File: encryption_disabled.fail.sh

package info (click to toggle)
scap-security-guide 0.1.79-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 114,704 kB
  • sloc: xml: 244,677; sh: 84,647; python: 33,203; makefile: 27
file content (149 lines) | stat: -rwxr-xr-x 6,173 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
 
#!/bin/bash
# remediation = none

yum install -y jq

kube_apipath="/kubernetes-api-resources"

# Create infra file for CPE to pass
mkdir -p "$kube_apipath/apis/config.openshift.io/v1/infrastructures/"
cat <<EOF > "$kube_apipath/apis/config.openshift.io/v1/infrastructures/cluster"
{
    "apiVersion": "config.openshift.io/v1",
    "kind": "Infrastructure",
    "metadata": {
        "name": "cluster"
    },
    "spec": {
        "platformSpec": {
            "type": "Azure"
        }
    },
    "status": {
        "platform": "Azure",
        "platformStatus": {
            "azure": {
                "cloudName": "AzurePublicCloud"
            },
            "type": "Azure"
        }
    }
}
EOF

machinev1beta1="/apis/machine.openshift.io/v1beta1"
machineset_apipath="$machinev1beta1/machinesets?limit=500"
# Create base file (not really needed for scanning but good for
# documentation and readability)
mkdir -p "$kube_apipath/$machinev1beta1"
cat <<EOF > "$kube_apipath/$machineset_apipath"
{
    "apiVersion": "v1",
    "items": [
        {
            "apiVersion": "machine.openshift.io/v1beta1",
            "kind": "MachineSet",
            "metadata": {
                "annotations": {
                    "machine.openshift.io/GPU": "0",
                    "machine.openshift.io/memoryMb": "16384",
                    "machine.openshift.io/vCPU": "4"
                },
                "creationTimestamp": "2021-11-02T12:47:47Z",
                "generation": 1,
                "labels": {
                    "machine.openshift.io/cluster-api-cluster": "ci-ln-7s758l2-1d09d-5924w",
                    "machine.openshift.io/cluster-api-machine-role": "worker",
                    "machine.openshift.io/cluster-api-machine-type": "worker"
                },
                "name": "ci-ln-7s758l2-1d09d-5924w-worker-westus",
                "namespace": "openshift-machine-api",
                "resourceVersion": "19495",
                "uid": "4508e330-64ec-4947-9cb9-ee172f7ff079"
            },
            "spec": {
                "replicas": 3,
                "selector": {
                    "matchLabels": {
                        "machine.openshift.io/cluster-api-cluster": "ci-ln-7s758l2-1d09d-5924w",
                        "machine.openshift.io/cluster-api-machineset": "ci-ln-7s758l2-1d09d-5924w-worker-westus"
                    }
                },
                "template": {
                    "metadata": {
                        "labels": {
                            "machine.openshift.io/cluster-api-cluster": "ci-ln-7s758l2-1d09d-5924w",
                            "machine.openshift.io/cluster-api-machine-role": "worker",
                            "machine.openshift.io/cluster-api-machine-type": "worker",
                            "machine.openshift.io/cluster-api-machineset": "ci-ln-7s758l2-1d09d-5924w-worker-westus"
                        }
                    },
                    "spec": {
                        "metadata": {},
                        "providerSpec": {
                            "value": {
                                "apiVersion": "azureproviderconfig.openshift.io/v1beta1",
                                "credentialsSecret": {
                                    "name": "azure-cloud-credentials",
                                    "namespace": "openshift-machine-api"
                                },
                                "image": {
                                    "offer": "",
                                    "publisher": "",
                                    "resourceID": "/resourceGroups/ci-ln-7s758l2-1d09d-5924w-rg/providers/Microsoft.Compute/images/ci-ln-7s758l2-1d09d-5924w",
                                    "sku": "",
                                    "version": ""
                                },
                                "kind": "AzureMachineProviderSpec",
                                "location": "westus",
                                "managedIdentity": "ci-ln-7s758l2-1d09d-5924w-identity",
                                "metadata": {
                                    "creationTimestamp": null
                                },
                                "networkResourceGroup": "ci-ln-7s758l2-1d09d-5924w-rg",
                                "osDisk": {
                                    "diskSizeGB": 128,
                                    "managedDisk": {
                                        "storageAccountType": "Premium_LRS"
                                    },
                                    "osType": "Linux"
                                },
                                "publicIP": false,
                                "publicLoadBalancer": "ci-ln-7s758l2-1d09d-5924w",
                                "resourceGroup": "ci-ln-7s758l2-1d09d-5924w-rg",
                                "subnet": "ci-ln-7s758l2-1d09d-5924w-worker-subnet",
                                "userDataSecret": {
                                    "name": "worker-user-data"
                                },
                                "vmSize": "Standard_D4s_v3",
                                "vnet": "ci-ln-7s758l2-1d09d-5924w-vnet",
                                "zone": ""
                            }
                        }
                    }
                }
            },
            "status": {
                "availableReplicas": 3,
                "fullyLabeledReplicas": 3,
                "observedGeneration": 1,
                "readyReplicas": 3,
                "replicas": 3
            }
        }
    ],
    "kind": "List",
    "metadata": {
        "resourceVersion": "",
        "selfLink": ""
    }
}
EOF

jq_filter='[.items[] | select(.spec.template.spec.providerSpec.value.osDisk.managedDisk.diskEncryptionSet.id != null) | .metadata.name]'

# Get filtered path. This will actually be read by the scan
filteredpath="$kube_apipath/$machineset_apipath#$(echo -n "$machineset_apipath$jq_filter" | sha256sum | awk '{print $1}')"

# populate filtered path with jq-filtered result
jq "$jq_filter" "$kube_apipath/$machineset_apipath" > "$filteredpath"