arno/kube-bench
1
0
Fork 0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-11-22 08:08:07 +00:00
Code Issues Releases Wiki Activity

added 444, 440, 400 and 000 file permission checks for all benchmarks (#563)

Browse Source 
Co-authored-by: Liz Rice <liz@lizrice.com>
This commit is contained in:
LukasAuerbeck 2020-01-22 15:40:01 +01:00 committed by Liz Rice
parent 89f8e454ba
commit 037bb14729
8 changed files with 873 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
cfg/cis-1.3/master.yaml
View File

@ -857,6 +857,26 @@ groups:
op: eq op: eq
value: "600" value: "600"
set: true set: true
- flag: "444"
compare:
op: eq
value: "444"
set: true
- flag: "440"
compare:
op: eq
value: "440"
set: true
- flag: "400"
compare:
op: eq
value: "400"
set: true
- flag: "000"
compare:
op: eq
value: "000"
set: true
remediation: | remediation: |
Run the below command (based on the file location on your system) on the master node. Run the below command (based on the file location on your system) on the master node.
For example, For example,
@ -902,6 +922,26 @@ groups:
op: eq op: eq
value: "600" value: "600"
set: true set: true
- flag: "444"
compare:
op: eq
value: "444"
set: true
- flag: "440"
compare:
op: eq
value: "440"
set: true
- flag: "400"
compare:
op: eq
value: "400"
set: true
- flag: "000"
compare:
op: eq
value: "000"
set: true
remediation: | remediation: |
Run the below command (based on the file location on your system) on the master node. Run the below command (based on the file location on your system) on the master node.
For example, For example,
@ -947,6 +987,26 @@ groups:
op: eq op: eq
value: "600" value: "600"
set: true set: true
- flag: "444"
compare:
op: eq
value: "444"
set: true
- flag: "440"
compare:
op: eq
value: "440"
set: true
- flag: "400"
compare:
op: eq
value: "400"
set: true
- flag: "000"
compare:
op: eq
value: "000"
set: true
remediation: | remediation: |
Run the below command (based on the file location on your system) on the master node. Run the below command (based on the file location on your system) on the master node.
For example, For example,
@ -992,6 +1052,26 @@ groups:
op: eq op: eq
value: "600" value: "600"
set: true set: true
- flag: "444"
compare:
op: eq
value: "444"
set: true
- flag: "440"
compare:
op: eq
value: "440"
set: true
- flag: "400"
compare:
op: eq
value: "400"
set: true
- flag: "000"
compare:
op: eq
value: "000"
set: true
remediation: | remediation: |
Run the below command (based on the file location on your system) on the master node. Run the below command (based on the file location on your system) on the master node.
For example, For example,
@ -1094,6 +1174,26 @@ groups:
op: eq op: eq
value: "600" value: "600"
set: true set: true
- flag: "444"
compare:
op: eq
value: "444"
set: true
- flag: "440"
compare:
op: eq
value: "440"
set: true
- flag: "400"
compare:
op: eq
value: "400"
set: true
- flag: "000"
compare:
op: eq
value: "000"
set: true
remediation: | remediation: |
Run the below command (based on the file location on your system) on the master node. Run the below command (based on the file location on your system) on the master node.
For example, For example,
@ -1138,6 +1238,26 @@ groups:
op: eq op: eq
value: "600" value: "600"
set: true set: true
- flag: "444"
compare:
op: eq
value: "444"
set: true
- flag: "440"
compare:
op: eq
value: "440"
set: true
- flag: "400"
compare:
op: eq
value: "400"
set: true
- flag: "000"
compare:
op: eq
value: "000"
set: true
remediation: | remediation: |
Run the below command (based on the file location on your system) on the Run the below command (based on the file location on your system) on the
master node. For example, chmod 644 /etc/kubernetes/scheduler.conf master node. For example, chmod 644 /etc/kubernetes/scheduler.conf
@ -1180,6 +1300,26 @@ groups:
op: eq op: eq
value: "600" value: "600"
set: true set: true
- flag: "444"
compare:
op: eq
value: "444"
set: true
- flag: "440"
compare:
op: eq
value: "440"
set: true
- flag: "400"
compare:
op: eq
value: "400"
set: true
- flag: "000"
compare:
op: eq
value: "000"
set: true
remediation: | remediation: |
Run the below command (based on the file location on your system) on the Run the below command (based on the file location on your system) on the
master node. For example, chmod 644 /etc/kubernetes/controller-manager.conf master node. For example, chmod 644 /etc/kubernetes/controller-manager.conf

