Test fixes for 1.8

6 years ago · 165444df60
parent 4f07b01ead
commit 165444df60
1 changed files with 50 additions and 17 deletions
--- a/cfg/1.8/master.yaml
+++ b/cfg/1.8/master.yaml
@ -978,12 +978,23 @@ groups:
    more restrictive (Scored)"
    audit: "/bin/sh -c 'if test -e /etc/kubernetes/admin.conf; then stat -c %a /etc/kubernetes/admin.conf; fi'"
    tests:
+      bin_op: or
      test_items:
-      - flag: "644"
-        compare:
-          op: eq
-          value: "644"
-        set: true
+        - flag: "644"
+          compare:
+            op: eq
+            value: "644"
+          set: true
+        - flag: "640"
+          compare:
+            op: eq
+            value: "640"
+          set: true
+        - flag: "600"
+          compare:
+            op: eq
+            value: "600"
+          set: true 
    remediation: |
      Run the below command (based on the file location on your system) on the master node.
      For example,
@ -1009,14 +1020,25 @@ groups:
  - id: 1.4.15
    text: "Ensure that the scheduler.conf file permissions are set to 644 or
    more restrictive (Scored)"
-    audit: "/bin/sh -c 'if test -e $schedulerconf then stat -c %a $schedulerconf; fi'"
+    audit: "/bin/sh -c 'if test -e $schedulerconf; then stat -c %a $schedulerconf; fi'"
    tests:
+      bin_op: or
      test_items:
-      - flag: "644"
-        compare:
-          op: eq
-          value: "644"
-        set: true
+        - flag: "644"
+          compare:
+            op: eq
+            value: "644"
+          set: true
+        - flag: "640"
+          compare:
+            op: eq
+            value: "640"
+          set: true
+        - flag: "600"
+          compare:
+            op: eq
+            value: "600"
+          set: true
    remediation: |
      Run the below command (based on the file location on your system) on the master node.
      For example,
@ -1042,14 +1064,25 @@ groups:
  - id: 1.4.17
    text: "Ensure that the controller-manager.conf file permissions are set
    to 644 or more restrictive (Scored)"
-    audit: "/bin/sh -c 'if test -e $controllermanagerconf then stat -c %a $controllermanagerconf; fi'"
+    audit: "/bin/sh -c 'if test -e $controllermanagerconf; then stat -c %a $controllermanagerconf; fi'"
    tests:
+      bin_op: or
      test_items:
-      - flag: "644"
-        compare:
-          op: eq
-          value: "644"
-        set: true
+        - flag: "644"
+          compare:
+            op: eq
+            value: "644"
+          set: true
+        - flag: "640"
+          compare:
+            op: eq
+            value: "640"
+          set: true
+        - flag: "600"
+          compare:
+            op: eq
+            value: "600"
+          set: true   
    remediation: |
      Run the below command (based on the file location on your system) on the master node.
      For example,