我在 kubernetes 中创建了一个工作节点并运行了审核检查
6.2.7 Ensure root PATH Integrity
但失败了 /root/bin is not a directory
。
[rocky@worker-1 ~]$ ./cistest.sh ## Running Audit check
/root/bin is not a directory
[rocky@worker-1 ~]$ sudo -Hiu root env | grep PATH
PATH=/usr/local/sbin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
cistest.sh:
#!/bin/bash
RPCV="$(sudo -Hiu root env | grep '^PATH=' | cut -d= -f2)"
echo "$RPCV" | grep -q "::" && echo "root's path contains a empty directory (::)"
echo "$RPCV" | grep -q ":$" && echo "root's path contains a trailing (:)"
for x in $(echo "$RPCV" | tr ":" " "); do
if [ -d "$x" ]; then
ls -ldH "$x" | awk '$9 == "." {print "PATH contains current working directory (.)"}
$3 != "root" {print $9, "is not owned by root"}
substr($1,6,1) != "-" {print $9, "is group writable"}
substr($1,9,1) != "-" {print $9, "is world writable"}'
else
echo "$x is not a directory"
fi
done
[rocky@worker-1 ~]$ cat /etc/redhat-release
Rocky Linux release 8.7 (Green Obsidian)
/root/bin
目录?/root/bin
目录添加到 PATH 环境变量?/root/bin
,我是否需要将其从 PATH 环境变量中删除,或者需要在具有所需权限的工作节点中创建 /root/bin
,以便审核测试通过。如果有人帮助我或澄清上述几点,那将非常有帮助。预先感谢!