Escape < and > in product specific content

Causes some rendering issues if this is not done

linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/policy/stig/shared.yml

@@ -12,7 +12,7 @@ checktext: |-
 
     Verify that {{{ full_name }}} has configured the minimum time period between password changes for each user account is one day or greater with the following command:
 
-    $ sudo awk -F: '$4 < 1 {print $1 " " $4}' /etc/shadow
+    $ sudo awk -F: '$4 &lt 1 {print $1 " " $4}' /etc/shadow
 
     If any results are returned that are not associated with a system account, this is a finding.
 

linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/policy/stig/shared.yml

@@ -15,8 +15,8 @@ checktext: |-
 
     $ sudo auditctl -l | grep chmod
 
-    -a always,exit -F arch=b32 -S chmod,fchmod,fchmodat -F auid>=1000 -F auid!=unset -k perm_mod
-    -a always,exit -F arch=b64 -S chmod,fchmod,fchmodat -F auid>=1000 -F auid!=unset -k perm_mod
+    -a always,exit -F arch=b32 -S chmod,fchmod,fchmodat -F auid&gt=1000 -F auid!=unset -k perm_mod
+    -a always,exit -F arch=b64 -S chmod,fchmod,fchmodat -F auid&gt=1000 -F auid!=unset -k perm_mod
 
     If both the "b32" and "b64" audit rules are not defined for the "chmod", "fchmod", and "fchmodat" syscalls, this is a finding.
 
@@ -25,8 +25,8 @@ fixtext: |-
 
     Add or update the following rules in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F arch=b32 -S chmod,fchmod,fchmodat -F auid>=1000 -F auid!=unset -k perm_mod
+    -a always,exit -F arch=b32 -S chmod,fchmod,fchmodat -F auid&gt=1000 -F auid!=unset -k perm_mod
 
-    -a always,exit -F arch=b64 -S chmod,fchmod,fchmodat -F auid>=1000 -F auid!=unset -k perm_mod
+    -a always,exit -F arch=b64 -S chmod,fchmod,fchmodat -F auid&gt=1000 -F auid!=unset -k perm_mod
 
     The audit daemon must be restarted for the changes to take effect.

linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/policy/stig/shared.yml

@@ -15,8 +15,8 @@ checktext: |-
 
     $ sudo auditctl -l | grep chown
 
-    -a always,exit -F arch=b32 -S chown,fchown,fchownat,lchown -F auid>=1000 -F auid!=unset -k perm_mod
-    -a always,exit -F arch=b64 -S chown,fchown,fchownat,lchown -F auid>=1000 -F auid!=unset -k perm_mod
+    -a always,exit -F arch=b32 -S chown,fchown,fchownat,lchown -F auid&gt=1000 -F auid!=unset -k perm_mod
+    -a always,exit -F arch=b64 -S chown,fchown,fchownat,lchown -F auid&gt=1000 -F auid!=unset -k perm_mod
 
     If both the "b32" and "b64" audit rules are not defined for the "chown", "fchown", "fchownat", and "lchown" syscalls, this is a finding.
 
@@ -25,7 +25,7 @@ fixtext: |-
 
     Add or update the following rules in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F arch=b32 -S chown,fchown,fchownat,lchown -F auid>=1000 -F auid!=unset -k perm_mod
-    -a always,exit -F arch=b64 -S chown,fchown,fchownat,lchown -F auid>=1000 -F auid!=unset -k perm_mod
+    -a always,exit -F arch=b32 -S chown,fchown,fchownat,lchown -F auid&gt=1000 -F auid!=unset -k perm_mod
+    -a always,exit -F arch=b64 -S chown,fchown,fchownat,lchown -F auid&gt=1000 -F auid!=unset -k perm_mod
 
     The audit daemon must be restarted for the changes to take effect.

linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/policy/stig/shared.yml

@@ -15,8 +15,8 @@ checktext: |-
 
     $ sudo auditctl -l | grep xattr
 
-    -a always,exit -F arch=b32 -S setxattr,fsetxattr,lsetxattr,removexattr,fremovexattr,lremovexattr -F auid>=1000 -F auid!=unset -k perm_mod
-    -a always,exit -F arch=b64 -S setxattr,fsetxattr,lsetxattr,removexattr,fremovexattr,lremovexattr -F auid>=1000 -F auid!=unset -k perm_mod
+    -a always,exit -F arch=b32 -S setxattr,fsetxattr,lsetxattr,removexattr,fremovexattr,lremovexattr -F auid&gt=1000 -F auid!=unset -k perm_mod
+    -a always,exit -F arch=b64 -S setxattr,fsetxattr,lsetxattr,removexattr,fremovexattr,lremovexattr -F auid&gt=1000 -F auid!=unset -k perm_mod
 
     -a always,exit -F arch=b32 -S setxattr,fsetxattr,lsetxattr,removexattr,fremovexattr,lremovexattr -F auid=0 -k perm_mod
     -a always,exit -F arch=b64 -S setxattr,fsetxattr,lsetxattr,removexattr,fremovexattr,lremovexattr -F auid=0 -k perm_mod
@@ -26,8 +26,8 @@ checktext: |-
 fixtext: |-
     Configure {{{ full_name }}} to audit the execution of the "setxattr", "fsetxattr", "lsetxattr", "removexattr", "fremovexattr", and "lremovexattr" system calls by adding or updating the following lines to "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F arch=b32 -S setxattr,fsetxattr,lsetxattr,removexattr,fremovexattr,lremovexattr -F auid>=1000 -F auid!=unset -k perm_mod
-    -a always,exit -F arch=b64 -S setxattr,fsetxattr,lsetxattr,removexattr,fremovexattr,lremovexattr -F auid>=1000 -F auid!=unset -k perm_mod
+    -a always,exit -F arch=b32 -S setxattr,fsetxattr,lsetxattr,removexattr,fremovexattr,lremovexattr -F auid&gt=1000 -F auid!=unset -k perm_mod
+    -a always,exit -F arch=b64 -S setxattr,fsetxattr,lsetxattr,removexattr,fremovexattr,lremovexattr -F auid&gt=1000 -F auid!=unset -k perm_mod
 
     -a always,exit -F arch=b32 -S setxattr,fsetxattr,lsetxattr,removexattr,fremovexattr,lremovexattr -F auid=0 -k perm_mod
     -a always,exit -F arch=b64 -S setxattr,fsetxattr,lsetxattr,removexattr,fremovexattr,lremovexattr -F auid=0 -k perm_mod

linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chacl/policy/stig/shared.yml

@@ -15,14 +15,14 @@ checktext: |-
 
     $ sudo auditctl -l | grep chacl
 
-    -a always,exit -F path=/usr/bin/chacl -F perm=x -F auid>=1000 -F auid!=unset -k perm_mod
+    -a always,exit -F path=/usr/bin/chacl -F perm=x -F auid&gt=1000 -F auid!=unset -k perm_mod
 
     If the command does not return a line, or the line is commented out, this is a finding.
     If , this is a finding.
 
 fixtext: |-
     Configure {{{ full_name }}} to generate audit records upon successful/unsuccessful attempts to use the "chacl" command by adding or updating the following rule in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F path=/usr/bin/chacl -F perm=x -F auid>=1000 -F auid!=unset -k perm_mod
+    -a always,exit -F path=/usr/bin/chacl -F perm=x -F auid&gt=1000 -F auid!=unset -k perm_mod
 
     The audit daemon must be restarted for the changes to take effect.

linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_setfacl/policy/stig/shared.yml

@@ -15,13 +15,13 @@ checktext: |-
 
     $ sudo auditctl -l | grep setfacl
 
-    -a always,exit -F path=/usr/bin/setfacl -F perm=x -F auid>=1000 -F auid!=unset -k perm_mod
+    -a always,exit -F path=/usr/bin/setfacl -F perm=x -F auid&gt=1000 -F auid!=unset -k perm_mod
 
