Uploaded image for project: 'Cloud Infrastructure Security & Compliance'
  1. Cloud Infrastructure Security & Compliance
  2. CMP-3600

ocp4-cis-node-master-file-permissions-etcd-data-dir rule aiming for the wrong path

XMLWordPrintable

    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • False
    • Low

      Description of problem:

      Compliance Operator scan rule ocp4-cis-node-master-file-permissions-etcd-data-dir seems to be aiming for the wrong path /var/lib/etcd when other similar rules about group and user ownership point to /var/lib/etcd/member.
Even the Description text says:

  Verify Permissions on the Etcd Database Directory
  To properly set the permissions of /var/lib/etcd , run the command:

  $ sudo chmod 0700 /var/lib/etcd

But the check seems to be based on /var/lib/etcd/member and the summary points to it too:

Result of item-state comparison	  Path	                    Type	   UID	GID	Size (B)	Permissions
not evaluated	                  /var/lib/etcd/member/	   directory	0	0	29	        rwxr-xr-x

      Version-Release number of selected component (if applicable):

      Tested on 4.18.10

      How reproducible:

      Run Compliance Operator scan with rule ocp4-cis-node-master-file-permissions-etcd-data-dir

      Steps to Reproduce:

      Run Compliance Operator scan with rule ocp4-cis-node-master-file-permissions-etcd-data-dir

      Actual results:

      Points to /var/lib/etcd

      Expected results:

      Should point to /var/lib/etcd/member

      Additional info:

              Unassigned Unassigned
              rhn-support-jveiraca1 Joaquin Veira
              Xiaojie Yuan Xiaojie Yuan
              Maria Simon Marcos Maria Simon Marcos
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: