Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CIS Control 1.1.12 fails in SLES server nodes #1756

Closed
rancher-max opened this issue Sep 3, 2021 · 1 comment
Closed

CIS Control 1.1.12 fails in SLES server nodes #1756

rancher-max opened this issue Sep 3, 2021 · 1 comment
Labels
kind/bug Something isn't working

Comments

@rancher-max
Copy link
Contributor

Environmental Info:
RKE2 Version:
All.. but confirmed with v1.21.4+rke2r2 so this has probably always been the case and not a regression

Node(s) CPU architecture, OS, and Version:
SLES15 SP2

$ uname -a
Linux ip-172-31-3-190 5.3.18-24.37-default #1 SMP Wed Nov 4 09:38:41 UTC 2020 (c145e08) x86_64 x86_64 x86_64 GNU/Linux

$  cat /etc/os-release
NAME="SLES"
VERSION="15-SP2"
VERSION_ID="15.2"
PRETTY_NAME="SUSE Linux Enterprise Server 15 SP2"
ID="sles"
ID_LIKE="suse"
ANSI_COLOR="0;32"
CPE_NAME="cpe:/o:suse:sles:15:sp2"

Cluster Configuration:
3 servers 1 agent, but probably happens with just 1 server

Describe the bug:

This control states: Ensure that the etcd data directory ownership is set to etcd:etcd (Automated)
The audit expectation is:

stat -c %U:%G /var/lib/rancher/rke2/server/db/etcd
etcd:etcd

However, in SLES15 SP2, using either cis profile, this is coming back as etcd:users

Steps To Reproduce:

  • Install RKE2 in cis mode using either profile. For example: profile: cis-1.6 in config.yaml

Expected behavior:

This control should pass when using both profile: cis-1.5 and profile: cis-1.6

@rancher-max rancher-max added the kind/bug Something isn't working label Sep 3, 2021
@caroline-suse-rancher
Copy link
Contributor

Closing due to age and because 1.21 is EOL - @rancher-max let me know if I should reopen, please!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/bug Something isn't working
Projects
None yet
Development

No branches or pull requests

2 participants