Cause: If an Audit watch rule was defined without an Audit key (-k or -F key), it would be marked as non-compliant even if other parts of the rule were correct. Moreover, Bash remediation would fix the path and permissions of the watch rule, but it would not add the key correctly. Consequence: Following rules could be marked as non-compliant eventhough they would be techincally correct (except for the key parameter which is not important for auditing). * `audit_rules_login_events` * `audit_rules_login_events_faillock` * `audit_rules_login_events_lastlog` * `audit_rules_login_events_tallylog` * `audit_rules_usergroup_modification` * `audit_rules_usergroup_modification_group` * `audit_rules_usergroup_modification_gshadow` * `audit_rules_usergroup_modification_opasswd` * `audit_rules_usergroup_modification_passwd` * `audit_rules_usergroup_modification_shadow` * `audit_rules_time_watch_localtime` * `audit_rules_mac_modification` * `audit_rules_networkconfig_modification` * `audit_rules_sysadmin_actions` * `audit_rules_session_events` * `audit_rules_sudoers` * `audit_rules_sudoers_d` Moreover, in some cases remediation would not fix the missing key, resultin gin an "error" instead of "fixed" return value. Fix: The key (represented by -k or -F key in the rule definition) is not taken into account anymore neither when checking nor when applying Bash or Ansible remediation. As mentioned above, the key is here mainly for human auditors to ease searching in Audit logs and therefore they should be able to choose it arbitrarily. Result: Inconsistencies caused by the key field during checking and remediating are no longer present.