arno/kube-bench
1
0
Fork 0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-11-22 16:18:07 +00:00
Code Issues Releases Wiki Activity
fa478ce238
kube-bench/cfg/rh-0.7/node.yaml

310 lines
11 KiB
YAML
Raw Normal View History

Support Linting YAML as part of Travis CI build (#554) * add yamllint command to travis CI installs and runs a linter across the YAML in the project to ensure consistency in the written YAML. this uses yamllint and the default yamllint config with "truthy" and "line-length" disabled. * run dos2unix on CRLF files * YAMLLINT: remove trailing spaces * YAMLLint: add YAML document start * YAMLLint: too many spaces around bracket * YAMLLint: fix indentation * YAMLLint: remove duplicate key * YAMLLint: newline at end of file * YAMLLint: Too few spaces after comma * YAMLLint: too many spaces after colon
2020-01-06 09:18:25 +00:00
---
controls:
Add detected kubernetes version (#869) * Add detected kubernetes version to controls * Refactore NewControls function Now new Control function is expecting detected version argument. * Refactore NewControls function Now new Control function is expecting detected version argument. * Refactore NewControls function New Control function is expecting detected version argument. * Add detected kube version * add detecetedKubeVersion * Add detecetedKubeVersion * Add detectedKubeVersion * Add detecetedKubeVersion * Fix missing version * Change version Change version from 3.10 to rh-0.7 * fix version: "cis-1.5" * fix version: "cis-1.5" * fix version: "cis-1.5" * Fix version: "cis-1.5" * Fix version: "cis-1.5" * Fix version: "cis-1.6" * Fix version: "cis-1.6" * Fix version: "cis-1.6" * Fix version: "cis-1.6" * Fix version: "cis-1.6"
2021-05-09 11:48:34 +00:00
version: "rh-0.7"
Support Linting YAML as part of Travis CI build (#554) * add yamllint command to travis CI installs and runs a linter across the YAML in the project to ensure consistency in the written YAML. this uses yamllint and the default yamllint config with "truthy" and "line-length" disabled. * run dos2unix on CRLF files * YAMLLINT: remove trailing spaces * YAMLLint: add YAML document start * YAMLLint: too many spaces around bracket * YAMLLint: fix indentation * YAMLLint: remove duplicate key * YAMLLint: newline at end of file * YAMLLint: Too few spaces after comma * YAMLLint: too many spaces after colon
2020-01-06 09:18:25 +00:00
id: 2
text: "Worker Node Security Configuration"
type: "node"
groups:
- id: 7
text: "Kubelet"
checks:
- id: 7.1
text: "Use Security Context Constraints to manage privileged containers as needed"
type: "skip"
scored: true
- id: 7.2
text: "Ensure anonymous-auth is not disabled"
type: "skip"
scored: true
- id: 7.3
text: "Verify that the --authorization-mode argument is set to WebHook"
Update ocp 3.11 (#849) * Add OCP auto-detection * Add test for openshift * update and fix bugs update file to match with new kube-bench features and fix bugs * Update file and fix bugs update file to match with new kube-bench features and fix bugs * Remove specific configs Those configs could be set in main config.yaml * Update to include openshift files * fix typos * fix typo * Remove trailing spaces * Update util.go * Add tests for getOcpValidVersion
2021-03-24 16:06:54 +00:00
audit_config: "cat /etc/origin/node/node-config.yaml"
Support Linting YAML as part of Travis CI build (#554) * add yamllint command to travis CI installs and runs a linter across the YAML in the project to ensure consistency in the written YAML. this uses yamllint and the default yamllint config with "truthy" and "line-length" disabled. * run dos2unix on CRLF files * YAMLLINT: remove trailing spaces * YAMLLint: add YAML document start * YAMLLint: too many spaces around bracket * YAMLLint: fix indentation * YAMLLint: remove duplicate key * YAMLLint: newline at end of file * YAMLLint: Too few spaces after comma * YAMLLint: too many spaces after colon
2020-01-06 09:18:25 +00:00
tests:
bin_op: or
test_items:
Update ocp 3.11 (#849) * Add OCP auto-detection * Add test for openshift * update and fix bugs update file to match with new kube-bench features and fix bugs * Update file and fix bugs update file to match with new kube-bench features and fix bugs * Remove specific configs Those configs could be set in main config.yaml * Update to include openshift files * fix typos * fix typo * Remove trailing spaces * Update util.go * Add tests for getOcpValidVersion
2021-03-24 16:06:54 +00:00
- path: "{.kubeletArguments.authorization-mode}"
Support Linting YAML as part of Travis CI build (#554) * add yamllint command to travis CI installs and runs a linter across the YAML in the project to ensure consistency in the written YAML. this uses yamllint and the default yamllint config with "truthy" and "line-length" disabled. * run dos2unix on CRLF files * YAMLLINT: remove trailing spaces * YAMLLint: add YAML document start * YAMLLint: too many spaces around bracket * YAMLLint: fix indentation * YAMLLint: remove duplicate key * YAMLLint: newline at end of file * YAMLLint: Too few spaces after comma * YAMLLint: too many spaces after colon
2020-01-06 09:18:25 +00:00
set: false
Update ocp 3.11 (#849) * Add OCP auto-detection * Add test for openshift * update and fix bugs update file to match with new kube-bench features and fix bugs * Update file and fix bugs update file to match with new kube-bench features and fix bugs * Remove specific configs Those configs could be set in main config.yaml * Update to include openshift files * fix typos * fix typo * Remove trailing spaces * Update util.go * Add tests for getOcpValidVersion
2021-03-24 16:06:54 +00:00
- path: "{.kubeletArguments.authorization-mode}"
Support Linting YAML as part of Travis CI build (#554) * add yamllint command to travis CI installs and runs a linter across the YAML in the project to ensure consistency in the written YAML. this uses yamllint and the default yamllint config with "truthy" and "line-length" disabled. * run dos2unix on CRLF files * YAMLLINT: remove trailing spaces * YAMLLint: add YAML document start * YAMLLint: too many spaces around bracket * YAMLLint: fix indentation * YAMLLint: remove duplicate key * YAMLLint: newline at end of file * YAMLLint: Too few spaces after comma * YAMLLint: too many spaces after colon
2020-01-06 09:18:25 +00:00
compare:
op: has
value: "Webhook"
remediation: |
Edit the Openshift node config file /etc/origin/node/node-config.yaml and remove authorization-mode under
kubeletArguments in /etc/origin/node/node-config.yaml or set it to "Webhook".
scored: true
- id: 7.4
text: "Verify the OpenShift default for the client-ca-file argument"
Update ocp 3.11 (#849) * Add OCP auto-detection * Add test for openshift * update and fix bugs update file to match with new kube-bench features and fix bugs * Update file and fix bugs update file to match with new kube-bench features and fix bugs * Remove specific configs Those configs could be set in main config.yaml * Update to include openshift files * fix typos * fix typo * Remove trailing spaces * Update util.go * Add tests for getOcpValidVersion
2021-03-24 16:06:54 +00:00
audit_config: "cat /etc/origin/node/node-config.yaml"
Support Linting YAML as part of Travis CI build (#554) * add yamllint command to travis CI installs and runs a linter across the YAML in the project to ensure consistency in the written YAML. this uses yamllint and the default yamllint config with "truthy" and "line-length" disabled. * run dos2unix on CRLF files * YAMLLINT: remove trailing spaces * YAMLLint: add YAML document start * YAMLLint: too many spaces around bracket * YAMLLint: fix indentation * YAMLLint: remove duplicate key * YAMLLint: newline at end of file * YAMLLint: Too few spaces after comma * YAMLLint: too many spaces after colon
2020-01-06 09:18:25 +00:00
tests:
test_items:
Update ocp 3.11 (#849) * Add OCP auto-detection * Add test for openshift * update and fix bugs update file to match with new kube-bench features and fix bugs * Update file and fix bugs update file to match with new kube-bench features and fix bugs * Remove specific configs Those configs could be set in main config.yaml * Update to include openshift files * fix typos * fix typo * Remove trailing spaces * Update util.go * Add tests for getOcpValidVersion
2021-03-24 16:06:54 +00:00
- path: "{.PodManifestConfig.client-ca-file}"
Support Linting YAML as part of Travis CI build (#554) * add yamllint command to travis CI installs and runs a linter across the YAML in the project to ensure consistency in the written YAML. this uses yamllint and the default yamllint config with "truthy" and "line-length" disabled. * run dos2unix on CRLF files * YAMLLINT: remove trailing spaces * YAMLLint: add YAML document start * YAMLLint: too many spaces around bracket * YAMLLint: fix indentation * YAMLLint: remove duplicate key * YAMLLint: newline at end of file * YAMLLint: Too few spaces after comma * YAMLLint: too many spaces after colon
2020-01-06 09:18:25 +00:00
set: false
remediation: |
Edit the Openshift node config file /etc/origin/node/node-config.yaml and remove any configuration returned by the following:
grep -A1 client-ca-file /etc/origin/node/node-config.yaml
Reset to the OpenShift default.
See https://github.com/openshift/openshift-ansible/blob/release-3.10/roles/openshift_node_group/templates/node-config.yaml.j2#L65
The config file does not have this defined in kubeletArgument, but in PodManifestConfig.
scored: true
- id: 7.5
text: "Verify the OpenShift default setting for the read-only-port argument"
Update ocp 3.11 (#849) * Add OCP auto-detection * Add test for openshift * update and fix bugs update file to match with new kube-bench features and fix bugs * Update file and fix bugs update file to match with new kube-bench features and fix bugs * Remove specific configs Those configs could be set in main config.yaml * Update to include openshift files * fix typos * fix typo * Remove trailing spaces * Update util.go * Add tests for getOcpValidVersion
2021-03-24 16:06:54 +00:00
audit_config: "cat /etc/origin/node/node-config.yaml"
Support Linting YAML as part of Travis CI build (#554) * add yamllint command to travis CI installs and runs a linter across the YAML in the project to ensure consistency in the written YAML. this uses yamllint and the default yamllint config with "truthy" and "line-length" disabled. * run dos2unix on CRLF files * YAMLLINT: remove trailing spaces * YAMLLint: add YAML document start * YAMLLint: too many spaces around bracket * YAMLLint: fix indentation * YAMLLint: remove duplicate key * YAMLLint: newline at end of file * YAMLLint: Too few spaces after comma * YAMLLint: too many spaces after colon
2020-01-06 09:18:25 +00:00
tests:
bin_op: or
test_items:
Update ocp 3.11 (#849) * Add OCP auto-detection * Add test for openshift * update and fix bugs update file to match with new kube-bench features and fix bugs * Update file and fix bugs update file to match with new kube-bench features and fix bugs * Remove specific configs Those configs could be set in main config.yaml * Update to include openshift files * fix typos * fix typo * Remove trailing spaces * Update util.go * Add tests for getOcpValidVersion
2021-03-24 16:06:54 +00:00
- path: "{.kubeletArguments.read-only-port}"
Support Linting YAML as part of Travis CI build (#554) * add yamllint command to travis CI installs and runs a linter across the YAML in the project to ensure consistency in the written YAML. this uses yamllint and the default yamllint config with "truthy" and "line-length" disabled. * run dos2unix on CRLF files * YAMLLINT: remove trailing spaces * YAMLLint: add YAML document start * YAMLLint: too many spaces around bracket * YAMLLint: fix indentation * YAMLLint: remove duplicate key * YAMLLint: newline at end of file * YAMLLint: Too few spaces after comma * YAMLLint: too many spaces after colon
2020-01-06 09:18:25 +00:00
set: false
Update ocp 3.11 (#849) * Add OCP auto-detection * Add test for openshift * update and fix bugs update file to match with new kube-bench features and fix bugs * Update file and fix bugs update file to match with new kube-bench features and fix bugs * Remove specific configs Those configs could be set in main config.yaml * Update to include openshift files * fix typos * fix typo * Remove trailing spaces * Update util.go * Add tests for getOcpValidVersion
2021-03-24 16:06:54 +00:00
- path: "{.kubeletArguments.read-only-port}"
Support Linting YAML as part of Travis CI build (#554) * add yamllint command to travis CI installs and runs a linter across the YAML in the project to ensure consistency in the written YAML. this uses yamllint and the default yamllint config with "truthy" and "line-length" disabled. * run dos2unix on CRLF files * YAMLLINT: remove trailing spaces * YAMLLint: add YAML document start * YAMLLint: too many spaces around bracket * YAMLLint: fix indentation * YAMLLint: remove duplicate key * YAMLLint: newline at end of file * YAMLLint: Too few spaces after comma * YAMLLint: too many spaces after colon
2020-01-06 09:18:25 +00:00
compare:
Update ocp 3.11 (#849) * Add OCP auto-detection * Add test for openshift * update and fix bugs update file to match with new kube-bench features and fix bugs * Update file and fix bugs update file to match with new kube-bench features and fix bugs * Remove specific configs Those configs could be set in main config.yaml * Update to include openshift files * fix typos * fix typo * Remove trailing spaces * Update util.go * Add tests for getOcpValidVersion
2021-03-24 16:06:54 +00:00
op: eq
Support Linting YAML as part of Travis CI build (#554) * add yamllint command to travis CI installs and runs a linter across the YAML in the project to ensure consistency in the written YAML. this uses yamllint and the default yamllint config with "truthy" and "line-length" disabled. * run dos2unix on CRLF files * YAMLLINT: remove trailing spaces * YAMLLint: add YAML document start * YAMLLint: too many spaces around bracket * YAMLLint: fix indentation * YAMLLint: remove duplicate key * YAMLLint: newline at end of file * YAMLLint: Too few spaces after comma * YAMLLint: too many spaces after colon
2020-01-06 09:18:25 +00:00
value: "0"
remediation: |
Edit the Openshift node config file /etc/origin/node/node-config.yaml and removed so that the OpenShift default is applied.
scored: true
- id: 7.6
text: "Adjust the streaming-connection-idle-timeout argument"
Update ocp 3.11 (#849) * Add OCP auto-detection * Add test for openshift * update and fix bugs update file to match with new kube-bench features and fix bugs * Update file and fix bugs update file to match with new kube-bench features and fix bugs * Remove specific configs Those configs could be set in main config.yaml * Update to include openshift files * fix typos * fix typo * Remove trailing spaces * Update util.go * Add tests for getOcpValidVersion
2021-03-24 16:06:54 +00:00
audit_config: "cat /etc/origin/node/node-config.yaml"
Support Linting YAML as part of Travis CI build (#554) * add yamllint command to travis CI installs and runs a linter across the YAML in the project to ensure consistency in the written YAML. this uses yamllint and the default yamllint config with "truthy" and "line-length" disabled. * run dos2unix on CRLF files * YAMLLINT: remove trailing spaces * YAMLLint: add YAML document start * YAMLLint: too many spaces around bracket * YAMLLint: fix indentation * YAMLLint: remove duplicate key * YAMLLint: newline at end of file * YAMLLint: Too few spaces after comma * YAMLLint: too many spaces after colon
2020-01-06 09:18:25 +00:00
tests:
bin_op: or
test_items:
Update ocp 3.11 (#849) * Add OCP auto-detection * Add test for openshift * update and fix bugs update file to match with new kube-bench features and fix bugs * Update file and fix bugs update file to match with new kube-bench features and fix bugs * Remove specific configs Those configs could be set in main config.yaml * Update to include openshift files * fix typos * fix typo * Remove trailing spaces * Update util.go * Add tests for getOcpValidVersion
2021-03-24 16:06:54 +00:00
- path: "{.kubeletArguments.streaming-connection-idle-timeout}"
Support Linting YAML as part of Travis CI build (#554) * add yamllint command to travis CI installs and runs a linter across the YAML in the project to ensure consistency in the written YAML. this uses yamllint and the default yamllint config with "truthy" and "line-length" disabled. * run dos2unix on CRLF files * YAMLLINT: remove trailing spaces * YAMLLint: add YAML document start * YAMLLint: too many spaces around bracket * YAMLLint: fix indentation * YAMLLint: remove duplicate key * YAMLLint: newline at end of file * YAMLLint: Too few spaces after comma * YAMLLint: too many spaces after colon
2020-01-06 09:18:25 +00:00
set: false
Update ocp 3.11 (#849) * Add OCP auto-detection * Add test for openshift * update and fix bugs update file to match with new kube-bench features and fix bugs * Update file and fix bugs update file to match with new kube-bench features and fix bugs * Remove specific configs Those configs could be set in main config.yaml * Update to include openshift files * fix typos * fix typo * Remove trailing spaces * Update util.go * Add tests for getOcpValidVersion
2021-03-24 16:06:54 +00:00
- path: "{.kubeletArguments.streaming-connection-idle-timeout}"
compare:
op: eq
value: "5m"
Support Linting YAML as part of Travis CI build (#554) * add yamllint command to travis CI installs and runs a linter across the YAML in the project to ensure consistency in the written YAML. this uses yamllint and the default yamllint config with "truthy" and "line-length" disabled. * run dos2unix on CRLF files * YAMLLINT: remove trailing spaces * YAMLLint: add YAML document start * YAMLLint: too many spaces around bracket * YAMLLint: fix indentation * YAMLLint: remove duplicate key * YAMLLint: newline at end of file * YAMLLint: Too few spaces after comma * YAMLLint: too many spaces after colon
2020-01-06 09:18:25 +00:00
remediation: |
Edit the Openshift node config file /etc/origin/node/node-config.yaml and set the streaming-connection-timeout
value like the following in node-config.yaml.
