sr2/RHEL9-CIS
4
0
Fork 0
forked from ansible-lockdown/RHEL9-CIS
Code Activity

issue #217 addressed thanks to tedunder237

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2024-07-11 16:05:40 +01:00
parent 632f6b8367
commit 611b9ce0b9
No known key found for this signature in database
GPG key ID: 1DE02A772D0908F9
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
tasks/section_6/cis_6.1.x.yml
View file

@ -258,7 +258,7 @@
- name: "6.1.13 | AUDIT | Audit SUID executables" - name: "6.1.13 | AUDIT | Audit SUID executables"
block: block:
- name: "6.1.13 | AUDIT | Audit SUID executables | Find all SUID executables" - name: "6.1.13 | AUDIT | Audit SUID executables | Find all SUID executables"
ansible.builtin.shell: df {{ item.mount }} -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type f -perm -4000 ansible.builtin.shell: df {{ item.mount }} --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type f -perm -4000
failed_when: false failed_when: false
changed_when: false changed_when: false
register: rhel_09_6_1_13_suid_perms register: rhel_09_6_1_13_suid_perms
@ -301,7 +301,7 @@
- name: "6.1.14 | AUDIT | Audit SGID executables" - name: "6.1.14 | AUDIT | Audit SGID executables"
block: block:
- name: "6.1.14 | AUDIT | Audit SGID executables | Find all SGID executables" - name: "6.1.14 | AUDIT | Audit SGID executables | Find all SGID executables"
ansible.builtin.shell: df {{ item.mount }} -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type f -perm -2000 ansible.builtin.shell: df {{ item.mount }} --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type f -perm -2000
failed_when: false failed_when: false
changed_when: false changed_when: false
register: rhel_09_6_1_14_sgid_perms register: rhel_09_6_1_14_sgid_perms