From 322572189e6c8f0d113e5433c16dcc2927040e1a Mon Sep 17 00:00:00 2001 From: rajeshfrontline <95583348+rajeshfrontline@users.noreply.github.com> Date: Tue, 24 Dec 2024 12:10:58 +0530 Subject: [PATCH] PE5714 --- cis-harden/harden.sh | 16 ++++++++-------- earthly.sh | 10 +++++----- .../opt/spectrocloud/bin/check-disk-size.sh | 2 +- 3 files changed, 14 insertions(+), 14 deletions(-) diff --git a/cis-harden/harden.sh b/cis-harden/harden.sh index ee5e78b..f71aa29 100755 --- a/cis-harden/harden.sh +++ b/cis-harden/harden.sh @@ -529,15 +529,15 @@ harden_system() { fi echo "Fix permission of all cron files" - for each in $(echo /etc/cron.daily /etc/cron.hourly /etc/cron.d /etc/cron.monthly /etc/cron.weekly /etc/crontab) - do - if [[ -e ${each} ]]; then - stat -L -c "%a %u %g" "${each}" | grep -E ".00 0 0" - if $? -ne 0 ; then - chown root:root "${each}" - chmod og-rwx "${each}" + cron_files="/etc/etc/cron.daily /etc/cron.hourly /etc/cron.d /etc/cron.monthly /etc/cron.weekly /etc/crontab" + for each in ${cron_files}; do + if [[ -e ${each} ]]; then + stat -L -c "%a %u %g" "${each}" | grep -E ".00 0 0" + if $? -ne 0 ; then + chown root:root "${each}" + chmod og-rwx "${each}" + fi fi - fi done echo "Remove cron and at deny files and have allow files in place" diff --git a/earthly.sh b/earthly.sh index 68dc6eb..df9d496 100755 --- a/earthly.sh +++ b/earthly.sh @@ -28,7 +28,7 @@ function build_with_proxy() { -v "$(pwd)/certs:/usr/local/share/ca-certificates:ro" \ -v earthly-tmp:/tmp/earthly:rw \ -p 8372:8372 \ - "$SPECTRO_PUB_REPO"/third-party/edge/earthly/buildkitd:$EARTHLY_VERSION + "$SPECTRO_PUB_REPO"/third-party/edge/earthly/buildkitd:"$EARTHLY_VERSION" # Update the CA certificates in the container docker exec -it earthly-buildkitd update-ca-certificates @@ -49,12 +49,12 @@ function build_with_proxy() { -v "$(pwd)":/workspace \ -v "$(pwd)/certs:/usr/local/share/ca-certificates:ro" \ --entrypoint /workspace/earthly-entrypoint.sh \ - "$SPECTRO_PUB_REPO"/third-party/edge/earthly/earthly:$EARTHLY_VERSION --allow-privileged "$@" + "$SPECTRO_PUB_REPO"/third-party/edge/earthly/earthly:"$EARTHLY_VERSION" --allow-privileged "$@" } function build_without_proxy() { # Run Earthly in Docker to create artifacts Variables are passed from the .arg file - docker run --privileged -v ~/.docker/config.json:/root/.docker/config.json -v /var/run/docker.sock:/var/run/docker.sock --rm --env EARTHLY_BUILD_ARGS -t -e GLOBAL_CONFIG="$global_config" -v "$(pwd)":/workspace "$SPECTRO_PUB_REPO"/third-party/edge/earthly/earthly:$EARTHLY_VERSION --allow-privileged "$@" + docker run --privileged -v ~/.docker/config.json:/root/.docker/config.json -v /var/run/docker.sock:/var/run/docker.sock --rm --env EARTHLY_BUILD_ARGS -t -e GLOBAL_CONFIG="$global_config" -v "$(pwd)":/workspace "$SPECTRO_PUB_REPO"/third-party/edge/earthly/earthly:"$EARTHLY_VERSION" --allow-privileged "$@" } function print_os_pack() { @@ -127,11 +127,11 @@ if $? -ne 0 ; then exit 1 fi # Cleanup builder helper images. -docker rmi "$SPECTRO_PUB_REPO"/third-party/edge/earthly/earthly:$EARTHLY_VERSION +docker rmi "$SPECTRO_PUB_REPO"/third-party/edge/earthly/earthly:"$EARTHLY_VERSION" if [ "$(docker container inspect -f '{{.State.Running}}' earthly-buildkitd)" = "true" ]; then docker stop earthly-buildkitd fi -docker rmi "$SPECTRO_PUB_REPO"/third-party/edge/earthly/buildkitd:$EARTHLY_VERSION 2>/dev/null +docker rmi "$SPECTRO_PUB_REPO"/third-party/edge/earthly/buildkitd:"$EARTHLY_VERSION" 2>/dev/null docker rmi "$ALPINE_IMG" if [[ "$1" == "+uki-genkey" ]]; then diff --git a/overlay/files/opt/spectrocloud/bin/check-disk-size.sh b/overlay/files/opt/spectrocloud/bin/check-disk-size.sh index 845ef1b..ccaee5c 100755 --- a/overlay/files/opt/spectrocloud/bin/check-disk-size.sh +++ b/overlay/files/opt/spectrocloud/bin/check-disk-size.sh @@ -6,7 +6,7 @@ REQUIRED_FREE_DISK=$1 FREE=$(df -h --output=pcent /var/ | tail -n 1 | tr -d '\% ') -if (( FREE < REQUIRED_FREE_DISK )); then +if (( "${FREE}" < "${REQUIRED_FREE_DISK}" )); then echo "Not enough free disk, required: $1. Free: $FREE" exit 1 fi