Search for SUID extends to NFS mount directories

[tedunder237]

Describe the Issue Our systems automount home directories which are listed to be searched for SUID exec. First, this is probably not the intent of the code since in 6.1.12 task the --local flag is used in df, and second the find command is taking a long time to run. Also suspect the CIS guidelines is to only perform checks on local filesystems.

Expected Behavior Task should only include local filesystems

Actual Behavior Task is including all found filesystems include NFS mounts

Control(s) Affected 6.1.13, 6.1.14

Environment (please complete the following information):

• branch being used: 1.3.1
• Ansible Version: 2.4.19
• Host Python Version: 3.9.18
• Additional Details: Rocky 9

Possible Solution Add the local flag to df to prevent including external filesystems tasks/section_6/cis_6.1.x.yml

For 6.1.13, line 261, add flag: ansible.builtin.shell: df {{ item.mount }} --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type f -perm -4000 For 6.1.14, line line 304, add flag: ansible.builtin.shell: df {{ item.mount }} --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type f -perm -2000

Tested on Rocky 9