104
cfg/cis-1.3/node.yaml
View File

@ -362,20 +362,40 @@ groups:
tests: tests:
test_items: test_items:
- flag: "644" - flag: "644"
set: true
compare: compare:
op: eq op: eq
value: "644" value: "644"
- flag: "640"
set: true set: true
- flag: "640"
compare: compare:
op: eq op: eq
value: "640" value: "640"
- flag: "600"
set: true set: true
- flag: "600"
compare: compare:
op: eq op: eq
value: "600" value: "600"
set: true
- flag: "444"
compare:
op: eq
value: "444"
set: true
- flag: "440"
compare:
op: eq
value: "440"
set: true
- flag: "400"
compare:
op: eq
value: "400"
set: true
- flag: "000"
compare:
op: eq
value: "000"
set: true
bin_op: or bin_op: or
remediation: | remediation: |
Run the below command (based on the file location on your system) on the each worker Run the below command (based on the file location on your system) on the each worker
@ -405,20 +425,40 @@ groups:
tests: tests:
test_items: test_items:
- flag: "644" - flag: "644"
set: true
compare: compare:
op: eq op: eq
value: "644" value: "644"
- flag: "640"
set: true set: true
- flag: "640"
compare: compare:
op: eq op: eq
value: "640" value: "640"
- flag: "600"
set: true set: true
- flag: "600"
compare: compare:
op: eq op: eq
value: "600" value: "600"
set: true
- flag: "444"
compare:
op: eq
value: "444"
set: true
- flag: "440"
compare:
op: eq
value: "440"
set: true
- flag: "400"
compare:
op: eq
value: "400"
set: true
- flag: "000"
compare:
op: eq
value: "000"
set: true
bin_op: or bin_op: or
remediation: | remediation: |
Run the below command (based on the file location on your system) on the each worker Run the below command (based on the file location on your system) on the each worker
@ -445,20 +485,40 @@ groups:
tests: tests:
test_items: test_items:
- flag: "644" - flag: "644"
set: true
compare: compare:
op: eq op: eq
value: "644" value: "644"
- flag: "640"
set: true set: true
- flag: "640"
compare: compare:
op: eq op: eq
value: "640" value: "640"
- flag: "600"
set: true set: true
- flag: "600"
compare: compare:
op: eq op: eq
value: "600" value: "600"
set: true
- flag: "444"
compare:
op: eq
value: "444"
set: true
- flag: "440"
compare:
op: eq
value: "440"
set: true
- flag: "400"
compare:
op: eq
value: "400"
set: true
- flag: "000"
compare:
op: eq
value: "000"
set: true
bin_op: or bin_op: or
remediation: | remediation: |
Run the below command (based on the file location on your system) on the each worker Run the below command (based on the file location on your system) on the each worker
@ -520,20 +580,40 @@ groups:
tests: tests:
test_items: test_items:
- flag: "644" - flag: "644"
set: true
compare: compare:
op: eq op: eq
value: "644" value: "644"
- flag: "640"
set: true set: true
- flag: "640"
compare: compare:
op: eq op: eq
value: "640" value: "640"
- flag: "600"
set: true set: true
- flag: "600"
compare: compare:
op: eq op: eq
value: "600" value: "600"
set: true
- flag: "444"
compare:
op: eq
value: "444"
set: true
- flag: "440"
compare:
op: eq
value: "440"
set: true
- flag: "400"
compare:
op: eq
value: "400"
set: true
- flag: "000"
compare:
op: eq
value: "000"
set: true
bin_op: or bin_op: or
remediation: | remediation: |
Run the following command (using the config file location identied in the Audit step) Run the following command (using the config file location identied in the Audit step)

