Issue 867: Updating CIS 1.1.9 and 1.1.10 (#877)

Mitigating "No such file or directory" related to CNI config directory Signed-off by: Dave Hay <david_hay@uk.ibm.com>
2024-12-20 05:38:13 +00:00 · 2021-05-23 09:46:36 +01:00 · 2021-05-23 09:46:36 +01:00 · fb92680702
commit fb92680702
parent 62d9045ec6
1 changed files with 2 additions and 2 deletions
--- a/cfg/cis-1.6/master.yaml
+++ b/cfg/cis-1.6/master.yaml
@ -122,7 +122,7 @@ groups:
        text: "Ensure that the Container Network Interface file permissions are set to 644 or more restrictive (Manual)"
        audit: |
          ps -ef | grep $kubeletbin | grep -- --cni-conf-dir | sed 's%.*cni-conf-dir[= ]\([^ ]*\).*%\1%' | xargs -I{} find {} -mindepth 1 | xargs stat -c permissions=%a
-          find /var/lib/cni/networks -type f | xargs --no-run-if-empty stat -c permissions=%a
+          find /var/lib/cni/networks -type f 2> /dev/null | xargs --no-run-if-empty stat -c permissions=%a
        use_multiple_values: true
        tests:
          test_items:
@ -140,7 +140,7 @@ groups:
        text: "Ensure that the Container Network Interface file ownership is set to root:root (Manual)"
        audit: |
          ps -ef | grep $kubeletbin | grep -- --cni-conf-dir | sed 's%.*cni-conf-dir[= ]\([^ ]*\).*%\1%' | xargs -I{} find {} -mindepth 1 | xargs stat -c %U:%G
-          find /var/lib/cni/networks -type f | xargs --no-run-if-empty stat -c %U:%G
+          find /var/lib/cni/networks -type f 2> /dev/null | xargs --no-run-if-empty stat -c %U:%G
        use_multiple_values: true
        tests:
          test_items: