Regarding Auditing on RHEL 7.1

Hi, I am Sarthak Jain working in MicroFocus. I want your small help to clarify one of my doubt regarding the kernel auditing on RHEL 7.1. I hope you are the right person to contact. It will just 2 min (max :P) to go through the problem. Assumption: Ideally, if we change the configuration file (for ex- /etc/hosts), we should be getting audit events for it. Scenario: By default, the permissions for '/etc/hosts' is (rw-r-r--). If we modify this file, then audit events are coming as attached in file - 'file1.txt'. Problem: Let say if we change the permissions of the '/etc/hosts' to (rw-rw-rw), then audit system is not recording the "CONFIG_CHANGE" event at all. I have attached the file - 'file2.txt' for your reference. Can you please clarify this ? Is it a kernel level bug? I would be greatly thankful to you if you could please comment on this. Thanks.