kubeletArguments:
 streaming-connection-idle-timeout:
   - "5m"
scored: true
- id: 7.7
text: "Verify the OpenShift defaults for the protect-kernel-defaults argument"
type: "skip"
scored: true
- id: 7.8
text: "Verify the OpenShift default value of true for the make-iptables-util-chains argument"
Update ocp 3.11 (#849) * Add OCP auto-detection * Add test for openshift * update and fix bugs update file to match with new kube-bench features and fix bugs * Update file and fix bugs update file to match with new kube-bench features and fix bugs * Remove specific configs Those configs could be set in main config.yaml * Update to include openshift files * fix typos * fix typo * Remove trailing spaces * Update util.go * Add tests for getOcpValidVersion
2021-03-24 16:06:54 +00:00
audit_config: "cat /etc/origin/node/node-config.yaml"
Support Linting YAML as part of Travis CI build (#554) * add yamllint command to travis CI installs and runs a linter across the YAML in the project to ensure consistency in the written YAML. this uses yamllint and the default yamllint config with "truthy" and "line-length" disabled. * run dos2unix on CRLF files * YAMLLINT: remove trailing spaces * YAMLLint: add YAML document start * YAMLLint: too many spaces around bracket * YAMLLint: fix indentation * YAMLLint: remove duplicate key * YAMLLint: newline at end of file * YAMLLint: Too few spaces after comma * YAMLLint: too many spaces after colon
2020-01-06 09:18:25 +00:00
tests:
bin_op: or
test_items:
Update ocp 3.11 (#849) * Add OCP auto-detection * Add test for openshift * update and fix bugs update file to match with new kube-bench features and fix bugs * Update file and fix bugs update file to match with new kube-bench features and fix bugs * Remove specific configs Those configs could be set in main config.yaml * Update to include openshift files * fix typos * fix typo * Remove trailing spaces * Update util.go * Add tests for getOcpValidVersion
2021-03-24 16:06:54 +00:00
- path: "{.kubeletArguments.make-iptables-util-chains}"
Support Linting YAML as part of Travis CI build (#554) * add yamllint command to travis CI installs and runs a linter across the YAML in the project to ensure consistency in the written YAML. this uses yamllint and the default yamllint config with "truthy" and "line-length" disabled. * run dos2unix on CRLF files * YAMLLINT: remove trailing spaces * YAMLLint: add YAML document start * YAMLLint: too many spaces around bracket * YAMLLint: fix indentation * YAMLLint: remove duplicate key * YAMLLint: newline at end of file * YAMLLint: Too few spaces after comma * YAMLLint: too many spaces after colon
2020-01-06 09:18:25 +00:00
set: false
Update ocp 3.11 (#849) * Add OCP auto-detection * Add test for openshift * update and fix bugs update file to match with new kube-bench features and fix bugs * Update file and fix bugs update file to match with new kube-bench features and fix bugs * Remove specific configs Those configs could be set in main config.yaml * Update to include openshift files * fix typos * fix typo * Remove trailing spaces * Update util.go * Add tests for getOcpValidVersion
2021-03-24 16:06:54 +00:00
- path: "{.kubeletArguments.make-iptables-util-chains}"
Support Linting YAML as part of Travis CI build (#554) * add yamllint command to travis CI installs and runs a linter across the YAML in the project to ensure consistency in the written YAML. this uses yamllint and the default yamllint config with "truthy" and "line-length" disabled. * run dos2unix on CRLF files * YAMLLINT: remove trailing spaces * YAMLLint: add YAML document start * YAMLLint: too many spaces around bracket * YAMLLint: fix indentation * YAMLLint: remove duplicate key * YAMLLint: newline at end of file * YAMLLint: Too few spaces after comma * YAMLLint: too many spaces after colon
2020-01-06 09:18:25 +00:00
compare:
Update ocp 3.11 (#849) * Add OCP auto-detection * Add test for openshift * update and fix bugs update file to match with new kube-bench features and fix bugs * Update file and fix bugs update file to match with new kube-bench features and fix bugs * Remove specific configs Those configs could be set in main config.yaml * Update to include openshift files * fix typos * fix typo * Remove trailing spaces * Update util.go * Add tests for getOcpValidVersion
2021-03-24 16:06:54 +00:00
op: eq
Support Linting YAML as part of Travis CI build (#554) * add yamllint command to travis CI installs and runs a linter across the YAML in the project to ensure consistency in the written YAML. this uses yamllint and the default yamllint config with "truthy" and "line-length" disabled. * run dos2unix on CRLF files * YAMLLINT: remove trailing spaces * YAMLLint: add YAML document start * YAMLLint: too many spaces around bracket * YAMLLint: fix indentation * YAMLLint: remove duplicate key * YAMLLint: newline at end of file * YAMLLint: Too few spaces after comma * YAMLLint: too many spaces after colon
2020-01-06 09:18:25 +00:00
value: "true"
remediation: |
Edit the Openshift node config file /etc/origin/node/node-config.yaml and reset make-iptables-util-chains to the OpenShift
default value of true.
scored: true
- id: 7.9
text: "Verify that the --keep-terminated-pod-volumes argument is set to false"
Update ocp 3.11 (#849) * Add OCP auto-detection * Add test for openshift * update and fix bugs update file to match with new kube-bench features and fix bugs * Update file and fix bugs update file to match with new kube-bench features and fix bugs * Remove specific configs Those configs could be set in main config.yaml * Update to include openshift files * fix typos * fix typo * Remove trailing spaces * Update util.go * Add tests for getOcpValidVersion
2021-03-24 16:06:54 +00:00
audit_config: "cat /etc/origin/node/node-config.yaml"
Support Linting YAML as part of Travis CI build (#554) * add yamllint command to travis CI installs and runs a linter across the YAML in the project to ensure consistency in the written YAML. this uses yamllint and the default yamllint config with "truthy" and "line-length" disabled. * run dos2unix on CRLF files * YAMLLINT: remove trailing spaces * YAMLLint: add YAML document start * YAMLLint: too many spaces around bracket * YAMLLint: fix indentation * YAMLLint: remove duplicate key * YAMLLint: newline at end of file * YAMLLint: Too few spaces after comma * YAMLLint: too many spaces after colon
2020-01-06 09:18:25 +00:00
tests:
Update ocp 3.11 (#849) * Add OCP auto-detection * Add test for openshift * update and fix bugs update file to match with new kube-bench features and fix bugs * Update file and fix bugs update file to match with new kube-bench features and fix bugs * Remove specific configs Those configs could be set in main config.yaml * Update to include openshift files * fix typos * fix typo * Remove trailing spaces * Update util.go * Add tests for getOcpValidVersion
2021-03-24 16:06:54 +00:00
bin_op: or
Support Linting YAML as part of Travis CI build (#554) * add yamllint command to travis CI installs and runs a linter across the YAML in the project to ensure consistency in the written YAML. this uses yamllint and the default yamllint config with "truthy" and "line-length" disabled. * run dos2unix on CRLF files * YAMLLINT: remove trailing spaces * YAMLLint: add YAML document start * YAMLLint: too many spaces around bracket * YAMLLint: fix indentation * YAMLLint: remove duplicate key * YAMLLint: newline at end of file * YAMLLint: Too few spaces after comma * YAMLLint: too many spaces after colon
2020-01-06 09:18:25 +00:00
test_items:
Update ocp 3.11 (#849) * Add OCP auto-detection * Add test for openshift * update and fix bugs update file to match with new kube-bench features and fix bugs * Update file and fix bugs update file to match with new kube-bench features and fix bugs * Remove specific configs Those configs could be set in main config.yaml * Update to include openshift files * fix typos * fix typo * Remove trailing spaces * Update util.go * Add tests for getOcpValidVersion
2021-03-24 16:06:54 +00:00
- path: "{.kubeletArguments.keep-terminated-pod-volumes}"
set: false
- path: "{.kubeletArguments.keep-terminated-pod-volumes}"
Support Linting YAML as part of Travis CI build (#554) * add yamllint command to travis CI installs and runs a linter across the YAML in the project to ensure consistency in the written YAML. this uses yamllint and the default yamllint config with "truthy" and "line-length" disabled. * run dos2unix on CRLF files * YAMLLINT: remove trailing spaces * YAMLLint: add YAML document start * YAMLLint: too many spaces around bracket * YAMLLint: fix indentation * YAMLLint: remove duplicate key * YAMLLint: newline at end of file * YAMLLint: Too few spaces after comma * YAMLLint: too many spaces after colon
2020-01-06 09:18:25 +00:00
compare:
Update ocp 3.11 (#849) * Add OCP auto-detection * Add test for openshift * update and fix bugs update file to match with new kube-bench features and fix bugs * Update file and fix bugs update file to match with new kube-bench features and fix bugs * Remove specific configs Those configs could be set in main config.yaml * Update to include openshift files * fix typos * fix typo * Remove trailing spaces * Update util.go * Add tests for getOcpValidVersion
2021-03-24 16:06:54 +00:00
op: eq
Support Linting YAML as part of Travis CI build (#554) * add yamllint command to travis CI installs and runs a linter across the YAML in the project to ensure consistency in the written YAML. this uses yamllint and the default yamllint config with "truthy" and "line-length" disabled. * run dos2unix on CRLF files * YAMLLINT: remove trailing spaces * YAMLLint: add YAML document start * YAMLLint: too many spaces around bracket * YAMLLint: fix indentation * YAMLLint: remove duplicate key * YAMLLint: newline at end of file * YAMLLint: Too few spaces after comma * YAMLLint: too many spaces after colon
2020-01-06 09:18:25 +00:00
value: "false"
remediation: |
Reset to the OpenShift defaults
scored: true
- id: 7.10
text: "Verify the OpenShift defaults for the hostname-override argument"
type: "skip"
scored: true
- id: 7.11
text: "Set the --event-qps argument to 0"
Update ocp 3.11 (#849) * Add OCP auto-detection * Add test for openshift * update and fix bugs update file to match with new kube-bench features and fix bugs * Update file and fix bugs update file to match with new kube-bench features and fix bugs * Remove specific configs Those configs could be set in main config.yaml * Update to include openshift files * fix typos * fix typo * Remove trailing spaces * Update util.go * Add tests for getOcpValidVersion
2021-03-24 16:06:54 +00:00
audit_config: "cat /etc/origin/node/node-config.yaml"
Support Linting YAML as part of Travis CI build (#554) * add yamllint command to travis CI installs and runs a linter across the YAML in the project to ensure consistency in the written YAML. this uses yamllint and the default yamllint config with "truthy" and "line-length" disabled. * run dos2unix on CRLF files * YAMLLINT: remove trailing spaces * YAMLLint: add YAML document start * YAMLLint: too many spaces around bracket * YAMLLint: fix indentation * YAMLLint: remove duplicate key * YAMLLint: newline at end of file * YAMLLint: Too few spaces after comma * YAMLLint: too many spaces after colon
2020-01-06 09:18:25 +00:00
tests:
bin_op: or
test_items:
Update ocp 3.11 (#849) * Add OCP auto-detection * Add test for openshift * update and fix bugs update file to match with new kube-bench features and fix bugs * Update file and fix bugs update file to match with new kube-bench features and fix bugs * Remove specific configs Those configs could be set in main config.yaml * Update to include openshift files * fix typos * fix typo * Remove trailing spaces * Update util.go * Add tests for getOcpValidVersion
2021-03-24 16:06:54 +00:00
- path: "{.kubeletArguments.event-qps}"
Support Linting YAML as part of Travis CI build (#554) * add yamllint command to travis CI installs and runs a linter across the YAML in the project to ensure consistency in the written YAML. this uses yamllint and the default yamllint config with "truthy" and "line-length" disabled. * run dos2unix on CRLF files * YAMLLINT: remove trailing spaces * YAMLLint: add YAML document start * YAMLLint: too many spaces around bracket * YAMLLint: fix indentation * YAMLLint: remove duplicate key * YAMLLint: newline at end of file * YAMLLint: Too few spaces after comma * YAMLLint: too many spaces after colon
2020-01-06 09:18:25 +00:00
set: false
Update ocp 3.11 (#849) * Add OCP auto-detection * Add test for openshift * update and fix bugs update file to match with new kube-bench features and fix bugs * Update file and fix bugs update file to match with new kube-bench features and fix bugs * Remove specific configs Those configs could be set in main config.yaml * Update to include openshift files * fix typos * fix typo * Remove trailing spaces * Update util.go * Add tests for getOcpValidVersion
2021-03-24 16:06:54 +00:00
- path: "{.kubeletArguments.event-qps}"
Support Linting YAML as part of Travis CI build (#554) * add yamllint command to travis CI installs and runs a linter across the YAML in the project to ensure consistency in the written YAML. this uses yamllint and the default yamllint config with "truthy" and "line-length" disabled. * run dos2unix on CRLF files * YAMLLINT: remove trailing spaces * YAMLLint: add YAML document start * YAMLLint: too many spaces around bracket * YAMLLint: fix indentation * YAMLLint: remove duplicate key * YAMLLint: newline at end of file * YAMLLint: Too few spaces after comma * YAMLLint: too many spaces after colon
2020-01-06 09:18:25 +00:00
compare:
Update ocp 3.11 (#849) * Add OCP auto-detection * Add test for openshift * update and fix bugs update file to match with new kube-bench features and fix bugs * Update file and fix bugs update file to match with new kube-bench features and fix bugs * Remove specific configs Those configs could be set in main config.yaml * Update to include openshift files * fix typos * fix typo * Remove trailing spaces * Update util.go * Add tests for getOcpValidVersion
2021-03-24 16:06:54 +00:00
op: eq
Support Linting YAML as part of Travis CI build (#554) * add yamllint command to travis CI installs and runs a linter across the YAML in the project to ensure consistency in the written YAML. this uses yamllint and the default yamllint config with "truthy" and "line-length" disabled. * run dos2unix on CRLF files * YAMLLINT: remove trailing spaces * YAMLLint: add YAML document start * YAMLLint: too many spaces around bracket * YAMLLint: fix indentation * YAMLLint: remove duplicate key * YAMLLint: newline at end of file * YAMLLint: Too few spaces after comma * YAMLLint: too many spaces after colon
2020-01-06 09:18:25 +00:00
value: "0"
remediation: |
Edit the Openshift node config file /etc/origin/node/node-config.yaml set the event-qps argument to 0 in
the kubeletArguments section of.
