Test 1.1.8 produce false positive

Question

Test 1.1.8 produce false positive

cesan3 opened this issue a year ago · 3 comments

The current cis-1.3.1 audit is giving me a false positive with docker-ce-20.10.21-3. This check 1.1.8:

      test_file=$(grep 'containerd.sock' /etc/containerd/config.toml | awk -F "\"" '{print $2}')
      if test -S "$test_file"; then
        auditctl -l | grep $test_file
      fi

I manually updated it to:

      test_file=$(grep 'containerd.sock' /etc/containerd/config.toml | awk -F "=" '{print $2}' | sed -e 's/"//g')
      if test -S $test_file; then
        auditctl -l | grep $test_file
      fi

And it passes now.
I can create a PR but before I'd like to confirm this is not caused by my environment/version.

I'm running docker-ce-20.10.21-3 on rocky8

Answer 1 · 2023-10-08T01:48:08.000Z

Hi,cesan3
Which operating system are you using? I want to reproduce it.I also have a issue related to 1.1.8. #110 #106

Answer 2 · 2023-10-08T02:23:24.000Z

Hey @y4ney I'm running it on Rocky Linux 8.7

Answer 3 · 2023-10-08T02:58:09.000Z

Hey @y4ney Yeah, I think we can close this as a duplicate of #110.