[Docs] Auditing setuid/setgid applications

This patch documents some alternatives for RHEL-07-030310 since automating
the STIG requirement is challenging.

Implements: blueprint security-rhel7-stig
Change-Id: I28e9e4c25a98c26ef388bf0f62b9fbe58adbf96b

doc/metadata/rhel7/RHEL-07-030310.rst

@@ -1,7 +1,18 @@
 ---
 id: RHEL-07-030310
-status: not implemented
+status: exception - manual intervention
-tag: misc
+tag: auditd
 ---
 
-This STIG requirement is not yet implemented.
+This STIG is difficult to implement in an automated way because the number of
+applications on a system with setuid/setgid permissions changes over time.
+In addition, adding audit rules for some of these automatically could cause a
+significant increase in logging traffic when these applications are used
+regularly.
+
+Deployers are urged to do the following instead:
+
+* Minimize the amount of applications with setuid/setgid privileges
+* Monitor any new applications that gain setuid/setgid privileges
+* Add risky applications with setuid/setgid privileges to auditd for detailed
+  syscall monitoring