Update audit.rules

[lmeinecke]

The audit.rules file that is currently in this repo does not work with well with RHEL 6.8 deployments. Something has changed in that my workstations are often times experiencing kernel panic due to the buffer filling up or something related to auditd. It happened some on RHEL 6.7 but got considerably worse in RHEL6.8 installs to the point it will sometimes panic on shutdown activity. This condition can be created by deleting a large file structure (i.e. svn checkout directory) or during certain large builds. I've attributed it to the aggressiveness of the audit.rules file and the system not being able to "keep up" at which point it panics due to the "-f 2" logic.

I took the NISPOM baseline found under /usr and added the lines needed to mitigate audit.rules findings from a SCC/SCAP scan using Red Hat 6 STIG Benchmark - Ver 1, Rel 13

Using this file I have not had any issues with servers or workstations throwing a kernel panic under heavy use.

There is likely some cleanup that could be performed here with the commented out lines (some are redundant I believe) but I haven't had time to chase that down.