From 432651e85f80db9633430a37523b820fa2f9bbae Mon Sep 17 00:00:00 2001
From: jerbia <jerbia@gmail.com>
Date: Wed, 21 Jun 2017 22:45:50 +0300
Subject: [PATCH] Added test 1.4.11 (#8)

---
 README.md       |  4 ++++
 cfg/master.yaml | 27 ++++++++++++++++-----------
 cmd/root.go     |  2 +-
 3 files changed, 21 insertions(+), 12 deletions(-)

diff --git a/README.md b/README.md
index eb0e370..1c30638 100644
--- a/README.md
+++ b/README.md
@@ -58,8 +58,12 @@ groups:
       text: "Ensure that the --allow-privileged argument is set (Scored)"
       audit: "ps -ef | grep kube-apiserver | grep -v grep"
       tests:
+      bin_op: or
+      test_items:
       - flag: "--allow-privileged"
         set: true
+      - flag: "--some-other-flag"
+        set: false
       remediation: "Edit the /etc/kubernetes/config file on the master node and set the KUBE_ALLOW_PRIV parameter to '--allow-privileged=false'"
       scored: true
 ```
diff --git a/cfg/master.yaml b/cfg/master.yaml
index dd0d07a..c21a8f8 100644
--- a/cfg/master.yaml
+++ b/cfg/master.yaml
@@ -641,17 +641,22 @@ groups:
       remediation: "Run the below command (based on the file location on your system) on the master node. 
               \nFor example, chown root:root /etc/sysconfig/flanneld"
       scored: true
-
-      # TODO: Resolve issue get pipeline to work.
-      #  - id: 1.4.11
-      #  - text: "Ensure that the etcd data directory permissions are set to 700 or more restrictive (Scored)"
-      #  - audit: "ps -ef | grep etcd | grep -v grep | sed 's,.*--data-dir=\\(.*\\)\\s.*,\\1,' | xargs stat -c %a"
-      #  - tests:
-      #  -   test_items:
-      #  -     - flag: "700"
-      #  -       set: true
-      #  - remediation: ""
-      #  - scored: true
+      
+    - id: 1.4.11
+      text: "Ensure that the etcd data directory permissions are set to 700 or more restrictive (Scored)"
+      # audit: ps -ef | grep etcd | grep -v grep | sed 's,.*--data-dir=\(.*\)\s*.*,\1,' | xargs stat -c %a
+      audit: "ps -ef | grep etcd | grep -v grep | grep -o data-dir=.* | cut -d= -f2 | xargs stat -c %a"
+      # audit: xargs stat -c %a /etc/etcd
+      tests:
+        test_items:
+        - flag: "700"
+          set: true
+      remediation: "On the etcd server node, get the etcd data directory, passed as an argument --data-dir ,
+              from the below command:\n
+              ps -ef | grep etcd\n
+              Run the below command (based on the etcd data directory found above). For example,\n
+              chmod 700 /var/lib/etcd/default.etcd"
+      scored: true
 
 - id: 1.5
   text: "etcd"
diff --git a/cmd/root.go b/cmd/root.go
index 3ca70a8..2a02906 100644
--- a/cmd/root.go
+++ b/cmd/root.go
@@ -58,7 +58,7 @@ func Execute() {
 func init() {
 	cobra.OnInitialize(initConfig)
 
-	RootCmd.PersistentFlags().BoolVar(&jsonFmt, "json", false, "Output results as JSON")
+	RootCmd.PersistentFlags().BoolVar(&jsonFmt, "json", false, "Prints the results as JSON")
 	RootCmd.PersistentFlags().StringVarP(&checkList,
 		"check",
 		"c",
-- 
GitLab