From 165444df60f72c1a103f30977213a9decf51dcf7 Mon Sep 17 00:00:00 2001
From: Lee Briggs <lbriggs@apptio.com>
Date: Tue, 30 Jan 2018 09:28:20 -0800
Subject: [PATCH] Test fixes for 1.8

---
 cfg/1.8/master.yaml | 67 +++++++++++++++++++++++++++++++++------------
 1 file changed, 50 insertions(+), 17 deletions(-)

diff --git a/cfg/1.8/master.yaml b/cfg/1.8/master.yaml
index ae933fd..5c543c2 100644
--- a/cfg/1.8/master.yaml
+++ b/cfg/1.8/master.yaml
@@ -978,12 +978,23 @@ groups:
     more restrictive (Scored)"
     audit: "/bin/sh -c 'if test -e /etc/kubernetes/admin.conf; then stat -c %a /etc/kubernetes/admin.conf; fi'"
     tests:
+      bin_op: or
       test_items:
-      - flag: "644"
-        compare:
-          op: eq
-          value: "644"
-        set: true
+        - flag: "644"
+          compare:
+            op: eq
+            value: "644"
+          set: true
+        - flag: "640"
+          compare:
+            op: eq
+            value: "640"
+          set: true
+        - flag: "600"
+          compare:
+            op: eq
+            value: "600"
+          set: true 
     remediation: |
       Run the below command (based on the file location on your system) on the master node.
       For example,
@@ -1009,14 +1020,25 @@ groups:
   - id: 1.4.15
     text: "Ensure that the scheduler.conf file permissions are set to 644 or
     more restrictive (Scored)"
-    audit: "/bin/sh -c 'if test -e $schedulerconf then stat -c %a $schedulerconf; fi'"
+    audit: "/bin/sh -c 'if test -e $schedulerconf; then stat -c %a $schedulerconf; fi'"
     tests:
+      bin_op: or
       test_items:
-      - flag: "644"
-        compare:
-          op: eq
-          value: "644"
-        set: true
+        - flag: "644"
+          compare:
+            op: eq
+            value: "644"
+          set: true
+        - flag: "640"
+          compare:
+            op: eq
+            value: "640"
+          set: true
+        - flag: "600"
+          compare:
+            op: eq
+            value: "600"
+          set: true
     remediation: |
       Run the below command (based on the file location on your system) on the master node.
       For example,
@@ -1042,14 +1064,25 @@ groups:
   - id: 1.4.17
     text: "Ensure that the controller-manager.conf file permissions are set
     to 644 or more restrictive (Scored)"
-    audit: "/bin/sh -c 'if test -e $controllermanagerconf then stat -c %a $controllermanagerconf; fi'"
+    audit: "/bin/sh -c 'if test -e $controllermanagerconf; then stat -c %a $controllermanagerconf; fi'"
     tests:
+      bin_op: or
       test_items:
-      - flag: "644"
-        compare:
-          op: eq
-          value: "644"
-        set: true
+        - flag: "644"
+          compare:
+            op: eq
+            value: "644"
+          set: true
+        - flag: "640"
+          compare:
+            op: eq
+            value: "640"
+          set: true
+        - flag: "600"
+          compare:
+            op: eq
+            value: "600"
+          set: true   
     remediation: |
       Run the below command (based on the file location on your system) on the master node.
       For example,