mirror of
https://github.com/aquasecurity/kube-bench.git
synced 2024-11-22 08:08:07 +00:00
Issue: The initial command produces "root:root" as its output only when the file is present. However, if the file is missing, the command will still run successfully, though the desired output of "root:root" won't be obtained. (#1538)
Fix: To address this, we've modified the command to achieve the following: Verify the existence of the file. If the file is found, show the user and group ownership in the "username:groupname" format. If the file is not found, display the message "File not found." To accommodate this change, we've integrated the expected output "File not found" for instances where the file is absent. This adjustment ensures the successful execution of the test. Co-authored-by: mjshastha <manojshastha.madriki@aquasec.com>
This commit is contained in:
parent
f353bc4cba
commit
7a55d5d57c
@ -25,14 +25,16 @@ groups:
|
|||||||
|
|
||||||
- id: 4.1.2
|
- id: 4.1.2
|
||||||
text: "Ensure that the kubelet service file ownership is set to root:root (Automated)"
|
text: "Ensure that the kubelet service file ownership is set to root:root (Automated)"
|
||||||
audit: '/bin/sh -c ''if test -e $kubeletsvc; then stat -c %U:%G $kubeletsvc; fi'' '
|
audit: '/bin/sh -c "if test -e $kubeletsvc; then stat -c %U:%G $kubeletsvc; else echo \"File not found\"; fi"'
|
||||||
tests:
|
tests:
|
||||||
|
bin_op: or
|
||||||
test_items:
|
test_items:
|
||||||
- flag: root:root
|
- flag: root:root
|
||||||
|
- flag: "File not found"
|
||||||
remediation: |
|
remediation: |
|
||||||
Run the below command (based on the file location on your system) on the each worker node.
|
Run the below command (based on the file location on your system) on the each worker node.
|
||||||
For example,
|
For example,
|
||||||
chown root:root $kubeletsvc
|
chown root:root $kubeletsvc
|
||||||
scored: true
|
scored: true
|
||||||
|
|
||||||
- id: 4.1.3
|
- id: 4.1.3
|
||||||
|
@ -25,14 +25,16 @@ groups:
|
|||||||
|
|
||||||
- id: 4.1.2
|
- id: 4.1.2
|
||||||
text: "Ensure that the kubelet service file ownership is set to root:root (Automated)"
|
text: "Ensure that the kubelet service file ownership is set to root:root (Automated)"
|
||||||
audit: '/bin/sh -c ''if test -e $kubeletsvc; then stat -c %U:%G $kubeletsvc; fi'' '
|
audit: '/bin/sh -c "if test -e $kubeletsvc; then stat -c %U:%G $kubeletsvc; else echo \"File not found\"; fi"'
|
||||||
tests:
|
tests:
|
||||||
|
bin_op: or
|
||||||
test_items:
|
test_items:
|
||||||
- flag: root:root
|
- flag: root:root
|
||||||
|
- flag: "File not found"
|
||||||
remediation: |
|
remediation: |
|
||||||
Run the below command (based on the file location on your system) on the each worker node.
|
Run the below command (based on the file location on your system) on the each worker node.
|
||||||
For example,
|
For example,
|
||||||
chown root:root $kubeletsvc
|
chown root:root $kubeletsvc
|
||||||
scored: true
|
scored: true
|
||||||
|
|
||||||
- id: 4.1.3
|
- id: 4.1.3
|
||||||
|
@ -24,14 +24,16 @@ groups:
|
|||||||
|
|
||||||
- id: 4.1.2
|
- id: 4.1.2
|
||||||
text: "Ensure that the kubelet service file ownership is set to root:root (Automated)"
|
text: "Ensure that the kubelet service file ownership is set to root:root (Automated)"
|
||||||
audit: '/bin/sh -c ''if test -e $kubeletsvc; then stat -c %U:%G $kubeletsvc; fi'' '
|
audit: '/bin/sh -c "if test -e $kubeletsvc; then stat -c %U:%G $kubeletsvc; else echo \"File not found\"; fi"'
|
||||||
tests:
|
tests:
|
||||||
|
bin_op: or
|
||||||
test_items:
|
test_items:
|
||||||
- flag: root:root
|
- flag: root:root
|
||||||
|
- flag: "File not found"
|
||||||
remediation: |
|
remediation: |
|
||||||
Run the below command (based on the file location on your system) on the each worker node.
|
Run the below command (based on the file location on your system) on the each worker node.
|
||||||
For example,
|
For example,
|
||||||
chown root:root $kubeletsvc
|
chown root:root $kubeletsvc
|
||||||
scored: true
|
scored: true
|
||||||
|
|
||||||
- id: 4.1.3
|
- id: 4.1.3
|
||||||
|
@ -24,14 +24,16 @@ groups:
|
|||||||
|
|
||||||
- id: 4.1.2
|
- id: 4.1.2
|
||||||
text: "Ensure that the kubelet service file ownership is set to root:root (Automated)"
|
text: "Ensure that the kubelet service file ownership is set to root:root (Automated)"
|
||||||
audit: '/bin/sh -c ''if test -e $kubeletsvc; then stat -c %U:%G $kubeletsvc; fi'' '
|
audit: '/bin/sh -c "if test -e $kubeletsvc; then stat -c %U:%G $kubeletsvc; else echo \"File not found\"; fi"'
|
||||||
tests:
|
tests:
|
||||||
|
bin_op: or
|
||||||
test_items:
|
test_items:
|
||||||
- flag: root:root
|
- flag: root:root
|
||||||
|
- flag: "File not found"
|
||||||
remediation: |
|
remediation: |
|
||||||
Run the below command (based on the file location on your system) on the each worker node.
|
Run the below command (based on the file location on your system) on the each worker node.
|
||||||
For example,
|
For example,
|
||||||
chown root:root $kubeletsvc
|
chown root:root $kubeletsvc
|
||||||
scored: true
|
scored: true
|
||||||
|
|
||||||
- id: 4.1.3
|
- id: 4.1.3
|
||||||
|
@ -25,16 +25,17 @@ groups:
|
|||||||
scored: true
|
scored: true
|
||||||
|
|
||||||
- id: 4.1.2
|
- id: 4.1.2
|
||||||
text: "Ensure that the kubelet service file ownership is set to root:root (Scored)"
|
text: "Ensure that the kubelet service file ownership is set to root:root (Automated)"
|
||||||
audit: '/bin/sh -c ''if test -e $kubeletsvc; then stat -c %U:%G $kubeletsvc; fi'' '
|
audit: '/bin/sh -c "if test -e $kubeletsvc; then stat -c %U:%G $kubeletsvc; else echo \"File not found\"; fi"'
|
||||||
tests:
|
tests:
|
||||||
|
bin_op: or
|
||||||
test_items:
|
test_items:
|
||||||
- flag: root:root
|
- flag: root:root
|
||||||
set: true
|
- flag: "File not found"
|
||||||
remediation: |
|
remediation: |
|
||||||
Run the below command (based on the file location on your system) on the each worker node.
|
Run the below command (based on the file location on your system) on the each worker node.
|
||||||
For example,
|
For example,
|
||||||
chown root:root $kubeletsvc
|
chown root:root $kubeletsvc
|
||||||
scored: true
|
scored: true
|
||||||
|
|
||||||
- id: 4.1.3
|
- id: 4.1.3
|
||||||
|
@ -25,10 +25,12 @@ groups:
|
|||||||
|
|
||||||
- id: 4.1.2
|
- id: 4.1.2
|
||||||
text: "Ensure that the kubelet service file ownership is set to root:root (Automated)"
|
text: "Ensure that the kubelet service file ownership is set to root:root (Automated)"
|
||||||
audit: '/bin/sh -c ''if test -e $kubeletsvc; then stat -c %U:%G $kubeletsvc; fi'' '
|
audit: '/bin/sh -c "if test -e $kubeletsvc; then stat -c %U:%G $kubeletsvc; else echo \"File not found\"; fi"'
|
||||||
tests:
|
tests:
|
||||||
|
bin_op: or
|
||||||
test_items:
|
test_items:
|
||||||
- flag: root:root
|
- flag: root:root
|
||||||
|
- flag: "File not found"
|
||||||
remediation: |
|
remediation: |
|
||||||
Run the below command (based on the file location on your system) on the each worker node.
|
Run the below command (based on the file location on your system) on the each worker node.
|
||||||
For example,
|
For example,
|
||||||
|
@ -24,14 +24,16 @@ groups:
|
|||||||
|
|
||||||
- id: 4.1.2
|
- id: 4.1.2
|
||||||
text: "Ensure that the kubelet service file ownership is set to root:root (Automated)"
|
text: "Ensure that the kubelet service file ownership is set to root:root (Automated)"
|
||||||
audit: '/bin/sh -c ''if test -e $kubeletsvc; then stat -c %U:%G $kubeletsvc; fi'' '
|
audit: '/bin/sh -c "if test -e $kubeletsvc; then stat -c %U:%G $kubeletsvc; else echo \"File not found\"; fi"'
|
||||||
tests:
|
tests:
|
||||||
|
bin_op: or
|
||||||
test_items:
|
test_items:
|
||||||
- flag: root:root
|
- flag: root:root
|
||||||
|
- flag: "File not found"
|
||||||
remediation: |
|
remediation: |
|
||||||
Run the below command (based on the file location on your system) on the each worker node.
|
Run the below command (based on the file location on your system) on the each worker node.
|
||||||
For example,
|
For example,
|
||||||
chown root:root $kubeletsvc
|
chown root:root $kubeletsvc
|
||||||
scored: true
|
scored: true
|
||||||
|
|
||||||
- id: 4.1.3
|
- id: 4.1.3
|
||||||
|
@ -24,14 +24,16 @@ groups:
|
|||||||
|
|
||||||
- id: 4.1.2
|
- id: 4.1.2
|
||||||
text: "Ensure that the kubelet service file ownership is set to root:root (Automated)"
|
text: "Ensure that the kubelet service file ownership is set to root:root (Automated)"
|
||||||
audit: '/bin/sh -c ''if test -e $kubeletsvc; then stat -c %U:%G $kubeletsvc; fi'' '
|
audit: '/bin/sh -c "if test -e $kubeletsvc; then stat -c %U:%G $kubeletsvc; else echo \"File not found\"; fi"'
|
||||||
tests:
|
tests:
|
||||||
|
bin_op: or
|
||||||
test_items:
|
test_items:
|
||||||
- flag: root:root
|
- flag: root:root
|
||||||
|
- flag: "File not found"
|
||||||
remediation: |
|
remediation: |
|
||||||
Run the below command (based on the file location on your system) on the each worker node.
|
Run the below command (based on the file location on your system) on the each worker node.
|
||||||
For example,
|
For example,
|
||||||
chown root:root $kubeletsvc
|
chown root:root $kubeletsvc
|
||||||
scored: true
|
scored: true
|
||||||
|
|
||||||
- id: 4.1.3
|
- id: 4.1.3
|
||||||
|
Loading…
Reference in New Issue
Block a user