From 21fe2bdab3d6e920ff6ef2cacb6b2fd86ef4e8c2 Mon Sep 17 00:00:00 2001 From: Saurabh Misra Date: Tue, 5 Nov 2024 09:29:23 +0530 Subject: [PATCH] FIX| RKE-CIS-1.24- CHECK 1.1.19 We have added the missing script required for check 1.1.19 in rke-cis-1.24 and made it available to the kube-bench file system(https://github.com/rancher/security-scan/blob/master/package/helper_scripts/check_files_owner_in_dir.sh). --- Dockerfile | 3 ++ Dockerfile.fips.ubi | 1 + Dockerfile.ubi | 1 + helper_scripts/check_files_owner_in_dir.sh | 44 ++++++++++++++++++++++ 4 files changed, 49 insertions(+) create mode 100644 helper_scripts/check_files_owner_in_dir.sh diff --git a/Dockerfile b/Dockerfile index 30e33e572..4abc81e08 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,8 +13,10 @@ RUN make build && cp kube-bench /go/bin/kube-bench ARG KUBECTL_VERSION TARGETARCH RUN wget -O /usr/local/bin/kubectl "https://dl.k8s.io/release/v${KUBECTL_VERSION}/bin/linux/${TARGETARCH}/kubectl" RUN wget -O kubectl.sha256 "https://dl.k8s.io/release/v${KUBECTL_VERSION}/bin/linux/${TARGETARCH}/kubectl.sha256" + # Verify kubectl sha256sum RUN /bin/bash -c 'echo "$(