search

cyberark / KubiScan

A tool to scan Kubernetes cluster for risky permissions
GNU General Public License v3.0
1.31k stars 130 forks source link

Failed chmod when not specifying AWS info #66

Closed elreydetoda closed 1 year ago

elreydetoda commented 1 year ago

Summary

When not providing an aws_dir as an argument to the ./docker_run.sh script, the mkdir -p command doesn't run. Causing the chmod command to fail.

While this doesn't prevent you from exec'ing inside the container it is still confusing (made me think the script didn't finish initially).

Steps to Reproduce

  1. Clone repo
  2. Execute ./docker_run.sh ~/.kube/config
  3. See error

(the same error happens no matter if I'm using @2niknatan's natan2nik/kubiscan image or build locally and use that image's name)

Expected Results

No errors (i.e. picture below)

image

Actual Results

chmod error

image

Reproducible

Version/Tag number

commit: cd670a671454c99487327942332fa5a6697037f3 (current master branch's latest commit)

Environment setup

In proxmox VM running Kali Linux 2023.1 with docker version:

Client: Docker Engine - Community
 Version:           23.0.6
 API version:       1.42
 Go version:        go1.19.9
 Git commit:        ef23cbc
 Built:             Fri May  5 21:18:28 2023
 OS/Arch:           linux/amd64
 Context:           default

Server: Docker Engine - Community
 Engine:
  Version:          23.0.6
  API version:      1.42 (minimum version 1.12)
  Go version:       go1.19.9
  Git commit:       9dbdbd4
  Built:            Fri May  5 21:18:28 2023
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.6.21
  GitCommit:        3dce8eb055cbb6872793272b4f20ed16117344f8
 runc:
  Version:          1.1.7
  GitCommit:        v1.1.7-0-g860f061
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

Effectively running in this Vagrantfile (used the same script to install docker).

Additional Information

N/a

g3rzi commented 1 year ago

Thank you, I appreciate your elaboration on the bug.
I understand the problem, the -f will suppress the errors, usually I prefer to know if there are problems but in this specific issue I think your solution is good enough.

But if there will be issues with /tmp and /opt/kubiscan we want to know about them.
We will check if there is another solution for that, meanwhile, I will accept your solution.