make remediation also check for sgids

brett060102 · Jan 28, 2021 · a82e4e5 · a82e4e5
1 parent 3932c3e
commit a82e4e5
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/...figure_rules/audit_privileged_commands/audit_rules_privileged_commands/ansible/shared.yml b/...figure_rules/audit_privileged_commands/audit_rules_privileged_commands/ansible/shared.yml
@@ -53,7 +53,7 @@
 - name: "construct list of suid or sgid binaries"
   set_fact:
     suid_sgid_binaries: "{{ suid_sgid_binaries | union([item.path]) }}"
-  when: item.mode is match("2.*")
+  when: item.mode is match("2.*") or item.mode is match("4.*")
   loop: '{{ found_files.files }}'
 
 # Inserts/replaces the rule in /etc/audit/rules.d