From 5f254de415a97c8f9f16dce1b474306b32d01636 Mon Sep 17 00:00:00 2001
From: Michal Jankowski <mjankowski@vmware.com>
Date: Wed, 24 Oct 2018 17:06:21 -0700
Subject: [PATCH] Fixing checks 2.2.9 and 2.2.10 on 1.11 nodes.

Path to kubelet configuration was accidentally prefixed with a dollar
symbol (probably as a result of copying some other test that used
variable name).
After removing the dollar sign from paths both checks pass on conforming
deployment.
---
 cfg/1.11/node.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/cfg/1.11/node.yaml b/cfg/1.11/node.yaml
index 18e4876..66e8c5c 100644
--- a/cfg/1.11/node.yaml
+++ b/cfg/1.11/node.yaml
@@ -460,7 +460,7 @@ groups:
 
     - id: 2.2.9
       text: "Ensure that the kubelet configuration file ownership is set to root:root (Scored)"
-      audit: "/bin/sh -c 'if test -e $/var/lib/kubelet/config.yaml; then stat -c %U:%G $/var/lib/kubelet/config.yaml; fi'"
+      audit: "/bin/sh -c 'if test -e /var/lib/kubelet/config.yaml; then stat -c %U:%G /var/lib/kubelet/config.yaml; fi'"
       tests:
         test_items:
         - flag: "root:root"
@@ -472,7 +472,7 @@ groups:
 
     - id: 2.2.10
       text: "Ensure that the kubelet configuration file has permissions set to 644 or more restrictive (Scored)"
-      audit: "/bin/sh -c 'if test -e $/var/lib/kubelet/config.yaml; then stat -c %a $/var/lib/kubelet/config.yaml; fi'"
+      audit: "/bin/sh -c 'if test -e /var/lib/kubelet/config.yaml; then stat -c %a /var/lib/kubelet/config.yaml; fi'"
       tests:
         bin_op: or
         test_items:
-- 
GitLab