profiles/rhel9+rhel10/hipaa: add grub2_audit_backlog_limit_argument

The HIPAA profile enables a large number of audit rules which generates
high volumes of kernel audit events at boot. Without a raised
audit_backlog_limit, the kauditd hold queue overflows on reboot.

Set var_audit_backlog_limit=8192 and include the
grub2_audit_backlog_limit_argument rule for both RHEL 9 and RHEL 10.

Author: ggbecker

products/rhel10/profiles/hipaa.profile

@@ -25,6 +25,8 @@ description: |-
 
 selections:
     - hipaa:all
+    - var_audit_backlog_limit=8192
+    - grub2_audit_backlog_limit_argument
 
     # RHEL 10 uses a different rule for auditing changes to selinux configuration
     # HIPAA 164.308(a)(1)(ii)(D), 164.308(a)(3)(ii)(A), 164.308(a)(5)(ii)(C), 164.312(a)(2)(i), 164.312(b), 164.312(d) and 164.312(e)

products/rhel9/profiles/hipaa.profile

@@ -24,7 +24,9 @@ description: |-
 selections:
     - hipaa:all
     - var_system_crypto_policy=fips
+    - var_audit_backlog_limit=8192
     - no_rsh_trust_files
+    - grub2_audit_backlog_limit_argument
     - "!audit_rules_dac_modification_fchmodat2"
     - "!audit_rules_file_deletion_events_renameat2"
     - "!audit_rules_kernel_module_loading_finit"