From 016d67bade66c63fed1fbdb2063de68bb423bb81 Mon Sep 17 00:00:00 2001 From: Hacks4Snacks Date: Wed, 7 Jul 2021 10:06:50 -0500 Subject: [PATCH] cis-1.20 section 1.1.10 command revision. (#922) Co-authored-by: Yoav Rotem --- cfg/cis-1.20/master.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cfg/cis-1.20/master.yaml b/cfg/cis-1.20/master.yaml index 92e1254..96df150 100644 --- a/cfg/cis-1.20/master.yaml +++ b/cfg/cis-1.20/master.yaml @@ -139,7 +139,7 @@ groups: - id: 1.1.10 text: "Ensure that the Container Network Interface file ownership is set to root:root (Manual)" audit: | - ps -ef | grep $kubeletbin | grep -- --cni-conf-dir | sed 's%.*cni-conf-dir[= ]\([^ ]*\).*%\1%' | xargs -I{} find {} -mindepth 1 | xargs xargs --no-run-if-empty stat -c %U:%G + ps -ef | grep $kubeletbin | grep -- --cni-conf-dir | sed 's%.*cni-conf-dir[= ]\([^ ]*\).*%\1%' | xargs -I{} find {} -mindepth 1 | xargs --no-run-if-empty stat -c %U:%G find /var/lib/cni/networks -type f 2> /dev/null | xargs --no-run-if-empty stat -c %U:%G use_multiple_values: true tests: