From fb92680702787fab1b0e77220e51cbfb37fb6bb5 Mon Sep 17 00:00:00 2001
From: Dave Hay <david_hay@uk.ibm.com>
Date: Sun, 23 May 2021 09:46:36 +0100
Subject: [PATCH] Issue 867: Updating CIS 1.1.9 and 1.1.10 (#877)

Mitigating "No such file or directory" related to CNI config directory

Signed-off by: Dave Hay <david_hay@uk.ibm.com>
---
 cfg/cis-1.6/master.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/cfg/cis-1.6/master.yaml b/cfg/cis-1.6/master.yaml
index c354bd7..7ef7f94 100644
--- a/cfg/cis-1.6/master.yaml
+++ b/cfg/cis-1.6/master.yaml
@@ -122,7 +122,7 @@ groups:
         text: "Ensure that the Container Network Interface file permissions are set to 644 or more restrictive (Manual)"
         audit: |
           ps -ef | grep $kubeletbin | grep -- --cni-conf-dir | sed 's%.*cni-conf-dir[= ]\([^ ]*\).*%\1%' | xargs -I{} find {} -mindepth 1 | xargs stat -c permissions=%a
-          find /var/lib/cni/networks -type f | xargs --no-run-if-empty stat -c permissions=%a
+          find /var/lib/cni/networks -type f 2> /dev/null | xargs --no-run-if-empty stat -c permissions=%a
         use_multiple_values: true
         tests:
           test_items:
@@ -140,7 +140,7 @@ groups:
         text: "Ensure that the Container Network Interface file ownership is set to root:root (Manual)"
         audit: |
           ps -ef | grep $kubeletbin | grep -- --cni-conf-dir | sed 's%.*cni-conf-dir[= ]\([^ ]*\).*%\1%' | xargs -I{} find {} -mindepth 1 | xargs stat -c %U:%G
-          find /var/lib/cni/networks -type f | xargs --no-run-if-empty stat -c %U:%G
+          find /var/lib/cni/networks -type f 2> /dev/null | xargs --no-run-if-empty stat -c %U:%G
         use_multiple_values: true
         tests:
           test_items:
-- 
GitLab