160
cfg/cis-1.4/master.yaml
View File

@ -859,6 +859,26 @@ groups:
op: eq op: eq
value: "600" value: "600"
set: true set: true
- flag: "444"
compare:
op: eq
value: "444"
set: true
- flag: "440"
compare:
op: eq
value: "440"
set: true
- flag: "400"
compare:
op: eq
value: "400"
set: true
- flag: "000"
compare:
op: eq
value: "000"
set: true
remediation: | remediation: |
Run the below command (based on the file location on your system) on the master node. Run the below command (based on the file location on your system) on the master node.
For example, For example,
@ -904,6 +924,26 @@ groups:
op: eq op: eq
value: "600" value: "600"
set: true set: true
- flag: "444"
compare:
op: eq
value: "444"
set: true
- flag: "440"
compare:
op: eq
value: "440"
set: true
- flag: "400"
compare:
op: eq
value: "400"
set: true
- flag: "000"
compare:
op: eq
value: "000"
set: true
remediation: | remediation: |
Run the below command (based on the file location on your system) on the master node. Run the below command (based on the file location on your system) on the master node.
For example, For example,
@ -949,6 +989,26 @@ groups:
op: eq op: eq
value: "600" value: "600"
set: true set: true
- flag: "444"
compare:
op: eq
value: "444"
set: true
- flag: "440"
compare:
op: eq
value: "440"
set: true
- flag: "400"
compare:
op: eq
value: "400"
set: true
- flag: "000"
compare:
op: eq
value: "000"
set: true
remediation: | remediation: |
Run the below command (based on the file location on your system) on the master node. Run the below command (based on the file location on your system) on the master node.
For example, For example,
@ -994,6 +1054,26 @@ groups:
op: eq op: eq
value: "600" value: "600"
set: true set: true
- flag: "444"
compare:
op: eq
value: "444"
set: true
- flag: "440"
compare:
op: eq
value: "440"
set: true
- flag: "400"
compare:
op: eq
value: "400"
set: true
- flag: "000"
compare:
op: eq
value: "000"
set: true
remediation: | remediation: |
Run the below command (based on the file location on your system) on the master node. Run the below command (based on the file location on your system) on the master node.
For example, For example,
@ -1096,6 +1176,26 @@ groups:
op: eq op: eq
value: "600" value: "600"
set: true set: true
- flag: "444"
compare:
op: eq
value: "444"
set: true
- flag: "440"
compare:
op: eq
value: "440"
set: true
- flag: "400"
compare:
op: eq
value: "400"
set: true
- flag: "000"
compare:
op: eq
value: "000"
set: true
remediation: | remediation: |
Run the below command (based on the file location on your system) on the master node. Run the below command (based on the file location on your system) on the master node.
For example, For example,
@ -1140,6 +1240,26 @@ groups:
op: eq op: eq
value: "600" value: "600"
set: true set: true
- flag: "444"
compare:
op: eq
value: "444"
set: true
- flag: "440"
compare:
op: eq
value: "440"
set: true
- flag: "400"
compare:
op: eq
value: "400"
set: true
- flag: "000"
compare:
op: eq
value: "000"
set: true
remediation: | remediation: |
Run the below command (based on the file location on your system) on the Run the below command (based on the file location on your system) on the
master node. For example, chmod 644 /etc/kubernetes/scheduler.conf master node. For example, chmod 644 /etc/kubernetes/scheduler.conf
@ -1182,6 +1302,26 @@ groups:
op: eq op: eq
value: "600" value: "600"
set: true set: true
- flag: "444"
compare:
op: eq
value: "444"
set: true
- flag: "440"
compare:
op: eq
value: "440"
set: true
- flag: "400"
compare:
op: eq
value: "400"
set: true
- flag: "000"
compare:
op: eq
value: "000"
set: true
remediation: | remediation: |
Run the below command (based on the file location on your system) on the Run the below command (based on the file location on your system) on the
master node. For example, chmod 644 /etc/kubernetes/controller-manager.conf master node. For example, chmod 644 /etc/kubernetes/controller-manager.conf
@ -1241,6 +1381,26 @@ groups:
op: eq op: eq
value: "600" value: "600"
set: true set: true
- flag: "444"
compare:
op: eq
value: "444"
set: true
- flag: "440"
compare:
op: eq
value: "440"
set: true
- flag: "400"
compare:
op: eq
value: "400"
set: true
- flag: "000"
compare:
op: eq
value: "000"
set: true
remediation: | remediation: |
[Manual test] [Manual test]
Run the below command (based on the file location on your system) on the master node. Run the below command (based on the file location on your system) on the master node.

104
cfg/cis-1.4/node.yaml
View File

@ -345,20 +345,40 @@ groups:
tests: tests:
test_items: test_items:
- flag: "644" - flag: "644"
set: true
compare: compare:
op: eq op: eq
value: "644" value: "644"
- flag: "640"
set: true set: true
- flag: "640"
compare: compare:
op: eq op: eq
value: "640" value: "640"
- flag: "600"
set: true set: true
- flag: "600"
compare: compare:
op: eq op: eq
value: "600" value: "600"
set: true
- flag: "444"
compare:
op: eq
value: "444"
set: true
- flag: "440"
compare:
op: eq
value: "440"
set: true
- flag: "400"
compare:
op: eq
value: "400"
set: true
- flag: "000"
compare:
op: eq
value: "000"
set: true
bin_op: or bin_op: or
remediation: | remediation: |
Run the below command (based on the file location on your system) on the each worker Run the below command (based on the file location on your system) on the each worker
@ -388,20 +408,40 @@ groups:
tests: tests:
test_items: test_items:
- flag: "644" - flag: "644"
set: true
compare: compare:
op: eq op: eq
value: "644" value: "644"
- flag: "640"
set: true set: true
- flag: "640"
compare: compare:
op: eq op: eq
value: "640" value: "640"
- flag: "600"
set: true set: true
- flag: "600"
compare: compare:
op: eq op: eq
value: "600" value: "600"
set: true
- flag: "444"
compare:
op: eq
value: "444"
set: true
- flag: "440"
compare:
op: eq
value: "440"
set: true
- flag: "400"
compare:
op: eq
value: "400"
set: true
- flag: "000"
compare:
op: eq
value: "000"
set: true
bin_op: or bin_op: or
remediation: | remediation: |
Run the below command (based on the file location on your system) on the each worker Run the below command (based on the file location on your system) on the each worker
@ -428,20 +468,40 @@ groups:
tests: tests:
test_items: test_items:
- flag: "644" - flag: "644"
set: true
compare: compare:
op: eq op: eq
value: "644" value: "644"
- flag: "640"
set: true set: true
- flag: "640"
compare: compare:
op: eq op: eq
value: "640" value: "640"
- flag: "600"
set: true set: true
- flag: "600"
compare: compare:
op: eq op: eq
value: "600" value: "600"
set: true
- flag: "444"
compare:
op: eq
value: "444"
set: true
- flag: "440"
compare:
op: eq
value: "440"
set: true
- flag: "400"
compare:
op: eq
value: "400"
set: true
- flag: "000"
compare:
op: eq
value: "000"
set: true
bin_op: or bin_op: or
remediation: | remediation: |
Run the below command (based on the file location on your system) on the each worker Run the below command (based on the file location on your system) on the each worker
@ -521,20 +581,40 @@ groups:
tests: tests:
test_items: test_items:
- flag: "644" - flag: "644"
set: true
compare: compare:
op: eq op: eq
value: "644" value: "644"
- flag: "640"
set: true set: true
- flag: "640"
compare: compare:
op: eq op: eq
value: "640" value: "640"
- flag: "600"
set: true set: true
- flag: "600"
compare: compare:
op: eq op: eq
value: "600" value: "600"
set: true
- flag: "444"
compare:
op: eq
value: "444"
set: true
- flag: "440"
compare:
op: eq
value: "440"
set: true
- flag: "400"
compare:
op: eq
value: "400"
set: true
- flag: "000"
compare:
op: eq
value: "000"
set: true
bin_op: or bin_op: or
remediation: | remediation: |
Run the following command (using the config file location identied in the Audit step) Run the following command (using the config file location identied in the Audit step)

