fix: privilege abuse rule #117

	# Auditd Config Testing

	name: Auditd Syntax Checks

	on:
	# Triggers the workflow on push or pull request events but only for the "master" branch
	push:
	branches:
	- master
	pull_request:
	branches:
	- master

	# A workflow run is made up of one or more jobs that can run sequentially or in parallel
	jobs:
	# This workflow contains a single job called "build"
	build:
	# The type of runner that the job will run on
	runs-on: ubuntu-latest

	# Steps represent a sequence of tasks that will be executed as part of the job
	steps:
	# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
	- uses: actions/checkout@v3

	- name: Update package information
	run: sudo apt update

	- name: Install auditd
	run: sudo apt install -y auditd

	- name: Start auditd
	run: if ! (systemctl is-active auditd); then sudo systemctl start auditd; fi

	- name: Remove default rules
	run: \|
	sudo ls -l /etc/audit/rules.d/
	sudo rm /etc/audit/audit.rules
	sudo rm -rf /etc/audit/rules.d
	sudo mkdir /etc/audit/rules.d

	- name: Copy rules file to rules directory
	run: sudo cp $GITHUB_WORKSPACE/audit.rules /etc/audit/rules.d/

	- name: Check rules
	run: sudo augenrules --check 2>&1

	# This will load the compiled rules file, check how many lines are in it, and display each line if successful
	- name: Load rules
	run: \|
	sudo augenrules --load 2>&1
	sudo wc -l /etc/audit/audit.rules
	sudo auditctl -l

Provide feedback