Bug 500379

Description of problem:
/etc/audit/audit.rules contain a number of entries similar to this specific example, used on RHEL 4 and RHEL 5 (prior to 5.3):

-a entry,always -S kill -F uid=0 -F a0!=-1 -F a1=1

This works perfectly on versions of audit up to and including 1.6.5-9.el5. Beginning with 1.7.7-6.el5 included in RHEL 5.3, attempting to load this rule results in:

"-F value should be number for a0!=-1"

I have tested this in
RHEL 4 with audit-1.0.15,
RHEL 5.2 with audit-1.5.5-7.el5

But in RHEL 5.3 with audit-1.7.7-6.el5 -
====
# service auditd start
Starting auditd:                                           [  OK  ]
-F value should be number for a0!=-1
There was an error in line 14 of /etc/audit/audit.rules
====

How reproducible:
Everytime. This has also been confirmed against version audit-1.7.7-6.el5_3.3

Steps to Reproduce:
With audit-1.7.7-6.el5 -
====
# service auditd start
Starting auditd:                                           [  OK  ]
-F value should be number for a0!=-1
There was an error in line 14 of /etc/audit/audit.rules
====

Actual results:
-F value should be number for a0!=-1

Expected results:
Audit should start without the error message and take "-1" as numeric value.