1
0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-11-30 11:58:11 +00:00
kube-bench/cfg/eks-stig-kubernetes-v1r6/policies.yaml

34 lines
1.2 KiB
YAML
Raw Normal View History

---
controls:
version: "eks-stig-kubernetes-v1r6"
id: 4
text: "Policies"
type: "policies"
groups:
- id: 4.1
text: "Policies - DISA Category Code I"
checks:
- id: V-242381
text: "The Kubernetes Controller Manager must create unique service accounts for each work payload. (Manual)"
type: "manual"
remediation: |
Create explicit service accounts wherever a Kubernetes workload requires specific access
to the Kubernetes API server.
Modify the configuration of each default service account to include this value
automountServiceAccountToken: false
scored: false
- id: V-242383
text: "User-managed resources must be created in dedicated namespaces. (Manual)"
type: "manual"
remediation: |
Move any user-managed resources from the default, kube-public and kube-node-lease namespaces, to user namespaces.
scored: false
- id: V-242417
text: "Kubernetes must separate user functionality. (Manual)"
type: "manual"
remediation: |
Move any user pods that are present in the Kubernetes system namespaces to user specific namespaces.
scored: false