scored: true
- id: 7.12
text: "Verify the OpenShift cert-dir flag for HTTPS traffic"
Update ocp 3.11 (#849) * Add OCP auto-detection * Add test for openshift * update and fix bugs update file to match with new kube-bench features and fix bugs * Update file and fix bugs update file to match with new kube-bench features and fix bugs * Remove specific configs Those configs could be set in main config.yaml * Update to include openshift files * fix typos * fix typo * Remove trailing spaces * Update util.go * Add tests for getOcpValidVersion
2021-03-24 16:06:54 +00:00
audit_config: "cat /etc/origin/node/node-config.yaml"
Support Linting YAML as part of Travis CI build (#554) * add yamllint command to travis CI installs and runs a linter across the YAML in the project to ensure consistency in the written YAML. this uses yamllint and the default yamllint config with "truthy" and "line-length" disabled. * run dos2unix on CRLF files * YAMLLINT: remove trailing spaces * YAMLLint: add YAML document start * YAMLLint: too many spaces around bracket * YAMLLint: fix indentation * YAMLLint: remove duplicate key * YAMLLint: newline at end of file * YAMLLint: Too few spaces after comma * YAMLLint: too many spaces after colon
2020-01-06 09:18:25 +00:00
tests:
test_items:
Update ocp 3.11 (#849) * Add OCP auto-detection * Add test for openshift * update and fix bugs update file to match with new kube-bench features and fix bugs * Update file and fix bugs update file to match with new kube-bench features and fix bugs * Remove specific configs Those configs could be set in main config.yaml * Update to include openshift files * fix typos * fix typo * Remove trailing spaces * Update util.go * Add tests for getOcpValidVersion
2021-03-24 16:06:54 +00:00
- path: "{.kubeletArguments.cert-dir}"
Support Linting YAML as part of Travis CI build (#554) * add yamllint command to travis CI installs and runs a linter across the YAML in the project to ensure consistency in the written YAML. this uses yamllint and the default yamllint config with "truthy" and "line-length" disabled. * run dos2unix on CRLF files * YAMLLINT: remove trailing spaces * YAMLLint: add YAML document start * YAMLLint: too many spaces around bracket * YAMLLint: fix indentation * YAMLLint: remove duplicate key * YAMLLint: newline at end of file * YAMLLint: Too few spaces after comma * YAMLLint: too many spaces after colon
2020-01-06 09:18:25 +00:00
compare:
op: has
value: "/etc/origin/node/certificates"
remediation: |
Reset to the OpenShift default values.
scored: true
- id: 7.13
text: "Verify the OpenShift default of 0 for the cadvisor-port argument"
Update ocp 3.11 (#849) * Add OCP auto-detection * Add test for openshift * update and fix bugs update file to match with new kube-bench features and fix bugs * Update file and fix bugs update file to match with new kube-bench features and fix bugs * Remove specific configs Those configs could be set in main config.yaml * Update to include openshift files * fix typos * fix typo * Remove trailing spaces * Update util.go * Add tests for getOcpValidVersion
2021-03-24 16:06:54 +00:00
audit_config: "cat /etc/origin/node/node-config.yaml"
Support Linting YAML as part of Travis CI build (#554) * add yamllint command to travis CI installs and runs a linter across the YAML in the project to ensure consistency in the written YAML. this uses yamllint and the default yamllint config with "truthy" and "line-length" disabled. * run dos2unix on CRLF files * YAMLLINT: remove trailing spaces * YAMLLint: add YAML document start * YAMLLint: too many spaces around bracket * YAMLLint: fix indentation * YAMLLint: remove duplicate key * YAMLLint: newline at end of file * YAMLLint: Too few spaces after comma * YAMLLint: too many spaces after colon
2020-01-06 09:18:25 +00:00
tests:
bin_op: or
test_items:
Update ocp 3.11 (#849) * Add OCP auto-detection * Add test for openshift * update and fix bugs update file to match with new kube-bench features and fix bugs * Update file and fix bugs update file to match with new kube-bench features and fix bugs * Remove specific configs Those configs could be set in main config.yaml * Update to include openshift files * fix typos * fix typo * Remove trailing spaces * Update util.go * Add tests for getOcpValidVersion
2021-03-24 16:06:54 +00:00
- path: "{.kubeletArguments.cadvisor-port}"
Support Linting YAML as part of Travis CI build (#554) * add yamllint command to travis CI installs and runs a linter across the YAML in the project to ensure consistency in the written YAML. this uses yamllint and the default yamllint config with "truthy" and "line-length" disabled. * run dos2unix on CRLF files * YAMLLINT: remove trailing spaces * YAMLLint: add YAML document start * YAMLLint: too many spaces around bracket * YAMLLint: fix indentation * YAMLLint: remove duplicate key * YAMLLint: newline at end of file * YAMLLint: Too few spaces after comma * YAMLLint: too many spaces after colon
2020-01-06 09:18:25 +00:00
set: false
Update ocp 3.11 (#849) * Add OCP auto-detection * Add test for openshift * update and fix bugs update file to match with new kube-bench features and fix bugs * Update file and fix bugs update file to match with new kube-bench features and fix bugs * Remove specific configs Those configs could be set in main config.yaml * Update to include openshift files * fix typos * fix typo * Remove trailing spaces * Update util.go * Add tests for getOcpValidVersion
2021-03-24 16:06:54 +00:00
- path: "{.kubeletArguments.cadvisor-port}"
Support Linting YAML as part of Travis CI build (#554) * add yamllint command to travis CI installs and runs a linter across the YAML in the project to ensure consistency in the written YAML. this uses yamllint and the default yamllint config with "truthy" and "line-length" disabled. * run dos2unix on CRLF files * YAMLLINT: remove trailing spaces * YAMLLint: add YAML document start * YAMLLint: too many spaces around bracket * YAMLLint: fix indentation * YAMLLint: remove duplicate key * YAMLLint: newline at end of file * YAMLLint: Too few spaces after comma * YAMLLint: too many spaces after colon
2020-01-06 09:18:25 +00:00
compare:
Update ocp 3.11 (#849) * Add OCP auto-detection * Add test for openshift * update and fix bugs update file to match with new kube-bench features and fix bugs * Update file and fix bugs update file to match with new kube-bench features and fix bugs * Remove specific configs Those configs could be set in main config.yaml * Update to include openshift files * fix typos * fix typo * Remove trailing spaces * Update util.go * Add tests for getOcpValidVersion
2021-03-24 16:06:54 +00:00
op: eq
Support Linting YAML as part of Travis CI build (#554) * add yamllint command to travis CI installs and runs a linter across the YAML in the project to ensure consistency in the written YAML. this uses yamllint and the default yamllint config with "truthy" and "line-length" disabled. * run dos2unix on CRLF files * YAMLLINT: remove trailing spaces * YAMLLint: add YAML document start * YAMLLint: too many spaces around bracket * YAMLLint: fix indentation * YAMLLint: remove duplicate key * YAMLLint: newline at end of file * YAMLLint: Too few spaces after comma * YAMLLint: too many spaces after colon
2020-01-06 09:18:25 +00:00
value: "0"
remediation: |
Edit the Openshift node config file /etc/origin/node/node-config.yaml and remove the cadvisor-port flag
if it is set in the kubeletArguments section.
