From 8fc6904093dbf35f12b965ae20c3d0beccdce57f Mon Sep 17 00:00:00 2001
From: Konstantinos Karampogias <konstantinos.karampogias@swisscom.com>
Date: Wed, 24 Jan 2018 14:17:45 +0000
Subject: [PATCH 1/2] Improve etcd data directory extraction

- If data-dir is not the last argument, the remaining arguments
  are captured preventing the correct checking.

Signed-off-by: Konstantin Semenov <ksemenov@pivotal.io>
---
 cfg/1.8/master.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cfg/1.8/master.yaml b/cfg/1.8/master.yaml
index 9894f4c..fee7e24 100644
--- a/cfg/1.8/master.yaml
+++ b/cfg/1.8/master.yaml
@@ -942,7 +942,7 @@ groups:
 
   - id: 1.4.11
     text: "Ensure that the etcd data directory permissions are set to 700 or more restrictive (Scored)"
-    audit: ps -ef | grep $etcdbin | grep -v grep | sed 's%.*data-dir[= ]\(\S*\)%\1%' | xargs stat -c %a
+    audit: ps -ef | grep $etcdbin | grep -v grep | sed 's%.*data-dir[= ]\(\S*\)%\1%' | awk '{print $1}' | xargs stat -c %a
     tests:
       test_items:
       - flag: "700"

From 961dbeb2b5bfae66ef30971d0e76a534246de602 Mon Sep 17 00:00:00 2001
From: Konstantin Semenov <jhvhs@users.noreply.github.com>
Date: Thu, 25 Jan 2018 00:34:52 +0000
Subject: [PATCH 2/2] Correct sed regex

---
 cfg/1.8/master.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cfg/1.8/master.yaml b/cfg/1.8/master.yaml
index fee7e24..e281487 100644
--- a/cfg/1.8/master.yaml
+++ b/cfg/1.8/master.yaml
@@ -942,7 +942,7 @@ groups:
 
   - id: 1.4.11
     text: "Ensure that the etcd data directory permissions are set to 700 or more restrictive (Scored)"
-    audit: ps -ef | grep $etcdbin | grep -v grep | sed 's%.*data-dir[= ]\(\S*\)%\1%' | awk '{print $1}' | xargs stat -c %a
+    audit: ps -ef | grep $etcdbin | grep -v grep | sed 's%.*data-dir[= ]\([^ ]*\).*%\1%' | xargs stat -c %a
     tests:
       test_items:
       - flag: "700"