Describe the Issue
The fact ansible_mounts does not currently exclude items who's device attribute begins with /dev. The current find on 010161 will search nfs drives and cause major issues.
Expected Behavior
Only local file systems on a machine should be accessed when performing hardening.
Actual Behavior
NFS drives are being accessed while performing hardening steps. This can potentially be a catastrophic issue for some users.
Control(s) Affected
RHEL-08-010161
Additional Details:
Additional Notes
Anything additional goes here
Possible Solution
Define a new variable based on the fact ansible_mounts which excludes items who's device attribute begins with /dev. e.g.:
rhel8stig_local_mounts: "{{ ansible_mounts | to_json | from_json | json_query(rhel8stig_local_mounts_query) }}"rhel8stig_local_mounts_query: "[?starts_with(device, '/dev/')].mount"
Describe the Issue The fact ansible_mounts does not currently exclude items who's device attribute begins with /dev. The current find on 010161 will search nfs drives and cause major issues.
Expected Behavior Only local file systems on a machine should be accessed when performing hardening.
Actual Behavior NFS drives are being accessed while performing hardening steps. This can potentially be a catastrophic issue for some users.
Control(s) Affected RHEL-08-010161
Additional Notes Anything additional goes here
Possible Solution Define a new variable based on the fact ansible_mounts which excludes items who's device attribute begins with /dev. e.g.: rhel8stig_local_mounts: "{{ ansible_mounts | to_json | from_json | json_query(rhel8stig_local_mounts_query) }}"rhel8stig_local_mounts_query: "[?starts_with(device, '/dev/')].mount"