From e5a34b91424d39c57b1fc2dec1d4ab99d91cf715 Mon Sep 17 00:00:00 2001 From: Liz Rice Date: Mon, 19 Jun 2017 18:45:54 +0100 Subject: [PATCH] Update tests to avoid failing on stat of a non-existant file --- cfg/master.yaml | 20 ++++++++++---------- cfg/node.yaml | 12 ++++++------ 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/cfg/master.yaml b/cfg/master.yaml index f334e65..ddd3693 100644 --- a/cfg/master.yaml +++ b/cfg/master.yaml @@ -531,7 +531,7 @@ groups: checks: - id: 1.4.1 text: "Ensure that the apiserver file permissions are set to 644 or more restrictive (Scored)" - audit: "stat -c %a $kubeConfDir/apiserver" + audit: "if test -e $kubeConfDir/apiserver; then stat -c %a $kubeConfDir/apiserver; fi" tests: test_items: - flag: "644" @@ -542,7 +542,7 @@ groups: - id: 1.4.2 text: "Ensure that the apiserver file ownership is set to root:root (Scored)" - audit: "stat -c %U:%G $kubeConfDir/apiserver" + audit: "if test -e $kubeConfDir/apiserver; then stat -c %U:%G $kubeConfDir/apiserver; fi" tests: test_items: - flag: "root:root" @@ -553,7 +553,7 @@ groups: - id: 1.4.3 text: "Ensure that the config file permissions are set to 644 or more restrictive (Scored)" - audit: "stat -c %a $kubeConfDir/config" + audit: "if test -e $kubeConfDir/config; then stat -c %a $kubeConfDir/config; fi" tests: test_items: - flag: "644" @@ -564,7 +564,7 @@ groups: - id: 1.4.4 text: "Ensure that the config file ownership is set to root:root (Scored)" - audit: "stat -c %U:%G $kubeConfDir/config" + audit: "if test -e $kubeConfDir/config; then stat -c %U:%G $kubeConfDir/config; fi" tests: test_items: - flag: "root:root" @@ -575,7 +575,7 @@ groups: - id: 1.4.5 text: "Ensure that the scheduler file permissions are set to 644 or more restrictive (Scored)" - audit: "stat -c %a $kubeConfDir/scheduler" + audit: "if test -e $kubeConfDir/scheduler; then stat -c %a $kubeConfDir/scheduler; fi" tests: test_items: - flag: "644" @@ -586,7 +586,7 @@ groups: - id: 1.4.6 text: "Ensure that the scheduler file ownership is set to root:root (Scored)" - audit: "stat -c %U:%G $kubeConfDir/scheduler" + audit: "if test -e $kubeConfDir/scheduler; then stat -c %U:%G $kubeConfDir/scheduler; fi" tests: test_items: - flag: "root:root" @@ -597,7 +597,7 @@ groups: - id: 1.4.7 text: "Ensure that the etcd.conf file permissions are set to 644 or more restrictive (Scored)" - audit: "stat -c %a $etcdConfDir/etcd.conf" + audit: "if test -e $etcdConfDir/etcd.conf; then stat -c %a $etcdConfDir/etcd.conf; fi" tests: test_items: - flag: "644" @@ -608,7 +608,7 @@ groups: - id: 1.4.8 text: "Ensure that the etcd.conf file ownership is set to root:root (Scored)" - audit: "stat -c %U:%G $etcdConfDir/etcd.conf" + audit: "if test -e $etcdConfDir/kubelet; then stat -c %U:%G $etcdConfDir/etcd.conf; fi" tests: test_items: - flag: "root:root" @@ -619,7 +619,7 @@ groups: - id: 1.4.9 text: "Ensure that the flanneld file permissions are set to 644 or more restrictive (Scored)" - audit: "stat -c %a /etc/sysconfig/flanneld" + audit: "if test -e /etc/sysconfig/flanneld; then stat -c %a /etc/sysconfig/flanneld; fi" tests: test_items: - flag: "644" @@ -630,7 +630,7 @@ groups: - id: 1.4.10 text: "Ensure that the flanneld file ownership is set to root:root (Scored)" - audit: "stat -c %U:%G /etc/sysconfig/flanneld" + audit: "if test -e /etc/sysconfig/flanneld; then stat -c %U:%G /etc/sysconfig/flanneld; fi" tests: test_items: - flag: "root:root" diff --git a/cfg/node.yaml b/cfg/node.yaml index 31465af..4304264 100644 --- a/cfg/node.yaml +++ b/cfg/node.yaml @@ -193,7 +193,7 @@ groups: checks: - id: 2.2.1 text: "Ensure that the config file permissions are set to 644 or more restrictive (Scored)" - audit: "stat -c %a $kubeConfDir/config" + audit: "if test -e $kubeConfDir/config; then stat -c %a $kubeConfDir/config; fi" tests: test_items: - flag: "644" @@ -204,7 +204,7 @@ groups: - id: 2.2.2 text: "Ensure that the config file ownership is set to root:root (Scored)" - audit: "stat -c %U:%G $kubeConfDir/config" + audit: "if test -e $kubeConfDir/config; then stat -c %U:%G $kubeConfDir/config; fi" tests: test_items: - flag: "root:root" @@ -215,7 +215,7 @@ groups: - id: 2.2.3 text: "Ensure that the kubelet file permissions are set to 644 or more restrictive (Scored)" - audit: "stat -c %a $kubeConfDir/kubelet" + audit: "if test -e $kubeConfDir/kubelet; then stat -c %a $kubeConfDir/kubelet; fi" tests: test_items: - flag: "644" @@ -226,7 +226,7 @@ groups: - id: 2.2.4 text: "Ensure that the kubelet file ownership is set to root:root (Scored)" - audit: "stat -c %U:%G $kubeConfDir/kubelet" + audit: "if test -e $kubeConfDir/kubelet; then stat -c %U:%G $kubeConfDir/kubelet; fi" tests: test_items: - flag: "root:root" @@ -237,7 +237,7 @@ groups: - id: 2.2.5 text: "Ensure that the proxy file permissions are set to 644 or more restrictive (Scored)" - audit: "stat -c %a $kubeConfDir/proxy" + audit: "if test -e $kubeConfDir/proxy; then stat -c %a $kubeConfDir/proxy; fi" tests: test_items: - flag: "644" @@ -248,7 +248,7 @@ groups: - id: 2.2.6 text: "Ensure that the proxy file ownership is set to root:root (Scored)" - audit: "stat -c %U:%G $kubeConfDir/proxy" + audit: "if test -e $kubeConfDir/proxy; then stat -c %U:%G $kubeConfDir/proxy; fi" tests: test_items: - flag: "root:root"