mirror of
https://github.com/aquasecurity/kube-bench.git
synced 2024-11-26 01:49:28 +00:00
use $etcddatadir in more etcd related checks (#1331)
This commit is contained in:
parent
865817dfda
commit
bd8dd3adcc
@ -176,7 +176,13 @@ groups:
|
|||||||
|
|
||||||
- id: 1.1.12
|
- id: 1.1.12
|
||||||
text: "Ensure that the etcd data directory ownership is set to etcd:etcd (Automated)"
|
text: "Ensure that the etcd data directory ownership is set to etcd:etcd (Automated)"
|
||||||
audit: ps -ef | grep $etcdbin | grep -- --data-dir | sed 's%.*data-dir[= ]\([^ ]*\).*%\1%' | xargs stat -c %U:%G
|
audit: |
|
||||||
|
DATA_DIR=''
|
||||||
|
for d in $(ps -ef | grep $etcdbin | grep -- --data-dir | sed 's%.*data-dir[= ]\([^ ]*\).*%\1%'); do
|
||||||
|
if test -d "$d"; then DATA_DIR="$d"; fi
|
||||||
|
done
|
||||||
|
if ! test -d "$DATA_DIR"; then DATA_DIR=$etcddatadir; fi
|
||||||
|
stat -c %U:%G "$DATA_DIR"
|
||||||
tests:
|
tests:
|
||||||
test_items:
|
test_items:
|
||||||
- flag: "etcd:etcd"
|
- flag: "etcd:etcd"
|
||||||
|
@ -169,7 +169,13 @@ groups:
|
|||||||
|
|
||||||
- id: 1.1.12
|
- id: 1.1.12
|
||||||
text: "Ensure that the etcd data directory ownership is set to etcd:etcd (Automated)"
|
text: "Ensure that the etcd data directory ownership is set to etcd:etcd (Automated)"
|
||||||
audit: ps -ef | grep $etcdbin | grep -- --data-dir | sed 's%.*data-dir[= ]\([^ ]*\).*%\1%' | xargs stat -c %U:%G
|
audit: |
|
||||||
|
DATA_DIR=''
|
||||||
|
for d in $(ps -ef | grep $etcdbin | grep -- --data-dir | sed 's%.*data-dir[= ]\([^ ]*\).*%\1%'); do
|
||||||
|
if test -d "$d"; then DATA_DIR="$d"; fi
|
||||||
|
done
|
||||||
|
if ! test -d "$DATA_DIR"; then DATA_DIR=$etcddatadir; fi
|
||||||
|
stat -c %U:%G "$DATA_DIR"
|
||||||
tests:
|
tests:
|
||||||
test_items:
|
test_items:
|
||||||
- flag: "etcd:etcd"
|
- flag: "etcd:etcd"
|
||||||
|
@ -147,7 +147,13 @@ groups:
|
|||||||
|
|
||||||
- id: 1.1.11
|
- id: 1.1.11
|
||||||
text: "Ensure that the etcd data directory permissions are set to 700 or more restrictive (Automated)"
|
text: "Ensure that the etcd data directory permissions are set to 700 or more restrictive (Automated)"
|
||||||
audit: ps -ef | grep $etcdbin | grep -- --data-dir | sed 's%.*data-dir[= ]\([^ ]*\).*%\1%' | xargs stat -c permissions=%a
|
audit: |
|
||||||
|
DATA_DIR=''
|
||||||
|
for d in $(ps -ef | grep $etcdbin | grep -- --data-dir | sed 's%.*data-dir[= ]\([^ ]*\).*%\1%'); do
|
||||||
|
if test -d "$d"; then DATA_DIR="$d"; fi
|
||||||
|
done
|
||||||
|
if ! test -d "$DATA_DIR"; then DATA_DIR=$etcddatadir; fi
|
||||||
|
stat -c permissions=%a "$DATA_DIR"
|
||||||
tests:
|
tests:
|
||||||
test_items:
|
test_items:
|
||||||
- flag: "permissions"
|
- flag: "permissions"
|
||||||
@ -163,7 +169,13 @@ groups:
|
|||||||
|
|
||||||
- id: 1.1.12
|
- id: 1.1.12
|
||||||
text: "Ensure that the etcd data directory ownership is set to etcd:etcd (Automated)"
|
text: "Ensure that the etcd data directory ownership is set to etcd:etcd (Automated)"
|
||||||
audit: ps -ef | grep $etcdbin | grep -- --data-dir | sed 's%.*data-dir[= ]\([^ ]*\).*%\1%' | xargs stat -c %U:%G
|
audit: |
|
||||||
|
DATA_DIR=''
|
||||||
|
for d in $(ps -ef | grep $etcdbin | grep -- --data-dir | sed 's%.*data-dir[= ]\([^ ]*\).*%\1%'); do
|
||||||
|
if test -d "$d"; then DATA_DIR="$d"; fi
|
||||||
|
done
|
||||||
|
if ! test -d "$DATA_DIR"; then DATA_DIR=$etcddatadir; fi
|
||||||
|
stat -c %U:%G "$DATA_DIR"
|
||||||
tests:
|
tests:
|
||||||
test_items:
|
test_items:
|
||||||
- flag: "etcd:etcd"
|
- flag: "etcd:etcd"
|
||||||
|
Loading…
Reference in New Issue
Block a user