From 7104ccf0ea65faa87813775a6c5355380daabebb Mon Sep 17 00:00:00 2001
From: Dan D <daniel.deremiah@windriver.com>
Date: Mon, 29 Jan 2024 19:20:25 -0800
Subject: [PATCH] Fixes list privileged cmd collection to match benchmark

Signed-off-by: Dan D <daniel.deremiah@windriver.com>
---
 tasks/section_5/cis_5.2.3.x.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tasks/section_5/cis_5.2.3.x.yml b/tasks/section_5/cis_5.2.3.x.yml
index 39075bb3..0291b87e 100644
--- a/tasks/section_5/cis_5.2.3.x.yml
+++ b/tasks/section_5/cis_5.2.3.x.yml
@@ -93,7 +93,7 @@
 - name: "5.2.3.6 | PATCH | Ensure use of privileged commands is collected"
   block:
       - name: "5.2.3.6 | AUDIT | Ensure use of privileged commands is collected | Get list of privileged programs"
-        ansible.builtin.shell: for i in  $(df | grep '^/dev' | awk '{ print $NF }'); do find $i -xdev -type f -perm -4000 -o -type f -perm -2000 2>/dev/null; done
+        ansible.builtin.shell: for i in  $(findmnt -n -l -k -it $(awk '/nodev/ { print $2 }' /proc/filesystems | paste -sd,) | grep -Pv "noexec|nosuid" | awk '{print $1}'); do find $i -xdev -type f -perm -4000 -o -type f -perm -2000 2>/dev/null; done
         register: priv_procs
         changed_when: false
         check_mode: false