From 0326c0be0f109f072349e9f8dd407f49bfdd1b72 Mon Sep 17 00:00:00 2001 From: Mark Bolwell Date: Fri, 23 Feb 2024 14:46:38 +0000 Subject: [PATCH] 6.1.10 thanks to @DianaMariaDDM #37 Signed-off-by: Mark Bolwell --- tasks/section_6/cis_6.1.x.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/section_6/cis_6.1.x.yml b/tasks/section_6/cis_6.1.x.yml index b8e910b..c286220 100644 --- a/tasks/section_6/cis_6.1.x.yml +++ b/tasks/section_6/cis_6.1.x.yml @@ -177,7 +177,7 @@ - name: "6.1.10 | PATCH | Ensure world writable files and directories are secured" block: - name: "6.1.10 | AUDIT | Ensure world writable files and directories are secured | Get list of world-writable files" - ansible.builtin.shell: df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type f -perm -0002 + ansible.builtin.shell: df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find \( ! -path "*/containerd/*" -a ! -path "*/kubelet/pods/*" -a ! -path "/snap/*" \) -xdev -type f -perm -0002 failed_when: false changed_when: false register: amzn2023cis_6_1_10_perms_results