arno/kube-bench
1
0
Fork 0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2025-01-03 12:20:54 +00:00
Code Issues Releases Wiki Activity

Improve etcd data directory extraction

Browse Source 
- If data-dir is not the last argument, the remaining arguments
  are captured preventing the correct checking.

Signed-off-by: Konstantin Semenov <ksemenov@pivotal.io>
This commit is contained in:
Konstantinos Karampogias 2018-01-24 14:17:45 +00:00 committed by Konstantin Semenov
parent be0134de95
commit 8fc6904093
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cfg/1.8/master.yaml
View File

@ -942,7 +942,7 @@ groups:
- id: 1.4.11
text: "Ensure that the etcd data directory permissions are set to 700 or more restrictive (Scored)"
audit: ps -ef | grep $etcdbin | grep -v grep | sed 's%.*data-dir[= ]\(\S*\)%\1%' | xargs stat -c %a
audit: ps -ef | grep $etcdbin | grep -v grep | sed 's%.*data-dir[= ]\(\S*\)%\1%' | awk '{print $1}' | xargs stat -c %a
tests:
test_items:
- flag: "700"