arno/kube-bench
1
0
Fork 0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-11-21 15:48:06 +00:00
Code Issues Releases Wiki Activity
main
kube-bench/helper_scripts/check_files_owner_in_dir.sh

45 lines
838 B
Bash
Raw Permalink Normal View History

FIX| RKE-CIS-1.24- CHECK 1.1.19 (#1722) We have added the missing script required for check 1.1.19 in rke-cis-1.24 and made it available to the kube-bench file system(https://github.com/rancher/security-scan/blob/master/package/helper_scripts/check_files_owner_in_dir.sh).
2024-11-15 12:32:24 +00:00
#!/usr/bin/env bash
# This script is used to ensure the owner is set to root:root for
# the given directory and all the files in it
#
# inputs:
# $1 = /full/path/to/directory
#
# outputs:
# true/false
INPUT_DIR=$1
if [[ "${INPUT_DIR}" == "" ]]; then
echo "false"
exit
fi
if [[ $(stat -c %U:%G ${INPUT_DIR}) != "root:root" ]]; then
echo "false"
exit
fi
statInfoLines=$(stat -c "%n %U:%G" ${INPUT_DIR}/*)
while read -r statInfoLine; do
f=$(echo ${statInfoLine} | cut -d' ' -f1)
p=$(echo ${statInfoLine} | cut -d' ' -f2)
if [[ $(basename "$f" .pem) == "kube-etcd-"* ]]; then
if [[ "$p" != "root:root" && "$p" != "etcd:etcd" ]]; then
echo "false"
exit
fi
else
if [[ "$p" != "root:root" ]]; then
echo "false"
exit
fi
fi
done <<< "${statInfoLines}"
echo "true"
exit
Reference in New Issue Copy Permalink