scored: true
- id: 7.14
text: "Verify that the RotateKubeletClientCertificate argument is set to true"
Update ocp 3.11 (#849) * Add OCP auto-detection * Add test for openshift * update and fix bugs update file to match with new kube-bench features and fix bugs * Update file and fix bugs update file to match with new kube-bench features and fix bugs * Remove specific configs Those configs could be set in main config.yaml * Update to include openshift files * fix typos * fix typo * Remove trailing spaces * Update util.go * Add tests for getOcpValidVersion
2021-03-24 16:06:54 +00:00
audit_config: "cat /etc/origin/node/node-config.yaml"
Support Linting YAML as part of Travis CI build (#554) * add yamllint command to travis CI installs and runs a linter across the YAML in the project to ensure consistency in the written YAML. this uses yamllint and the default yamllint config with "truthy" and "line-length" disabled. * run dos2unix on CRLF files * YAMLLINT: remove trailing spaces * YAMLLint: add YAML document start * YAMLLint: too many spaces around bracket * YAMLLint: fix indentation * YAMLLint: remove duplicate key * YAMLLint: newline at end of file * YAMLLint: Too few spaces after comma * YAMLLint: too many spaces after colon
2020-01-06 09:18:25 +00:00
tests:
test_items:
Update ocp 3.11 (#849) * Add OCP auto-detection * Add test for openshift * update and fix bugs update file to match with new kube-bench features and fix bugs * Update file and fix bugs update file to match with new kube-bench features and fix bugs * Remove specific configs Those configs could be set in main config.yaml * Update to include openshift files * fix typos * fix typo * Remove trailing spaces * Update util.go * Add tests for getOcpValidVersion
2021-03-24 16:06:54 +00:00
- path: "{.kubeletArguments.feature-gates}"
Support Linting YAML as part of Travis CI build (#554) * add yamllint command to travis CI installs and runs a linter across the YAML in the project to ensure consistency in the written YAML. this uses yamllint and the default yamllint config with "truthy" and "line-length" disabled. * run dos2unix on CRLF files * YAMLLINT: remove trailing spaces * YAMLLint: add YAML document start * YAMLLint: too many spaces around bracket * YAMLLint: fix indentation * YAMLLint: remove duplicate key * YAMLLint: newline at end of file * YAMLLint: Too few spaces after comma * YAMLLint: too many spaces after colon
2020-01-06 09:18:25 +00:00
compare:
op: has
Update ocp 3.11 (#849) * Add OCP auto-detection * Add test for openshift * update and fix bugs update file to match with new kube-bench features and fix bugs * Update file and fix bugs update file to match with new kube-bench features and fix bugs * Remove specific configs Those configs could be set in main config.yaml * Update to include openshift files * fix typos * fix typo * Remove trailing spaces * Update util.go * Add tests for getOcpValidVersion
2021-03-24 16:06:54 +00:00
value: "RotateKubeletClientCertificate=true"
Support Linting YAML as part of Travis CI build (#554) * add yamllint command to travis CI installs and runs a linter across the YAML in the project to ensure consistency in the written YAML. this uses yamllint and the default yamllint config with "truthy" and "line-length" disabled. * run dos2unix on CRLF files * YAMLLINT: remove trailing spaces * YAMLLint: add YAML document start * YAMLLint: too many spaces around bracket * YAMLLint: fix indentation * YAMLLint: remove duplicate key * YAMLLint: newline at end of file * YAMLLint: Too few spaces after comma * YAMLLint: too many spaces after colon
2020-01-06 09:18:25 +00:00
remediation: |
Edit the Openshift node config file /etc/origin/node/node-config.yaml and set RotateKubeletClientCertificate to true.
scored: true
- id: 7.15
text: "Verify that the RotateKubeletServerCertificate argument is set to true"
Update ocp 3.11 (#849) * Add OCP auto-detection * Add test for openshift * update and fix bugs update file to match with new kube-bench features and fix bugs * Update file and fix bugs update file to match with new kube-bench features and fix bugs * Remove specific configs Those configs could be set in main config.yaml * Update to include openshift files * fix typos * fix typo * Remove trailing spaces * Update util.go * Add tests for getOcpValidVersion
2021-03-24 16:06:54 +00:00
audit_config: "cat /etc/origin/node/node-config.yaml"
Support Linting YAML as part of Travis CI build (#554) * add yamllint command to travis CI installs and runs a linter across the YAML in the project to ensure consistency in the written YAML. this uses yamllint and the default yamllint config with "truthy" and "line-length" disabled. * run dos2unix on CRLF files * YAMLLINT: remove trailing spaces * YAMLLint: add YAML document start * YAMLLint: too many spaces around bracket * YAMLLint: fix indentation * YAMLLint: remove duplicate key * YAMLLint: newline at end of file * YAMLLint: Too few spaces after comma * YAMLLint: too many spaces after colon
2020-01-06 09:18:25 +00:00
tests:
test_items:
Update ocp 3.11 (#849) * Add OCP auto-detection * Add test for openshift * update and fix bugs update file to match with new kube-bench features and fix bugs * Update file and fix bugs update file to match with new kube-bench features and fix bugs * Remove specific configs Those configs could be set in main config.yaml * Update to include openshift files * fix typos * fix typo * Remove trailing spaces * Update util.go * Add tests for getOcpValidVersion
2021-03-24 16:06:54 +00:00
- path: "{.kubeletArguments.feature-gates}"
Support Linting YAML as part of Travis CI build (#554) * add yamllint command to travis CI installs and runs a linter across the YAML in the project to ensure consistency in the written YAML. this uses yamllint and the default yamllint config with "truthy" and "line-length" disabled. * run dos2unix on CRLF files * YAMLLINT: remove trailing spaces * YAMLLint: add YAML document start * YAMLLint: too many spaces around bracket * YAMLLint: fix indentation * YAMLLint: remove duplicate key * YAMLLint: newline at end of file * YAMLLint: Too few spaces after comma * YAMLLint: too many spaces after colon
2020-01-06 09:18:25 +00:00
compare:
op: has
Update ocp 3.11 (#849) * Add OCP auto-detection * Add test for openshift * update and fix bugs update file to match with new kube-bench features and fix bugs * Update file and fix bugs update file to match with new kube-bench features and fix bugs * Remove specific configs Those configs could be set in main config.yaml * Update to include openshift files * fix typos * fix typo * Remove trailing spaces * Update util.go * Add tests for getOcpValidVersion
2021-03-24 16:06:54 +00:00
value: "RotateKubeletServerCertificate=true"
Support Linting YAML as part of Travis CI build (#554) * add yamllint command to travis CI installs and runs a linter across the YAML in the project to ensure consistency in the written YAML. this uses yamllint and the default yamllint config with "truthy" and "line-length" disabled. * run dos2unix on CRLF files * YAMLLINT: remove trailing spaces * YAMLLint: add YAML document start * YAMLLint: too many spaces around bracket * YAMLLint: fix indentation * YAMLLint: remove duplicate key * YAMLLint: newline at end of file * YAMLLint: Too few spaces after comma * YAMLLint: too many spaces after colon
2020-01-06 09:18:25 +00:00
remediation: |
Edit the Openshift node config file /etc/origin/node/node-config.yaml and set RotateKubeletServerCertificate to true.
scored: true
- id: 8
text: "Configuration Files"
checks:
- id: 8.1
text: "Verify the OpenShift default permissions for the kubelet.conf file"
Add option to do bitmask (#565) * Add option to do bitwise and between two value in order to compare permissions * Update test.go Removed self debug note * Update test_test.go FIx typo * Update test.go * Update test.go Switched between max and requested value, because accidentally assigned them oppositely and remove old function relate to octal base * Update test_test.go * Update test_test.go
2020-03-16 12:25:46 +00:00
audit: "stat -c permissions=%a /etc/origin/node/node.kubeconfig"
Support Linting YAML as part of Travis CI build (#554) * add yamllint command to travis CI installs and runs a linter across the YAML in the project to ensure consistency in the written YAML. this uses yamllint and the default yamllint config with "truthy" and "line-length" disabled. * run dos2unix on CRLF files * YAMLLINT: remove trailing spaces * YAMLLint: add YAML document start * YAMLLint: too many spaces around bracket * YAMLLint: fix indentation * YAMLLint: remove duplicate key * YAMLLint: newline at end of file * YAMLLint: Too few spaces after comma * YAMLLint: too many spaces after colon
2020-01-06 09:18:25 +00:00
tests:
test_items:
Add option to do bitmask (#565) * Add option to do bitwise and between two value in order to compare permissions * Update test.go Removed self debug note * Update test_test.go FIx typo * Update test.go * Update test.go Switched between max and requested value, because accidentally assigned them oppositely and remove old function relate to octal base * Update test_test.go * Update test_test.go
2020-03-16 12:25:46 +00:00
- flag: "permissions"
Support Linting YAML as part of Travis CI build (#554) * add yamllint command to travis CI installs and runs a linter across the YAML in the project to ensure consistency in the written YAML. this uses yamllint and the default yamllint config with "truthy" and "line-length" disabled. * run dos2unix on CRLF files * YAMLLINT: remove trailing spaces * YAMLLint: add YAML document start * YAMLLint: too many spaces around bracket * YAMLLint: fix indentation * YAMLLint: remove duplicate key * YAMLLint: newline at end of file * YAMLLint: Too few spaces after comma * YAMLLint: too many spaces after colon
2020-01-06 09:18:25 +00:00
compare:
Add option to do bitmask (#565) * Add option to do bitwise and between two value in order to compare permissions * Update test.go Removed self debug note * Update test_test.go FIx typo * Update test.go * Update test.go Switched between max and requested value, because accidentally assigned them oppositely and remove old function relate to octal base * Update test_test.go * Update test_test.go
2020-03-16 12:25:46 +00:00
op: bitmask
Support Linting YAML as part of Travis CI build (#554) * add yamllint command to travis CI installs and runs a linter across the YAML in the project to ensure consistency in the written YAML. this uses yamllint and the default yamllint config with "truthy" and "line-length" disabled. * run dos2unix on CRLF files * YAMLLINT: remove trailing spaces * YAMLLint: add YAML document start * YAMLLint: too many spaces around bracket * YAMLLint: fix indentation * YAMLLint: remove duplicate key * YAMLLint: newline at end of file * YAMLLint: Too few spaces after comma * YAMLLint: too many spaces after colon
2020-01-06 09:18:25 +00:00
value: "644"
remediation: |
Run the below command on each worker node.
chmod 644 /etc/origin/node/node.kubeconfig
scored: true
- id: 8.2
text: "Verify the kubeconfig file ownership of root:root"
audit: "stat -c %U:%G /etc/origin/node/node.kubeconfig"
tests:
test_items:
- flag: "root:root"
remediation: |
Run the below command on each worker node.
chown root:root /etc/origin/node/node.kubeconfig
scored: true
- id: 8.3
text: "Verify the kubelet service file permissions of 644"
Update ocp 3.11 (#849) * Add OCP auto-detection * Add test for openshift * update and fix bugs update file to match with new kube-bench features and fix bugs * Update file and fix bugs update file to match with new kube-bench features and fix bugs * Remove specific configs Those configs could be set in main config.yaml * Update to include openshift files * fix typos * fix typo * Remove trailing spaces * Update util.go * Add tests for getOcpValidVersion
2021-03-24 16:06:54 +00:00
audit: "stat -c permissions=%a $kubeletsvc"
Support Linting YAML as part of Travis CI build (#554) * add yamllint command to travis CI installs and runs a linter across the YAML in the project to ensure consistency in the written YAML. this uses yamllint and the default yamllint config with "truthy" and "line-length" disabled. * run dos2unix on CRLF files * YAMLLINT: remove trailing spaces * YAMLLint: add YAML document start * YAMLLint: too many spaces around bracket * YAMLLint: fix indentation * YAMLLint: remove duplicate key * YAMLLint: newline at end of file * YAMLLint: Too few spaces after comma * YAMLLint: too many spaces after colon
2020-01-06 09:18:25 +00:00
tests:
test_items:
Add option to do bitmask (#565) * Add option to do bitwise and between two value in order to compare permissions * Update test.go Removed self debug note * Update test_test.go FIx typo * Update test.go * Update test.go Switched between max and requested value, because accidentally assigned them oppositely and remove old function relate to octal base * Update test_test.go * Update test_test.go
2020-03-16 12:25:46 +00:00
- flag: "permissions"
Support Linting YAML as part of Travis CI build (#554) * add yamllint command to travis CI installs and runs a linter across the YAML in the project to ensure consistency in the written YAML. this uses yamllint and the default yamllint config with "truthy" and "line-length" disabled. * run dos2unix on CRLF files * YAMLLINT: remove trailing spaces * YAMLLint: add YAML document start * YAMLLint: too many spaces around bracket * YAMLLint: fix indentation * YAMLLint: remove duplicate key * YAMLLint: newline at end of file * YAMLLint: Too few spaces after comma * YAMLLint: too many spaces after colon
2020-01-06 09:18:25 +00:00
compare:
Add option to do bitmask (#565) * Add option to do bitwise and between two value in order to compare permissions * Update test.go Removed self debug note * Update test_test.go FIx typo * Update test.go * Update test.go Switched between max and requested value, because accidentally assigned them oppositely and remove old function relate to octal base * Update test_test.go * Update test_test.go
2020-03-16 12:25:46 +00:00
op: bitmask
Support Linting YAML as part of Travis CI build (#554) * add yamllint command to travis CI installs and runs a linter across the YAML in the project to ensure consistency in the written YAML. this uses yamllint and the default yamllint config with "truthy" and "line-length" disabled. * run dos2unix on CRLF files * YAMLLINT: remove trailing spaces * YAMLLint: add YAML document start * YAMLLint: too many spaces around bracket * YAMLLint: fix indentation * YAMLLint: remove duplicate key * YAMLLint: newline at end of file * YAMLLint: Too few spaces after comma * YAMLLint: too many spaces after colon
2020-01-06 09:18:25 +00:00
value: "644"
remediation: |
Run the below command on each worker node.
Update ocp 3.11 (#849) * Add OCP auto-detection * Add test for openshift * update and fix bugs update file to match with new kube-bench features and fix bugs * Update file and fix bugs update file to match with new kube-bench features and fix bugs * Remove specific configs Those configs could be set in main config.yaml * Update to include openshift files * fix typos * fix typo * Remove trailing spaces * Update util.go * Add tests for getOcpValidVersion
2021-03-24 16:06:54 +00:00
chmod 644 $kubeletsvc
Support Linting YAML as part of Travis CI build (#554) * add yamllint command to travis CI installs and runs a linter across the YAML in the project to ensure consistency in the written YAML. this uses yamllint and the default yamllint config with "truthy" and "line-length" disabled. * run dos2unix on CRLF files * YAMLLINT: remove trailing spaces * YAMLLint: add YAML document start * YAMLLint: too many spaces around bracket * YAMLLint: fix indentation * YAMLLint: remove duplicate key * YAMLLint: newline at end of file * YAMLLint: Too few spaces after comma * YAMLLint: too many spaces after colon
2020-01-06 09:18:25 +00:00
scored: true
- id: 8.4
text: "Verify the kubelet service file ownership of root:root"
Update ocp 3.11 (#849) * Add OCP auto-detection * Add test for openshift * update and fix bugs update file to match with new kube-bench features and fix bugs * Update file and fix bugs update file to match with new kube-bench features and fix bugs * Remove specific configs Those configs could be set in main config.yaml * Update to include openshift files * fix typos * fix typo * Remove trailing spaces * Update util.go * Add tests for getOcpValidVersion
2021-03-24 16:06:54 +00:00
audit: "stat -c %U:%G $kubeletsvc"
Support Linting YAML as part of Travis CI build (#554) * add yamllint command to travis CI installs and runs a linter across the YAML in the project to ensure consistency in the written YAML. this uses yamllint and the default yamllint config with "truthy" and "line-length" disabled. * run dos2unix on CRLF files * YAMLLINT: remove trailing spaces * YAMLLint: add YAML document start * YAMLLint: too many spaces around bracket * YAMLLint: fix indentation * YAMLLint: remove duplicate key * YAMLLint: newline at end of file * YAMLLint: Too few spaces after comma * YAMLLint: too many spaces after colon
2020-01-06 09:18:25 +00:00
tests:
test_items:
- flag: "root:root"
remediation: |
Run the below command on each worker node.
