     <ind:textfilecontent54_object id="object_kmod_auditctl" version="1">
       <ind:filepath>/etc/audit/audit.rules</ind:filepath>
-      <ind:pattern operation="pattern match">^[\s]*-w[\s]+/bin/kmod[\s]+-p[\s]+x[\s]+-k[\s]+modules[\s]*$</ind:pattern>
+      <ind:pattern operation="pattern match">^[\s]*-w[\s]+/usr/bin/kmod[\s]+-p[\s]+x[\s]+-k[\s]+modules[\s]*$</ind:pattern>
       <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
     </ind:textfilecontent54_object>
 
   </def-group>
+

linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml

@@ -1,7 +1,5 @@
 {{%- if product in ["ol7", "rhel7", "rhel8", "rhel9"] %}}
     {{%- set kmod_audit="-a always,exit -F path=/usr/bin/kmod -F perm=x -F auid>=" ~ uid_min ~ " -F auid!=unset -F key=privileged" %}}
-{{%- elif product in ["ubuntu2004", "ubuntu2204"] %}}
-    {{%- set kmod_audit="-w /bin/kmod -p x -k modules" %}}
 {{%- else %}}
     {{%- set kmod_audit="-w /usr/bin/kmod -p x -k modules" %}}
 {{%- endif %}}
@@ -66,4 +64,3 @@ template:
     name: audit_rules_privileged_commands
     vars:
         path: /usr/bin/kmod
-        path@ubuntu2004: /bin/kmod