From f6c6e6a0a8c435b3acdb187a3ddb5b85e28448a6 Mon Sep 17 00:00:00 2001
From: Thibault Ayanides <thibault.ayanides@ovhcloud.com>
Date: Mon, 12 Apr 2021 11:58:24 +0200
Subject: [PATCH] FIX(4.1.11): add SUDO to find suid files

---
 bin/hardening/4.1.11_record_privileged_commands.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/bin/hardening/4.1.11_record_privileged_commands.sh b/bin/hardening/4.1.11_record_privileged_commands.sh
index 6a9d47c..99057c2 100755
--- a/bin/hardening/4.1.11_record_privileged_commands.sh
+++ b/bin/hardening/4.1.11_record_privileged_commands.sh
@@ -17,8 +17,9 @@ HARDENING_LEVEL=4
 # shellcheck disable=2034
 DESCRIPTION="Collect use of privileged commands."
 
+SUDO_CMD='sudo -n'
 # Find all files with setuid or setgid set
-AUDIT_PARAMS=$(find / -xdev \( -perm -4000 -o -perm -2000 \) -type f |
+AUDIT_PARAMS=$($SUDO_CMD find / -xdev \( -perm -4000 -o -perm -2000 \) -type f |
     awk '{print "-a always,exit -F path=" $1 " -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged" }')
 FILE='/etc/audit/audit.rules'