Merge pull request #112 from siemens/siemens/feat/control_7.1.12

Fix for Control 7.1.12 issue

Author: uk-bolly

defaults/main.yml

@@ -1310,7 +1310,7 @@ ubtu24cis_dotperm_ansiblemanaged: true
 ## Section 7
 
 # 7.1.12 Ensure no files or directories without an owner and a group exist
-ubtu24cis_exclude_unowned_search_path: (! -path "/run/user/*" -a ! -path "/proc/*" -a ! -path "*/containerd/*" -a ! -path "*/kubelet/pods/*" -a ! -path "*/kubelet/plugins/*" -a ! -path "/sys/fs/cgroup/memory/*" -a ! -path "/var/*/private/*")
+ubtu24cis_exclude_unowned_search_path: \( ! -path "/run/user/*" -a ! -path "/proc/*" -a ! -path "*/containerd/*" -a ! -path "*/kubelet/pods/*" -a ! -path "*/kubelet/plugins/*" -a ! -path "/sys/fs/cgroup/memory/*" -a ! -path "/var/*/private/*" -a ! -path "/snap/*" \)
 
 # Control 7.1.12
 # The value of this variable specifies the owner that will be set for unowned files and directories.

tasks/section_7/cis_7.1.x.yml

@@ -220,7 +220,7 @@
     warn_control_id: '7.1.12'
   block:
     - name: "7.1.12 | AUDIT | Ensure no files or directories without an owner and a group exist | Get list files or directories"
-      ansible.builtin.command: find {{ ubtu24cis_exclude_unowned_search_path }} {{ item.mount }} -xdev \( -nouser -o -nogroup \) -not -fstype nfs
+      ansible.builtin.command: find {{ item.mount }} -xdev {{ ubtu24cis_exclude_unowned_search_path }} \( -nouser -o -nogroup \) -not -fstype nfs
       changed_when: false
       failed_when: false
       check_mode: false
@@ -251,9 +251,9 @@
       ansible.builtin.file:
         path: "{{ item }}"
         owner: "{{ ubtu24cis_unowned_owner }}"
-        group: "{{ ubtu24cis_unowned_group }}"
+        group: "{{ ubtu24cis_ungrouped_group }}"
       with_items:
-        - "{{ udiscovered_unowned_files_flatten }}"
+        - "{{ discovered_unowned_files_flatten }}"
 
     - name: "7.1.12 | AUDIT | Ensure no files or directories without an owner and a group exist | Warn Count"
       when: