Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-41125

Rule ocp4-cis-file-permissions-cni-conf returned a false negative result

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • None
    • 4.14.z
    • Networking / multus
    • None

      Description of problem:

      This is clone of https://issues.redhat.com/browse/OCPBUGS-22995 to track the backport fix for OCP v4.14

Rule ocp4-cis-file-permissions-cni-conf returned a false negative result

ocp4-cis-node-master-file-permissions-cni-conf                                FAIL     medium
ocp4-cis-node-worker-file-permissions-cni-conf                                FAIL     medium

      Version-Release number of selected component (if applicable):

      OpenShift v4.14, Compliance Operator v1.4+

      How reproducible:

      Always

      Steps to Reproduce:

          1. Scan ocp4-cis profile
    2. check results $ oc get ccr | grep -i cni

      Actual results:

      Rule does not PASS.

      Expected results:

      The CNI file permission should align with OpenShift CIS rule

      Additional info:

      We have multiple customers who are waiting for a long time for this fix.
This is affecting security audits for the customer, hence more prioritization is requested.

              pliurh Peng Liu
              rhn-support-rkshirsa Rutvik Kshirsagar
              Weibin Liang Weibin Liang
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: