mirror of
https://github.com/aquasecurity/kube-bench.git
synced 2024-12-27 08:58:06 +00:00
Fix issue with etcd checks failing because of using " " instead of "=" to specify value.
This issue affects master checks 1.4.11 and 1.4.12.
This commit is contained in:
parent
850cde23e9
commit
7fcfb0cf30
@ -731,7 +731,7 @@ groups:
|
|||||||
|
|
||||||
- id: 1.4.11
|
- id: 1.4.11
|
||||||
text: "Ensure that the etcd data directory permissions are set to 700 or more restrictive (Scored)"
|
text: "Ensure that the etcd data directory permissions are set to 700 or more restrictive (Scored)"
|
||||||
audit: "ps -ef | grep $etcdbin | grep -v grep | grep -o data-dir=.* | cut -d= -f2 | xargs stat -c %a"
|
audit: ps -ef | grep $etcdbin | grep -v grep | sed 's%.*data-dir[= ]\(\S*\)%\1%' | xargs stat -c %a
|
||||||
tests:
|
tests:
|
||||||
test_items:
|
test_items:
|
||||||
- flag: "700"
|
- flag: "700"
|
||||||
@ -748,7 +748,7 @@ groups:
|
|||||||
|
|
||||||
- id: 1.4.12
|
- id: 1.4.12
|
||||||
text: "Ensure that the etcd data directory ownership is set to etcd:etcd (Scored)"
|
text: "Ensure that the etcd data directory ownership is set to etcd:etcd (Scored)"
|
||||||
audit: "ps -ef | grep $etcdbin | grep -v grep | grep -o data-dir=.* | cut -d= -f2 | xargs stat -c %U:%G"
|
audit: ps -ef | grep $etcdbin | grep -v grep | sed 's%.*data-dir[= ]\(\S*\)%\1%' | xargs stat -c %U:%G
|
||||||
tests:
|
tests:
|
||||||
test_items:
|
test_items:
|
||||||
- flag: "etcd:etcd"
|
- flag: "etcd:etcd"
|
||||||
|
@ -793,7 +793,7 @@ groups:
|
|||||||
|
|
||||||
- id: 1.4.11
|
- id: 1.4.11
|
||||||
text: "Ensure that the etcd data directory permissions are set to 700 or more restrictive (Scored)"
|
text: "Ensure that the etcd data directory permissions are set to 700 or more restrictive (Scored)"
|
||||||
audit: "ps -ef | grep $etcdbin | grep -v grep | grep -o data-dir=.* | cut -d= -f2 | xargs stat -c %a"
|
audit: ps -ef | grep $etcdbin | grep -v grep | sed 's%.*data-dir[= ]\(\S*\)%\1%' | xargs stat -c %a
|
||||||
tests:
|
tests:
|
||||||
test_items:
|
test_items:
|
||||||
- flag: "700"
|
- flag: "700"
|
||||||
@ -810,7 +810,7 @@ groups:
|
|||||||
|
|
||||||
- id: 1.4.12
|
- id: 1.4.12
|
||||||
text: "Ensure that the etcd data directory ownership is set to etcd:etcd (Scored)"
|
text: "Ensure that the etcd data directory ownership is set to etcd:etcd (Scored)"
|
||||||
audit: "ps -ef | grep $etcdbin | grep -v grep | grep -o data-dir=.* | cut -d= -f2 | xargs stat -c %U:%G"
|
audit: ps -ef | grep $etcdbin | grep -v grep | ed 's%.*data-dir[= ]\(\S*\)%\1%' | xargs stat -c %U:%G
|
||||||
tests:
|
tests:
|
||||||
test_items:
|
test_items:
|
||||||
- flag: "etcd:etcd"
|
- flag: "etcd:etcd"
|
||||||
|
@ -942,7 +942,7 @@ groups:
|
|||||||
|
|
||||||
- id: 1.4.11
|
- id: 1.4.11
|
||||||
text: "Ensure that the etcd data directory permissions are set to 700 or more restrictive (Scored)"
|
text: "Ensure that the etcd data directory permissions are set to 700 or more restrictive (Scored)"
|
||||||
audit: "ps -ef | grep $etcdbin | grep -v grep | grep -o data-dir=.* | cut -d= -f2 | xargs stat -c %a"
|
audit: ps -ef | grep $etcdbin | grep -v grep | sed 's%.*data-dir[= ]\(\S*\)%\1%' | xargs stat -c %a
|
||||||
tests:
|
tests:
|
||||||
test_items:
|
test_items:
|
||||||
- flag: "700"
|
- flag: "700"
|
||||||
@ -960,7 +960,7 @@ groups:
|
|||||||
|
|
||||||
- id: 1.4.12
|
- id: 1.4.12
|
||||||
text: "Ensure that the etcd data directory ownership is set to etcd:etcd (Scored)"
|
text: "Ensure that the etcd data directory ownership is set to etcd:etcd (Scored)"
|
||||||
audit: "ps -ef | grep $etcdbin | grep -v grep | grep -o data-dir=.* | cut -d= -f2 | xargs stat -c %U:%G"
|
audit: ps -ef | grep $etcdbin | grep -v grep | sed 's%.*data-dir[= ]\(\S*\)%\1%' | xargs stat -c %U:%G
|
||||||
tests:
|
tests:
|
||||||
test_items:
|
test_items:
|
||||||
- flag: "etcd:etcd"
|
- flag: "etcd:etcd"
|
||||||
|
Loading…
Reference in New Issue
Block a user