arno/kube-bench
1
0
Fork 0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-12-19 13:18:07 +00:00
Code Issues Releases Wiki Activity

Fix 1.1.7 1.1.8 (#798)

Browse Source 
Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com>
This commit is contained in:
Dmytro Oboznyi 2021-01-20 14:42:57 +02:00 committed by GitHub
parent 9782bee80c
commit ebcb742931
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
cfg/cis-1.6/master.yaml
View File

@ -91,7 +91,8 @@ groups:
- id: 1.1.7
text: "Ensure that the etcd pod specification file permissions are set to 644 or more restrictive (Automated)"
audit: "/bin/sh -c 'if test -e $etcdconf; then stat -c permissions=%a $etcdconf; fi'"
audit: "/bin/sh -c 'if test -e $etcdconf; then find $etcdconf -name '*etcd*' | xargs stat -c permissions=%a; fi'"
use_multiple_values: true
tests:
test_items:
- flag: "permissions"
@ -106,7 +107,8 @@ groups:
- id: 1.1.8
text: "Ensure that the etcd pod specification file ownership is set to root:root (Automated)"
audit: "/bin/sh -c 'if test -e $etcdconf; then stat -c %U:%G $etcdconf; fi'"
audit: "/bin/sh -c 'if test -e $etcdconf; then find $etcdconf -name '*etcd*' | xargs stat -c %U:%G; fi'"
use_multiple_values: true
tests:
test_items:
- flag: "root:root"

1
cfg/config.yaml
View File

@ -81,6 +81,7 @@ master:
- /var/snap/etcd/common/etcd.conf.yaml
- /var/snap/microk8s/current/args/etcd
- /usr/lib/systemd/system/etcd.service
- /etc/kubernetes/manifests
defaultconf: /etc/kubernetes/manifests/etcd.yaml
flanneld: