mirror of
https://github.com/aquasecurity/kube-bench.git
synced 2024-12-24 07:28:06 +00:00
Issue 867: Updating CIS 1.1.9 and 1.1.10 (#877)
Mitigating "No such file or directory" related to CNI config directory Signed-off by: Dave Hay <david_hay@uk.ibm.com>
This commit is contained in:
parent
62d9045ec6
commit
fb92680702
@ -122,7 +122,7 @@ groups:
|
|||||||
text: "Ensure that the Container Network Interface file permissions are set to 644 or more restrictive (Manual)"
|
text: "Ensure that the Container Network Interface file permissions are set to 644 or more restrictive (Manual)"
|
||||||
audit: |
|
audit: |
|
||||||
ps -ef | grep $kubeletbin | grep -- --cni-conf-dir | sed 's%.*cni-conf-dir[= ]\([^ ]*\).*%\1%' | xargs -I{} find {} -mindepth 1 | xargs stat -c permissions=%a
|
ps -ef | grep $kubeletbin | grep -- --cni-conf-dir | sed 's%.*cni-conf-dir[= ]\([^ ]*\).*%\1%' | xargs -I{} find {} -mindepth 1 | xargs stat -c permissions=%a
|
||||||
find /var/lib/cni/networks -type f | xargs --no-run-if-empty stat -c permissions=%a
|
find /var/lib/cni/networks -type f 2> /dev/null | xargs --no-run-if-empty stat -c permissions=%a
|
||||||
use_multiple_values: true
|
use_multiple_values: true
|
||||||
tests:
|
tests:
|
||||||
test_items:
|
test_items:
|
||||||
@ -140,7 +140,7 @@ groups:
|
|||||||
text: "Ensure that the Container Network Interface file ownership is set to root:root (Manual)"
|
text: "Ensure that the Container Network Interface file ownership is set to root:root (Manual)"
|
||||||
audit: |
|
audit: |
|
||||||
ps -ef | grep $kubeletbin | grep -- --cni-conf-dir | sed 's%.*cni-conf-dir[= ]\([^ ]*\).*%\1%' | xargs -I{} find {} -mindepth 1 | xargs stat -c %U:%G
|
ps -ef | grep $kubeletbin | grep -- --cni-conf-dir | sed 's%.*cni-conf-dir[= ]\([^ ]*\).*%\1%' | xargs -I{} find {} -mindepth 1 | xargs stat -c %U:%G
|
||||||
find /var/lib/cni/networks -type f | xargs --no-run-if-empty stat -c %U:%G
|
find /var/lib/cni/networks -type f 2> /dev/null | xargs --no-run-if-empty stat -c %U:%G
|
||||||
use_multiple_values: true
|
use_multiple_values: true
|
||||||
tests:
|
tests:
|
||||||
test_items:
|
test_items:
|
||||||
|
Loading…
Reference in New Issue
Block a user