Audit Daemon Fails on Amazon Linux 2

[JamesFrost]

Describe the bug
Tested against chef-os-hardening.

Expected behavior
Tests should pass.

Actual behavior
Tests fail.

$ kitchen verify
-----> Starting Kitchen (v1.24.0)
-----> Verifying <default-amazon2-2018>...
[2019-01-28T16:29:48+00:00] WARN: URL target https://github.com/dev-sec/linux-baseline transformed to https://github.com/dev-sec/linux-baseline/archive/master.tar.gz. Consider using the git fetcher
       Loaded linux-baseline 

Profile: DevSec Linux Security Baseline (linux-baseline)
Version: 2.2.2
Target:  ssh://ec2-user@ec2-52-210-177-37.eu-west-1.compute.amazonaws.com:22

<tests passing...>

  ✔  package-07: Install syslog server package
     ✔  System Package rsyslog should be installed
  ×  package-08: Install auditd (1 failed)
     ✔  System Package audit should be installed
     ✔  Audit Daemon Config log_file should cmp == "/var/log/audit/audit.log"
     ✔  Audit Daemon Config log_format should cmp == "raw"
     ✔  Audit Daemon Config flush should match /^INCREMENTAL|INCREMENTAL_ASYNC$/
     ×  Audit Daemon Config max_log_file_action should cmp == "keep_logs"
     
     expected: "keep_logs"
          got: "ROTATE"
     
     (compared using `cmp` matcher)

     ✔  Audit Daemon Config space_left should cmp == 75
     ✔  Audit Daemon Config action_mail_acct should cmp == "root"
     ✔  Audit Daemon Config space_left_action should cmp == "SYSLOG"
     ✔  Audit Daemon Config admin_space_left should cmp == 50
     ✔  Audit Daemon Config admin_space_left_action should cmp == "SUSPEND"
     ✔  Audit Daemon Config disk_full_action should cmp == "SUSPEND"
     ✔  Audit Daemon Config disk_error_action should cmp == "SUSPEND"
  ✔  package-09: CIS: Additional process hardening

<tests passing...>

Profile Summary: 52 successful controls, 1 control failure, 1 control skipped
Test Summary: 124 successful, 1 failure, 1 skipped
>>>>>> ------Exception-------
>>>>>> Class: Kitchen::ActionFailed
>>>>>> Message: 1 actions failed.
>>>>>>     Verify failed on instance <default-amazon2-2018>.  Please see .kitchen/logs/default-amazon2-2018.log for more details
>>>>>> ----------------------
>>>>>> Please see .kitchen/logs/kitchen.log for more details
>>>>>> Also try running `kitchen diagnose --all` for configuration

aws-runas.main 2019/01/28 16:30:07 [CRIT] ▶ exit status 20

Example code

Policy File

# Policyfile.rb - Describe how you want Chef to build your system.
#
# For more information on the Policyfile feature, visit
# https://docs.chef.io/policyfile.html

# A name that describes what the system you're building with Chef does.
name "base-ami"

# This lets you source cookbooks from your chef-repo.
default_source :chef_repo, "cookbooks"

# Where to find external cookbooks:
default_source :supermarket

# run_list: chef-client will run these recipes in the order specified.
run_list "os-hardening"


cookbook "os-hardening"
# Specify a custom source for a single cookbook:
# cookbook 'example_cookbook', path: '../cookbooks/example_cookbook'

.kitchen.yml

---
driver:
  name: ec2
  region: eu-west-1
  instance_type: t2.micro
  shared_credentials_profile: <profile>
  iam_profile_name: <iam_profile_name>
  tags:
    Name: KitchenEC2-Base-AMI
    created-by: kitchen-ec2

provisioner:
  name: chef_zero
  always_update_cookbooks: true

verifier:
  name: inspec

platforms:
  - name: amazon2-2018

suites:
  - name: default
    verifier:
      inspec_tests:
        - supermarket://dev-sec/linux-baseline

OS / Environment

Inspec Version

$ inspec --version
3.2.6

Your version of InSpec is out of date! The latest version is 3.3.14.

Baseline Version

2.2.2

Additional context
Using the kitchen-ec2 test driver.

[artem-sidorenko]

@JamesFrost thanks for raising this issue! I'm closing it in favour of #182 , any help&support appreciated