     If the command does not return a line, or the line is commented out, this is a finding.
 
 fixtext: |-
     Configure {{{ full_name }}} to generate audit records upon successful/unsuccessful attempts to use the "setfacl" command by adding or updating the following rule in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F path=/usr/bin/setfacl -F perm=x -F auid>=1000 -F auid!=unset -k perm_mod
+    -a always,exit -F path=/usr/bin/setfacl -F perm=x -F auid&gt=1000 -F auid!=unset -k perm_mod
 
     The audit daemon must be restarted for the changes to take effect.

linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/policy/stig/shared.yml

@@ -15,13 +15,13 @@ checktext: |-
 
     $ sudo auditctl -l | grep chcon
 
-    -a always,exit -F path=/usr/bin/chcon -F perm=x -F auid>=1000 -F auid!=unset -k perm_mod
+    -a always,exit -F path=/usr/bin/chcon -F perm=x -F auid&gt=1000 -F auid!=unset -k perm_mod
 
     If the command does not return a line, or the line is commented out, this is a finding.
 
 fixtext: |-
     Configure {{{ full_name }}} to generate audit records upon successful/unsuccessful attempts to use the "chcon" command by adding or updating the following rule in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F path=/usr/bin/chcon -F perm=x -F auid>=1000 -F auid!=unset -k perm_mod
+    -a always,exit -F path=/usr/bin/chcon -F perm=x -F auid&gt=1000 -F auid!=unset -k perm_mod
 
     The audit daemon must be restarted for the changes to take effect.

linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/policy/stig/shared.yml

@@ -15,13 +15,13 @@ checktext: |-
 
     $ sudo auditctl -l | grep semanage
 
-    -a always,exit -F path=/usr/sbin/semanage -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update
+    -a always,exit -F path=/usr/sbin/semanage -F perm=x -F auid&gt=1000 -F auid!=unset -k privileged-unix-update
 
     If the command does not return a line, or the line is commented out, this is a finding.
 
 fixtext: |-
     Configure {{{ full_name }}} to generate audit records upon successful/unsuccessful attempts to use the "semanage" command by adding or updating the following rule in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F path=/usr/sbin/semanage -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update
+    -a always,exit -F path=/usr/sbin/semanage -F perm=x -F auid&gt=1000 -F auid!=unset -k privileged-unix-update
 
     The audit daemon must be restarted for the changes to take effect.

linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/policy/stig/shared.yml

@@ -15,13 +15,13 @@ checktext: |-
 
     $ sudo auditctl -l | grep setfiles
 
-    -a always,exit -F path=/usr/sbin/setfiles -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update
+    -a always,exit -F path=/usr/sbin/setfiles -F perm=x -F auid&gt=1000 -F auid!=unset -k privileged-unix-update
 
     If the command does not return a line, or the line is commented out, this is a finding.
 
 fixtext: |-
     Configure {{{ full_name }}} to generate audit records upon successful/unsuccessful attempts to use the "setfiles" command by adding or updating the following rule in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F path=/usr/sbin/setfiles -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update
+    -a always,exit -F path=/usr/sbin/setfiles -F perm=x -F auid&gt=1000 -F auid!=unset -k privileged-unix-update
 
     The audit daemon must be restarted for the changes to take effect.

linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename/policy/stig/shared.yml

@@ -15,15 +15,15 @@ checktext: |-
 
     $ sudo auditctl -l | grep 'rename\|unlink\|rmdir'
 
-    -a always,exit -F arch=b32 -S rename,unlink,rmdir,renameat,unlinkat -F auid>=1000 -F auid!=unset -k delete
-    -a always,exit -F arch=b64 -S rename,unlink,rmdir,renameat,unlinkat -F auid>=1000 -F auid!=unset -k delete
+    -a always,exit -F arch=b32 -S rename,unlink,rmdir,renameat,unlinkat -F auid&gt=1000 -F auid!=unset -k delete
+    -a always,exit -F arch=b64 -S rename,unlink,rmdir,renameat,unlinkat -F auid&gt=1000 -F auid!=unset -k delete
 
