bloodhound: Fix journal file permission check

The Bottlerocket CIS check 4.1.2 would correctly report if there was a failing condition, but it missed changing the result from SKIP to PASS if there was no failure. This updates the result for 4.1.2 so that it will correctly report success as long as there are no non-compliant journal file permissions. Signed-off-by: Sean McGinnis <[email protected]>
bottlerocket-os · Oct 23, 2023 · 003aacf · 003aacf
1 parent 686c785
commit 003aacf
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/sources/bloodhound/src/bin/bottlerocket-checks/checks.rs b/sources/bloodhound/src/bin/bottlerocket-checks/checks.rs
@@ -857,7 +857,13 @@ pub struct BR04010200Checker {}
 
 impl Checker for BR04010200Checker {
     fn execute(&self) -> CheckerResult {
-        let mut result = CheckerResult::default();
+        // Default the result to report success
+        let mut result = {
+            CheckerResult {
+                status: CheckStatus::PASS,
+                ..Default::default()
+            }
+        };
 
         // Recursively walk over all files in /var/log/journal and check perms
         for file in WalkDir::new("/var/log/journal")