Update ocp 3.11 (#849) * Add OCP auto-detection * Add test for openshift * update and fix bugs update file to match with new kube-bench features and fix bugs * Update file and fix bugs update file to match with new kube-bench features and fix bugs * Remove specific configs Those configs could be set in main config.yaml * Update to include openshift files * fix typos * fix typo * Remove trailing spaces * Update util.go * Add tests for getOcpValidVersion
2021-03-24 16:06:54 +00:00
chown root:root $kubeletsvc
Support Linting YAML as part of Travis CI build (#554) * add yamllint command to travis CI installs and runs a linter across the YAML in the project to ensure consistency in the written YAML. this uses yamllint and the default yamllint config with "truthy" and "line-length" disabled. * run dos2unix on CRLF files * YAMLLINT: remove trailing spaces * YAMLLint: add YAML document start * YAMLLint: too many spaces around bracket * YAMLLint: fix indentation * YAMLLint: remove duplicate key * YAMLLint: newline at end of file * YAMLLint: Too few spaces after comma * YAMLLint: too many spaces after colon
2020-01-06 09:18:25 +00:00
scored: true
- id: 8.5
text: "Verify the OpenShift default permissions for the proxy kubeconfig file"
Add option to do bitmask (#565) * Add option to do bitwise and between two value in order to compare permissions * Update test.go Removed self debug note * Update test_test.go FIx typo * Update test.go * Update test.go Switched between max and requested value, because accidentally assigned them oppositely and remove old function relate to octal base * Update test_test.go * Update test_test.go
2020-03-16 12:25:46 +00:00
audit: "stat -c permissions=%a /etc/origin/node/node.kubeconfig"
Support Linting YAML as part of Travis CI build (#554) * add yamllint command to travis CI installs and runs a linter across the YAML in the project to ensure consistency in the written YAML. this uses yamllint and the default yamllint config with "truthy" and "line-length" disabled. * run dos2unix on CRLF files * YAMLLINT: remove trailing spaces * YAMLLint: add YAML document start * YAMLLint: too many spaces around bracket * YAMLLint: fix indentation * YAMLLint: remove duplicate key * YAMLLint: newline at end of file * YAMLLint: Too few spaces after comma * YAMLLint: too many spaces after colon
2020-01-06 09:18:25 +00:00
tests:
test_items:
Add option to do bitmask (#565) * Add option to do bitwise and between two value in order to compare permissions * Update test.go Removed self debug note * Update test_test.go FIx typo * Update test.go * Update test.go Switched between max and requested value, because accidentally assigned them oppositely and remove old function relate to octal base * Update test_test.go * Update test_test.go
2020-03-16 12:25:46 +00:00
- flag: "permissions"
Support Linting YAML as part of Travis CI build (#554) * add yamllint command to travis CI installs and runs a linter across the YAML in the project to ensure consistency in the written YAML. this uses yamllint and the default yamllint config with "truthy" and "line-length" disabled. * run dos2unix on CRLF files * YAMLLINT: remove trailing spaces * YAMLLint: add YAML document start * YAMLLint: too many spaces around bracket * YAMLLint: fix indentation * YAMLLint: remove duplicate key * YAMLLint: newline at end of file * YAMLLint: Too few spaces after comma * YAMLLint: too many spaces after colon
2020-01-06 09:18:25 +00:00
compare:
Add option to do bitmask (#565) * Add option to do bitwise and between two value in order to compare permissions * Update test.go Removed self debug note * Update test_test.go FIx typo * Update test.go * Update test.go Switched between max and requested value, because accidentally assigned them oppositely and remove old function relate to octal base * Update test_test.go * Update test_test.go
2020-03-16 12:25:46 +00:00
op: bitmask
Support Linting YAML as part of Travis CI build (#554) * add yamllint command to travis CI installs and runs a linter across the YAML in the project to ensure consistency in the written YAML. this uses yamllint and the default yamllint config with "truthy" and "line-length" disabled. * run dos2unix on CRLF files * YAMLLINT: remove trailing spaces * YAMLLint: add YAML document start * YAMLLint: too many spaces around bracket * YAMLLint: fix indentation * YAMLLint: remove duplicate key * YAMLLint: newline at end of file * YAMLLint: Too few spaces after comma * YAMLLint: too many spaces after colon
2020-01-06 09:18:25 +00:00
value: "644"
remediation: |
Run the below command on each worker node.
chmod 644 /etc/origin/node/node.kubeconfig
scored: true
- id: 8.6
text: "Verify the proxy kubeconfig file ownership of root:root"
audit: "stat -c %U:%G /etc/origin/node/node.kubeconfig"
tests:
test_items:
- flag: "root:root"
remediation: |
Run the below command on each worker node.
chown root:root /etc/origin/node/node.kubeconfig
scored: true
- id: 8.7
text: "Verify the OpenShift default permissions for the certificate authorities file."
Add option to do bitmask (#565) * Add option to do bitwise and between two value in order to compare permissions * Update test.go Removed self debug note * Update test_test.go FIx typo * Update test.go * Update test.go Switched between max and requested value, because accidentally assigned them oppositely and remove old function relate to octal base * Update test_test.go * Update test_test.go
2020-03-16 12:25:46 +00:00
audit: "stat -c permissions=%a /etc/origin/node/client-ca.crt"
Support Linting YAML as part of Travis CI build (#554) * add yamllint command to travis CI installs and runs a linter across the YAML in the project to ensure consistency in the written YAML. this uses yamllint and the default yamllint config with "truthy" and "line-length" disabled. * run dos2unix on CRLF files * YAMLLINT: remove trailing spaces * YAMLLint: add YAML document start * YAMLLint: too many spaces around bracket * YAMLLint: fix indentation * YAMLLint: remove duplicate key * YAMLLint: newline at end of file * YAMLLint: Too few spaces after comma * YAMLLint: too many spaces after colon
2020-01-06 09:18:25 +00:00
tests:
test_items:
Add option to do bitmask (#565) * Add option to do bitwise and between two value in order to compare permissions * Update test.go Removed self debug note * Update test_test.go FIx typo * Update test.go * Update test.go Switched between max and requested value, because accidentally assigned them oppositely and remove old function relate to octal base * Update test_test.go * Update test_test.go
2020-03-16 12:25:46 +00:00
- flag: "permissions"
Support Linting YAML as part of Travis CI build (#554) * add yamllint command to travis CI installs and runs a linter across the YAML in the project to ensure consistency in the written YAML. this uses yamllint and the default yamllint config with "truthy" and "line-length" disabled. * run dos2unix on CRLF files * YAMLLINT: remove trailing spaces * YAMLLint: add YAML document start * YAMLLint: too many spaces around bracket * YAMLLint: fix indentation * YAMLLint: remove duplicate key * YAMLLint: newline at end of file * YAMLLint: Too few spaces after comma * YAMLLint: too many spaces after colon
2020-01-06 09:18:25 +00:00
compare:
Add option to do bitmask (#565) * Add option to do bitwise and between two value in order to compare permissions * Update test.go Removed self debug note * Update test_test.go FIx typo * Update test.go * Update test.go Switched between max and requested value, because accidentally assigned them oppositely and remove old function relate to octal base * Update test_test.go * Update test_test.go
2020-03-16 12:25:46 +00:00
op: bitmask
Support Linting YAML as part of Travis CI build (#554) * add yamllint command to travis CI installs and runs a linter across the YAML in the project to ensure consistency in the written YAML. this uses yamllint and the default yamllint config with "truthy" and "line-length" disabled. * run dos2unix on CRLF files * YAMLLINT: remove trailing spaces * YAMLLint: add YAML document start * YAMLLint: too many spaces around bracket * YAMLLint: fix indentation * YAMLLint: remove duplicate key * YAMLLint: newline at end of file * YAMLLint: Too few spaces after comma * YAMLLint: too many spaces after colon
2020-01-06 09:18:25 +00:00
value: "644"
remediation: |
Run the below command on each worker node.
chmod 644 /etc/origin/node/client-ca.crt
scored: true
- id: 8.8
text: "Verify the client certificate authorities file ownership of root:root"
audit: "stat -c %U:%G /etc/origin/node/client-ca.crt"
tests:
test_items:
- flag: "root:root"
remediation: |
Run the below command on each worker node.
chown root:root /etc/origin/node/client-ca.crt
scored: true
Reference in New Issue Copy Permalink