     If the command does not return an audit rule for "rename", "unlink", "rmdir", "renameat", and "unlinkat" or any of the lines returned are commented out, this is a finding.
 
 fixtext: |-
     Configure {{{ full_name }}} to generate an audit event for any successful/unsuccessful use of the "rename", "unlink", "rmdir", "renameat", and "unlinkat" system calls by adding or updating the following rules in the "/etc/audit/rules.d/audit.rules" file:
 
-    -a always,exit -F arch=b32 -S rename,unlink,rmdir,renameat,unlinkat -F auid>=1000 -F auid!=unset -k delete
-    -a always,exit -F arch=b64 -S rename,unlink,rmdir,renameat,unlinkat -F auid>=1000 -F auid!=unset -k delete
+    -a always,exit -F arch=b32 -S rename,unlink,rmdir,renameat,unlinkat -F auid&gt=1000 -F auid!=unset -k delete
+    -a always,exit -F arch=b64 -S rename,unlink,rmdir,renameat,unlinkat -F auid&gt=1000 -F auid!=unset -k delete
 
     The audit daemon must be restarted for the changes to take effect.

linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/policy/stig/shared.yml

@@ -28,10 +28,10 @@ checktext: |-
 fixtext: |-
     Configure {{{ full_name }}} to generate an audit event for any successful/unsuccessful use of the "truncate", "ftruncate", "creat", "open", "openat", and "open_by_handle_at" system calls by adding or updating the following rules in the "/etc/audit/rules.d/audit.rules" file:
 
-    -a always,exit -F arch=b32 -S truncate,ftruncate,creat,open,openat,open_by_handle_at -F exit=-EPERM -F auid>=1000 -F auid!=unset -k perm_access
-    -a always,exit -F arch=b64 -S truncate,ftruncate,creat,open,openat,open_by_handle_at -F exit=-EPERM -F auid>=1000 -F auid!=unset -k perm_access
+    -a always,exit -F arch=b32 -S truncate,ftruncate,creat,open,openat,open_by_handle_at -F exit=-EPERM -F auid&gt=1000 -F auid!=unset -k perm_access
+    -a always,exit -F arch=b64 -S truncate,ftruncate,creat,open,openat,open_by_handle_at -F exit=-EPERM -F auid&gt=1000 -F auid!=unset -k perm_access
 
-    -a always,exit -F arch=b32 -S truncate,ftruncate,creat,open,openat,open_by_handle_at -F exit=-EACCES -F auid>=1000 -F auid!=unset -k perm_access
-    -a always,exit -F arch=b64 -S truncate,ftruncate,creat,open,openat,open_by_handle_at -F exit=-EACCES -F auid>=1000 -F auid!=unset -k perm_access
+    -a always,exit -F arch=b32 -S truncate,ftruncate,creat,open,openat,open_by_handle_at -F exit=-EACCES -F auid&gt=1000 -F auid!=unset -k perm_access
+    -a always,exit -F arch=b64 -S truncate,ftruncate,creat,open,openat,open_by_handle_at -F exit=-EACCES -F auid&gt=1000 -F auid!=unset -k perm_access
 
     The audit daemon must be restarted for the changes to take effect.

linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/policy/stig/shared.yml

@@ -15,15 +15,15 @@ checktext: |-
 
     $ sudo auditctl -l | grep delete_module
 
-    -a always,exit -F arch=b32 -S delete_module -F auid>=1000 -F auid!=unset -k module_chng
-    -a always,exit -F arch=b64 -S delete_module -F auid>=1000 -F auid!=unset -k module_chng
+    -a always,exit -F arch=b32 -S delete_module -F auid&gt=1000 -F auid!=unset -k module_chng
+    -a always,exit -F arch=b64 -S delete_module -F auid&gt=1000 -F auid!=unset -k module_chng
 
     If both the "b32" and "b64" audit rules are not defined for the "delete_module" syscall, or any of the lines returned are commented out, this is a finding.
 
