This message was deleted Rancher Users #rke2

Join Slack

This message was deleted.

# rke2

adamant-kite-43734

07/29/2024, 3:23 PM

This message was deleted.

gray-lawyer-73831

07/29/2024, 3:32 PM

It might be checking incorrect locations. See results here: https://docs.rke2.io/security/cis_self_assessment123#117

```stat -c %a /var/lib/rancher/rke2/agent/pod-manifests/etcd.yaml

644```

(and the respective other locations). We don’t have a self assessment out for cis-1.7 at the moment, but the checks and requirements for these are the same.

gray-lawyer-73831

07/29/2024, 3:34 PM

Ah that being said… it looks like the 1.7 check actually wants

600 or more restrictive

whereas the old check wanted

644 or more restrictive

. This is something that we’ll likely need to update moving forward.

refined-application-74576

07/29/2024, 3:37 PM

Ok, thanks!

21 Views

Open in Slack

Previous Next