1
0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-12-23 23:18:33 +00:00
kube-bench/helper_scripts/check_files_owner_in_dir.sh
Saurabh Misra 5eccb498c1
FIX| RKE-CIS-1.24- CHECK 1.1.19 (#1722)
We have added the missing script required for check 1.1.19 in rke-cis-1.24 and made it available to the kube-bench file system(https://github.com/rancher/security-scan/blob/master/package/helper_scripts/check_files_owner_in_dir.sh).
2024-11-15 18:32:24 +06:00

45 lines
838 B
Bash

#!/usr/bin/env bash
# This script is used to ensure the owner is set to root:root for
# the given directory and all the files in it
#
# inputs:
# $1 = /full/path/to/directory
#
# outputs:
# true/false
INPUT_DIR=$1
if [[ "${INPUT_DIR}" == "" ]]; then
echo "false"
exit
fi
if [[ $(stat -c %U:%G ${INPUT_DIR}) != "root:root" ]]; then
echo "false"
exit
fi
statInfoLines=$(stat -c "%n %U:%G" ${INPUT_DIR}/*)
while read -r statInfoLine; do
f=$(echo ${statInfoLine} | cut -d' ' -f1)
p=$(echo ${statInfoLine} | cut -d' ' -f2)
if [[ $(basename "$f" .pem) == "kube-etcd-"* ]]; then
if [[ "$p" != "root:root" && "$p" != "etcd:etcd" ]]; then
echo "false"
exit
fi
else
if [[ "$p" != "root:root" ]]; then
echo "false"
exit
fi
fi
done <<< "${statInfoLines}"
echo "true"
exit