From ebcb742931493cec60bb6daa3bff3a033cdaf175 Mon Sep 17 00:00:00 2001
From: Dmytro Oboznyi <55382034+DOboznyi@users.noreply.github.com>
Date: Wed, 20 Jan 2021 14:42:57 +0200
Subject: [PATCH] Fix 1.1.7 1.1.8 (#798)

Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com>
---
 cfg/cis-1.6/master.yaml | 6 ++++--
 cfg/config.yaml         | 1 +
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/cfg/cis-1.6/master.yaml b/cfg/cis-1.6/master.yaml
index 447fcf3..989736b 100644
--- a/cfg/cis-1.6/master.yaml
+++ b/cfg/cis-1.6/master.yaml
@@ -91,7 +91,8 @@ groups:
 
       - id: 1.1.7
         text: "Ensure that the etcd pod specification file permissions are set to 644 or more restrictive (Automated)"
-        audit: "/bin/sh -c 'if test -e $etcdconf; then stat -c permissions=%a $etcdconf; fi'"
+        audit: "/bin/sh -c 'if test -e $etcdconf; then find $etcdconf -name '*etcd*' | xargs stat -c permissions=%a; fi'"
+        use_multiple_values: true
         tests:
           test_items:
             - flag: "permissions"
@@ -106,7 +107,8 @@ groups:
 
       - id: 1.1.8
         text: "Ensure that the etcd pod specification file ownership is set to root:root (Automated)"
-        audit: "/bin/sh -c 'if test -e $etcdconf; then stat -c %U:%G $etcdconf; fi'"
+        audit: "/bin/sh -c 'if test -e $etcdconf; then find $etcdconf -name '*etcd*' | xargs stat -c %U:%G; fi'"
+        use_multiple_values: true
         tests:
           test_items:
             - flag: "root:root"
diff --git a/cfg/config.yaml b/cfg/config.yaml
index 55ff322..98ff0c4 100644
--- a/cfg/config.yaml
+++ b/cfg/config.yaml
@@ -81,6 +81,7 @@ master:
       - /var/snap/etcd/common/etcd.conf.yaml
       - /var/snap/microk8s/current/args/etcd
       - /usr/lib/systemd/system/etcd.service
+      - /etc/kubernetes/manifests
     defaultconf: /etc/kubernetes/manifests/etcd.yaml
 
   flanneld:
-- 
GitLab