 fixtext: |-
     Configure {{{ full_name }}} to generate an audit event for any successful/unsuccessful use of the "delete_module" system call by adding or updating the following rules in the "/etc/audit/rules.d/audit.rules" file:
 
-    -a always,exit -F arch=b32 -S delete_module -F auid>=1000 -F auid!=unset -k module_chng
-    -a always,exit -F arch=b64 -S delete_module -F auid>=1000 -F auid!=unset -k module_chng
+    -a always,exit -F arch=b32 -S delete_module -F auid&gt=1000 -F auid!=unset -k module_chng
+    -a always,exit -F arch=b64 -S delete_module -F auid&gt=1000 -F auid!=unset -k module_chng
 
     The audit daemon must be restarted for the changes to take effect.

linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/policy/stig/shared.yml

@@ -15,15 +15,15 @@ checktext: |-
 
     $ sudo auditctl -l | grep init_module
 
-    -a always,exit -F arch=b32 -S init_module,finit_module -F auid>=1000 -F auid!=unset -k module_chng
-    -a always,exit -F arch=b64 -S init_module,finit_module -F auid>=1000 -F auid!=unset -k module_chng
+    -a always,exit -F arch=b32 -S init_module,finit_module -F auid&gt=1000 -F auid!=unset -k module_chng
+    -a always,exit -F arch=b64 -S init_module,finit_module -F auid&gt=1000 -F auid!=unset -k module_chng
 
     If both the "b32" and "b64" audit rules are not defined for the "delete_module" syscall, or any of the lines returned are commented out, this is a finding.
 
 fixtext: |-
     Configure {{{ full_name }}} to generate an audit event for any successful/unsuccessful use of the "init_module" and "finit_module" system calls by adding or updating the following rules in the "/etc/audit/rules.d/audit.rules" file:
 
-    -a always,exit -F arch=b32 -S init_module,finit_module -F auid>=1000 -F auid!=unset -k module_chng
-    -a always,exit -F arch=b64 -S init_module,finit_module -F auid>=1000 -F auid!=unset -k module_chng
+    -a always,exit -F arch=b32 -S init_module,finit_module -F auid&gt=1000 -F auid!=unset -k module_chng
+    -a always,exit -F arch=b64 -S init_module,finit_module -F auid&gt=1000 -F auid!=unset -k module_chng
 
     The audit daemon must be restarted for the changes to take effect.

linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/policy/stig/shared.yml

@@ -15,13 +15,13 @@ checktext: |-
 
     $ sudo auditctl -l | grep chage
 
-    -a always,exit -F path=/usr/bin/chage -F perm=x -F auid>=1000 -F auid!=unset -k privileged-chage
+    -a always,exit -F path=/usr/bin/chage -F perm=x -F auid&gt=1000 -F auid!=unset -k privileged-chage
 
     If the command does not return a line, or the line is commented out, this is a finding.
 
 fixtext: |-
     Configure {{{ full_name }}} to generate audit records upon successful/unsuccessful attempts to use the "chage" command by adding or updating the following rule in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F path=/usr/bin/chage -F perm=x -F auid>=1000 -F auid!=unset -k privileged-chage
+    -a always,exit -F path=/usr/bin/chage -F perm=x -F auid&gt=1000 -F auid!=unset -k privileged-chage
 
     The audit daemon must be restarted for the changes to take effect.

linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/policy/stig/shared.yml

@@ -15,13 +15,13 @@ checktext: |-
 
     $ sudo auditctl -l | grep chsh
 
-    -a always,exit -F path=/usr/bin/chsh -F perm=x -F auid>=1000 -F auid!=unset -k priv_cmd
+    -a always,exit -F path=/usr/bin/chsh -F perm=x -F auid&gt=1000 -F auid!=unset -k priv_cmd
 
     If the command does not return a line, or the line is commented out, this is a finding.
 
 fixtext: |-
     Configure {{{ full_name }}} to generate audit records upon successful/unsuccessful attempts to use the "chsh" command by adding or updating the following rule in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F path=/usr/bin/chsh -F perm=x -F auid>=1000 -F auid!=unset -k priv_cmd
+    -a always,exit -F path=/usr/bin/chsh -F perm=x -F auid&gt=1000 -F auid!=unset -k priv_cmd
 
     The audit daemon must be restarted for the changes to take effect.

linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/policy/stig/shared.yml

@@ -15,13 +15,13 @@ checktext: |-
 
     $ sudo auditctl -l | grep crontab
 
-    -a always,exit -F path=/usr/bin/crontab -F perm=x -F auid>=1000 -F auid!=unset -k privileged-crontab
+    -a always,exit -F path=/usr/bin/crontab -F perm=x -F auid&gt=1000 -F auid!=unset -k privileged-crontab
 
     If the command does not return a line, or the line is commented out, this is a finding.
 
 fixtext: |-
     Configure {{{ full_name }}} to generate audit records upon successful/unsuccessful attempts to use the "crontab" command by adding or updating the following rule in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F path=/usr/bin/crontab -F perm=x -F auid>=1000 -F auid!=unset -k privileged-crontab
+    -a always,exit -F path=/usr/bin/crontab -F perm=x -F auid&gt=1000 -F auid!=unset -k privileged-crontab
 
     The audit daemon must be restarted for the changes to take effect.

linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/policy/stig/shared.yml

@@ -15,13 +15,13 @@ checktext: |-
 
     $ sudo auditctl -l | grep gpasswd
 
-    -a always,exit -F path=/usr/bin/gpasswd -F perm=x -F auid>=1000 -F auid!=unset -k privileged-gpasswd
+    -a always,exit -F path=/usr/bin/gpasswd -F perm=x -F auid&gt=1000 -F auid!=unset -k privileged-gpasswd
 
     If the command does not return a line, or the line is commented out, this is a finding.
 
 fixtext: |-
     Configure {{{ full_name }}} to generate audit records upon successful/unsuccessful attempts to use the "gpasswd" command by adding or updating the following rule in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F path=/usr/bin/gpasswd -F perm=x -F auid>=1000 -F auid!=unset -k privileged-gpasswd
+    -a always,exit -F path=/usr/bin/gpasswd -F perm=x -F auid&gt=1000 -F auid!=unset -k privileged-gpasswd
 
     The audit daemon must be restarted for the changes to take effect.

linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/policy/stig/shared.yml

@@ -15,13 +15,13 @@ checktext: |-
 
     $ sudo auditctl -l | grep kmod
 
-    -a always,exit -F path=/usr/bin/kmod -F perm=x -F auid>=1000 -F auid!=unset -k modules
+    -a always,exit -F path=/usr/bin/kmod -F perm=x -F auid&gt=1000 -F auid!=unset -k modules
 
     If the command does not return a line, or the line is commented out, this is a finding.
 
 fixtext: |-
     Configure {{{ full_name }}} to generate audit records upon successful/unsuccessful attempts to use the "kmod" command by adding or updating the following rule in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F path=/usr/bin/kmod -F perm=x -F auid>=1000 -F auid!=unset -k modules
+    -a always,exit -F path=/usr/bin/kmod -F perm=x -F auid&gt=1000 -F auid!=unset -k modules
 
     The audit daemon must be restarted for the changes to take effect.

linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/policy/stig/shared.yml

@@ -20,6 +20,6 @@ checktext: |-
 fixtext: |-
     Configure {{{ full_name }}} to generate audit records upon successful/unsuccessful attempts to use the "mount" command by adding or updating the following rule in "/etc/audit/rules.d/audit.rules":
 
-    -a always,exit -F path=/usr/bin/mount -F perm=x -F auid>=1000 -F auid!=unset -k privileged-mount
+    -a always,exit -F path=/usr/bin/mount -F perm=x -F auid&gt=1000 -F auid!=unset -k privileged-mount
 
     The audit daemon must be restarted for the changes to take effect.