include missing rpm pkg managers

cis/system/ksp-audit-cis-mysql-1-5.yaml

@@ -18,4 +18,5 @@ spec:
     matchPaths:
     - path: /bin/false
     - path: /sbin/nologin
+    - path: /usr/sbin/nologin
     action: Audit

cis/system/ksp-block-cis-centos-8-1-1-4-1.yaml

@@ -21,4 +21,5 @@ spec:
       - path: /usr/bin/auditd
       - path: /bin/auditd
       - path: /sbin/auditd
+      - path: /usr/sbin/auditd
     action: Block

elastic/system/ksp-audit-elasticsearch-bash-spawn.yaml

@@ -19,5 +19,6 @@ spec:
     - path: /bin/bash
     - path: /bin/sh
     - path: /sbin/sh
+    - path: /usr/sbin/sh
     - path: /bin/csh
   action: Audit

golang/system/ksp-block-golang-generic-policy-1.yaml

@@ -19,6 +19,9 @@ spec:
     - path: /sbin/ldconfig
       fromSource:
       - path: /usr/bin/python2.7
+    - path: /usr/sbin/ldconfig
+      fromSource:
+      - path: /usr/bin/python2.7
     - path: /usr/bin/whoami
       fromSource:
       - path: /bin/dash

malware/system/ksp-block-sysrv-hello-malware.yaml

@@ -22,6 +22,7 @@ spec:
   process:
     matchPaths:
     - path: /sbin/iptables
+    - path: /usr/sbin/iptables
     - path: /etc/iptables
     - path: /usr/share/iptables
     - path: /usr/sbin/ufw

metadata.yaml

@@ -18,6 +18,8 @@ policyRules:
       matchDirectories:
       - dir: /sbin/
         recursive: true
+      - dir: /usr/sbin/
+        recursive: true
     message: restricted maintenance tool access attempted
     selector:
       matchLabels:

nist/system/ksp-nist-cm-5-3-cm-14-signed-components.yaml

@@ -20,6 +20,9 @@ spec:
     matchPaths:
     - path: /usr/sbin/alternatives  
     - path: /usr/bin/dnf
+    - path: /usr/bin/dnf-3
+    - path: /usr/bin/dnf5
+    - path: /usr/bin/microdnf
     - path: /usr/bin/rpm
     - path: /usr/bin/yum
     - path: /usr/bin/rpmkeys

nist/system/ksp-nist-cm-7-5-software-install.yaml

@@ -42,6 +42,12 @@ spec:
       ownerOnly: true
     - path: /usr/bin/dnf
       ownerOnly: true
+    - path: /usr/bin/dnf-3
+      ownerOnly: true
+    - path: /usr/bin/dnf5
+      ownerOnly: true
+    - path: /usr/bin/microdnf
+      ownerOnly: true
     - path: /bin/dnf
       ownerOnly: true
     - path: /usr/bin/pacman

nist/system/ksp-nist-si-4-execute-package-management-process-in-container.yaml

@@ -33,6 +33,9 @@ spec:
     - path: /bin/rpm
     - path: /usr/bin/dnf
     - path: /bin/dnf
+    - path: /usr/bin/dnf-3
+    - path: /usr/bin/dnf5
+    - path: /usr/bin/microdnf
     - path: /usr/bin/pacman
     - path: /usr/sbin/pacman
     - path: /bin/pacman

nist/system/ksp-system-information-blockwithaudit.yaml

@@ -28,4 +28,5 @@ spec:
     - path: /bin/lsblk
     - path: /usr/bin/lspci
     - path: /sbin/fdisk
+    - path: /usr/sbin/fdisk
     action: Block

stigs/system/hsp-audit-stig-ubuntu-20-010173-unix-update.yaml

@@ -13,5 +13,6 @@ spec:
   process:
     matchPaths:
     - path: /sbin/unix_update
+    - path: /usr/sbin/unix_update
     action:
       Audit