From c6c48f0b74cfe99f726863e50c9a216a0d6fedc3 Mon Sep 17 00:00:00 2001
From: Matthew Burket <mburket@redhat.com>
Date: Fri, 3 Apr 2026 13:10:19 -0500
Subject: [PATCH] Fix augenrules OVAL check for Fedora and flatten conditionals

Separate Fedora from rhel10/ol10 to match the correct augenrules
binary path at /usr/bin/augenrules. Refactor nested Jinja2 conditionals
into a flat if/elif/else chain for readability.

Created in by part by Claude code.

Fixes #14584
---
 shared/checks/oval/audit_rules_augenrules.xml | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/shared/checks/oval/audit_rules_augenrules.xml b/shared/checks/oval/audit_rules_augenrules.xml
index 7533f88e2866..7b46a1c9f136 100644
--- a/shared/checks/oval/audit_rules_augenrules.xml
+++ b/shared/checks/oval/audit_rules_augenrules.xml
@@ -18,18 +18,19 @@
     <ind:object object_ref="object_audit_rules_augenrules" />
   </ind:textfilecontent54_test>
   <ind:textfilecontent54_object id="object_audit_rules_augenrules" version="1">
-  {{% if product in ['fedora', 'rhel10', 'ol10']  %}}
+  {{% if product in ['rhel10', 'ol10']  %}}
     <ind:filepath>/usr/lib/systemd/system/audit-rules.service</ind:filepath>
     <ind:pattern operation="pattern match">^ExecStart=(\/usr|)?\/sbin\/augenrules.*$</ind:pattern>
+  {{% elif product in ['fedora'] %}}
+    <ind:filepath>/usr/lib/systemd/system/audit-rules.service</ind:filepath>
+    <ind:pattern operation="pattern match">^ExecStart=\/usr\/bin\/augenrules.*$</ind:pattern>
+  {{% elif product in ['debian13'] %}}
+    <ind:filepath>/usr/lib/systemd/system/audit-rules.service</ind:filepath>
+    <ind:pattern operation="pattern match">^ExecStart=\/usr\/sbin\/augenrules.*$</ind:pattern>
   {{% else %}}
-    {{% if product in ['debian13'] %}}
-      <ind:filepath>/usr/lib/systemd/system/audit-rules.service</ind:filepath>
-      <ind:pattern operation="pattern match">^ExecStart=\/usr\/sbin\/augenrules.*$</ind:pattern>
-    {{% else %}}
-      <ind:filepath>/usr/lib/systemd/system/auditd.service</ind:filepath>
-      <ind:pattern operation="pattern match">^(ExecStartPost=\-\/sbin\/augenrules.*$|Requires=augenrules.service)</ind:pattern>
-    {{% endif %}}
-{{% endif %}}
+    <ind:filepath>/usr/lib/systemd/system/auditd.service</ind:filepath>
+    <ind:pattern operation="pattern match">^(ExecStartPost=\-\/sbin\/augenrules.*$|Requires=augenrules.service)</ind:pattern>
+  {{% endif %}}
     <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
   </ind:textfilecontent54_object>