Enable >= comparison for audit_backlog_limit and add docs

macko1 · macko1 · commit 15dbbd2e60e6 · 2026-04-17T00:23:07.000+02:00
- Add operation "greater than or equal" to the rule so the OVAL
check accepts any value meeting the threshold, not just the
exact default.
- Document the operation parameter in template_reference.md.
diff --git a/docs/templates/template_reference.md b/docs/templates/template_reference.md
@@ -462,10 +462,18 @@ they must be of the same length.
     -   **arg_name** - argument name, eg. `audit`
 
     -   **arg_value** - argument value, eg. `'1'`
+        This parameter is mutually exclusive with **arg_variable**.
 
     -   **arg_variable** - the variable used as the value for the argument, eg. `'var_slub_debug_options'`
         This parameter is mutually exclusive with **arg_value**.
 
+    -   **operation** - (optional) OVAL operation used to compare the
+        collected argument value with the expected value. Default value:
+        `pattern match`. When set to a numeric operation such as
+        `greater than or equal`, the OVAL check captures only the
+        numeric portion of the argument and compares it as an integer.
+        Works with both **arg_variable** and **arg_value**.
+
 -   Languages: Ansible, Bash, OVAL, Blueprint, Kickstart
 
 #### grub2_bootloader_argument_absent
diff --git a/linux_os/guide/auditing/grub2_audit_backlog_limit_argument/rule.yml b/linux_os/guide/auditing/grub2_audit_backlog_limit_argument/rule.yml
@@ -51,3 +51,4 @@ template:
     vars:
         arg_name: audit_backlog_limit
         arg_variable: var_audit_backlog_limit
+        operation: greater than or equal
