I wrote a blog post that you all may be interested in reading. It’s an
exploration of some discoveries I made while doing CIS0 testing with
audit-mode. The associated cookbook, libuuid-user, has a README1
that further illustrates and explains the subtle difference of intent
for audit mode vs “plain” Serverspec.