mirror of
https://github.com/aquasecurity/kube-bench.git
synced 2024-12-03 05:18:12 +00:00
5eccb498c1
We have added the missing script required for check 1.1.19 in rke-cis-1.24 and made it available to the kube-bench file system(https://github.com/rancher/security-scan/blob/master/package/helper_scripts/check_files_owner_in_dir.sh).
45 lines
838 B
Bash
45 lines
838 B
Bash
#!/usr/bin/env bash
|
|
|
|
# This script is used to ensure the owner is set to root:root for
|
|
# the given directory and all the files in it
|
|
#
|
|
# inputs:
|
|
# $1 = /full/path/to/directory
|
|
#
|
|
# outputs:
|
|
# true/false
|
|
|
|
INPUT_DIR=$1
|
|
|
|
if [[ "${INPUT_DIR}" == "" ]]; then
|
|
echo "false"
|
|
exit
|
|
fi
|
|
|
|
if [[ $(stat -c %U:%G ${INPUT_DIR}) != "root:root" ]]; then
|
|
echo "false"
|
|
exit
|
|
fi
|
|
|
|
statInfoLines=$(stat -c "%n %U:%G" ${INPUT_DIR}/*)
|
|
while read -r statInfoLine; do
|
|
f=$(echo ${statInfoLine} | cut -d' ' -f1)
|
|
p=$(echo ${statInfoLine} | cut -d' ' -f2)
|
|
|
|
if [[ $(basename "$f" .pem) == "kube-etcd-"* ]]; then
|
|
if [[ "$p" != "root:root" && "$p" != "etcd:etcd" ]]; then
|
|
echo "false"
|
|
exit
|
|
fi
|
|
else
|
|
if [[ "$p" != "root:root" ]]; then
|
|
echo "false"
|
|
exit
|
|
fi
|
|
fi
|
|
done <<< "${statInfoLines}"
|
|
|
|
|
|
echo "true"
|
|
exit
|