1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
documentation_complete: true
title: 'Verify Permissions on the OpenShift Open vSwitch Files'
description: |-
{{{ describe_file_permissions(file="/etc/openvswitch/.*", perms="0644") }}}
rationale: |-
CNI (Container Network Interface) files consist of a specification and libraries for
writing plugins to configure network interfaces in Linux containers, along with a number
of supported plugins. Allowing writeable access to the files could allow an attacker to modify
the networking configuration potentially adding a rogue network connection.
severity: medium
#identifiers:
# cce@ocp4: 82173-6
references:
cis@ocp4: 1.4.9
ocil_clause: '{{{ ocil_clause_file_permissions(file="/etc/openvswitch/.*", perms="-rw-r--r--") }}}'
ocil: |-
{{{ ocil_file_permissions(file="/etc/openvswitch/.*", perms="-rw-r--r--") }}}
template:
name: file_permissions
vars:
filepath: /etc/openvswitch/
file_regex: ^.*$
filemode: '0644'
|
