arno/kube-bench
1
0
Fork 0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-12-18 20:58:10 +00:00
Code Issues Releases Wiki Activity

make the kubelet cafile test posix compliant (#643)

Browse Source
This commit is contained in:
Kevin W Monroe 2020-07-21 09:43:39 -05:00 committed by GitHub
parent 66692951c8
commit 2a325bd60d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 3 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cfg/cis-1.3/node.yaml
View File

@ -458,9 +458,7 @@ groups:
text: Ensure that the client certificate authorities file ownership is set to root:root (Scored) text: Ensure that the client certificate authorities file ownership is set to root:root (Scored)
audit: | audit: |
CAFILE=$(ps -ef | grep kubelet | grep -v apiserver | grep -- --client-ca-file= | awk -F '--client-ca-file=' '{print $2}' | awk '{print $1}') CAFILE=$(ps -ef | grep kubelet | grep -v apiserver | grep -- --client-ca-file= | awk -F '--client-ca-file=' '{print $2}' | awk '{print $1}')
if [[ -z $CAFILE ]]; then if test -z $CAFILE; then CAFILE=$kubeletcafile; fi
CAFILE=$kubeletcafile
fi
if test -e $CAFILE; then stat -c %U:%G $CAFILE; fi if test -e $CAFILE; then stat -c %U:%G $CAFILE; fi
tests: tests:
test_items: test_items:

4
cfg/cis-1.4/node.yaml
View File

@ -449,9 +449,7 @@ groups:
text: Ensure that the client certificate authorities file ownership is set to root:root (Scored) text: Ensure that the client certificate authorities file ownership is set to root:root (Scored)
audit: | audit: |
CAFILE=$(ps -ef | grep kubelet | grep -v apiserver | grep -- --client-ca-file= | awk -F '--client-ca-file=' '{print $2}' | awk '{print $1}') CAFILE=$(ps -ef | grep kubelet | grep -v apiserver | grep -- --client-ca-file= | awk -F '--client-ca-file=' '{print $2}' | awk '{print $1}')
if [[ -z $CAFILE ]]; then if test -z $CAFILE; then CAFILE=$kubeletcafile; fi
CAFILE=$kubeletcafile
fi
if test -e $CAFILE; then stat -c %U:%G $CAFILE; fi if test -e $CAFILE; then stat -c %U:%G $CAFILE; fi
tests: tests:
test_items: test_items:

4
cfg/cis-1.5/node.yaml
View File

@ -119,9 +119,7 @@ groups:
text: "Ensure that the client certificate authorities file ownership is set to root:root (Scored)" text: "Ensure that the client certificate authorities file ownership is set to root:root (Scored)"
audit: | audit: |
CAFILE=$(ps -ef | grep kubelet | grep -v apiserver | grep -- --client-ca-file= | awk -F '--client-ca-file=' '{print $2}' | awk '{print $1}') CAFILE=$(ps -ef | grep kubelet | grep -v apiserver | grep -- --client-ca-file= | awk -F '--client-ca-file=' '{print $2}' | awk '{print $1}')
if [[ -z $CAFILE ]]; then if test -z $CAFILE; then CAFILE=$kubeletcafile; fi
CAFILE=$kubeletcafile
fi
if test -e $CAFILE; then stat -c %U:%G $CAFILE; fi if test -e $CAFILE; then stat -c %U:%G $CAFILE; fi
tests: tests:
test_items: test_items: