mirror of
https://github.com/aquasecurity/kube-bench.git
synced 2024-11-26 01:49:28 +00:00
Add a couple more tests for file permission checks
This commit is contained in:
parent
6b9f117f87
commit
af0eadc792
22
check/data
22
check/data
@ -94,3 +94,25 @@ groups:
|
||||
op: eq
|
||||
value: "644"
|
||||
set: true
|
||||
|
||||
- id: 9
|
||||
text: "test permissions"
|
||||
audit: "/bin/sh -c 'if test -e $config; then stat -c %a $config; fi'"
|
||||
tests:
|
||||
bin_op: or
|
||||
test_items:
|
||||
- flag: "644"
|
||||
compare:
|
||||
op: eq
|
||||
value: "644"
|
||||
set: true
|
||||
- flag: "640"
|
||||
compare:
|
||||
op: eq
|
||||
value: "640"
|
||||
set: true
|
||||
- flag: "600"
|
||||
compare:
|
||||
op: eq
|
||||
value: "600"
|
||||
set: true
|
||||
|
@ -86,6 +86,14 @@ func TestTestExecute(t *testing.T) {
|
||||
controls.Groups[0].Checks[8],
|
||||
"644",
|
||||
},
|
||||
{
|
||||
controls.Groups[0].Checks[9],
|
||||
"640",
|
||||
},
|
||||
{
|
||||
controls.Groups[0].Checks[9],
|
||||
"600",
|
||||
},
|
||||
}
|
||||
|
||||
for _, c := range cases {
|
||||
|
Loading…
Reference in New Issue
Block a user