140
cfg/cis-1.5/master.yaml
View File

@ -29,6 +29,26 @@ groups:
op: eq op: eq
value: "600" value: "600"
set: true set: true
- flag: "444"
compare:
op: eq
value: "444"
set: true
- flag: "440"
compare:
op: eq
value: "440"
set: true
- flag: "400"
compare:
op: eq
value: "400"
set: true
- flag: "000"
compare:
op: eq
value: "000"
set: true
remediation: | remediation: |
Run the below command (based on the file location on your system) on the Run the below command (based on the file location on your system) on the
master node. master node.
@ -72,6 +92,26 @@ groups:
op: eq op: eq
value: "600" value: "600"
set: true set: true
- flag: "444"
compare:
op: eq
value: "444"
set: true
- flag: "440"
compare:
op: eq
value: "440"
set: true
- flag: "400"
compare:
op: eq
value: "400"
set: true
- flag: "000"
compare:
op: eq
value: "000"
set: true
remediation: | remediation: |
Run the below command (based on the file location on your system) on the master node. Run the below command (based on the file location on your system) on the master node.
For example, For example,
@ -115,6 +155,26 @@ groups:
op: eq op: eq
value: "600" value: "600"
set: true set: true
- flag: "444"
compare:
op: eq
value: "444"
set: true
- flag: "440"
compare:
op: eq
value: "440"
set: true
- flag: "400"
compare:
op: eq
value: "400"
set: true
- flag: "000"
compare:
op: eq
value: "000"
set: true
remediation: | remediation: |
Run the below command (based on the file location on your system) on the master node. Run the below command (based on the file location on your system) on the master node.
For example, For example,
@ -158,6 +218,26 @@ groups:
op: eq op: eq
value: "600" value: "600"
set: true set: true
- flag: "444"
compare:
op: eq
value: "444"
set: true
- flag: "440"
compare:
op: eq
value: "440"
set: true
- flag: "400"
compare:
op: eq
value: "400"
set: true
- flag: "000"
compare:
op: eq
value: "000"
set: true
remediation: | remediation: |
Run the below command (based on the file location on your system) on the master node. Run the below command (based on the file location on your system) on the master node.
For example, For example,
@ -253,6 +333,26 @@ groups:
op: eq op: eq
value: "600" value: "600"
set: true set: true
- flag: "444"
compare:
op: eq
value: "444"
set: true
- flag: "440"
compare:
op: eq
value: "440"
set: true
- flag: "400"
compare:
op: eq
value: "400"
set: true
- flag: "000"
compare:
op: eq
value: "000"
set: true
remediation: | remediation: |
Run the below command (based on the file location on your system) on the master node. Run the below command (based on the file location on your system) on the master node.
For example, For example,
@ -296,6 +396,26 @@ groups:
op: eq op: eq
value: "600" value: "600"
set: true set: true
- flag: "444"
compare:
op: eq
value: "444"
set: true
- flag: "440"
compare:
op: eq
value: "440"
set: true
- flag: "400"
compare:
op: eq
value: "400"
set: true
- flag: "000"
compare:
op: eq
value: "000"
set: true
remediation: | remediation: |
Run the below command (based on the file location on your system) on the master node. Run the below command (based on the file location on your system) on the master node.
For example, For example,
@ -339,6 +459,26 @@ groups:
op: eq op: eq
value: "600" value: "600"
set: true set: true
- flag: "444"
compare:
op: eq
value: "444"
set: true
- flag: "440"
compare:
op: eq
value: "440"
set: true
- flag: "400"
compare:
op: eq
value: "400"
set: true
- flag: "000"
compare:
op: eq
value: "000"
set: true
remediation: | remediation: |
Run the below command (based on the file location on your system) on the master node. Run the below command (based on the file location on your system) on the master node.
For example, For example,

98
cfg/cis-1.5/node.yaml
View File

@ -14,20 +14,40 @@ groups:
tests: tests:
test_items: test_items:
- flag: "644" - flag: "644"
set: true
compare: compare:
op: eq op: eq
value: "644" value: "644"
- flag: "640"
set: true set: true
- flag: "640"
compare: compare:
op: eq op: eq
value: "640" value: "640"
- flag: "600"
set: true set: true
- flag: "600"
compare: compare:
op: eq op: eq
value: "600" value: "600"
set: true
- flag: "444"
compare:
op: eq
value: "444"
set: true
- flag: "440"
compare:
op: eq
value: "440"
set: true
- flag: "400"
compare:
op: eq
value: "400"
set: true
- flag: "000"
compare:
op: eq
value: "000"
set: true
bin_op: or bin_op: or
remediation: | remediation: |
Run the below command (based on the file location on your system) on the each worker node. Run the below command (based on the file location on your system) on the each worker node.
@ -54,20 +74,40 @@ groups:
tests: tests:
test_items: test_items:
- flag: "644" - flag: "644"
set: true
compare: compare:
op: eq op: eq
value: "644" value: "644"
- flag: "640"
set: true set: true
- flag: "640"
compare: compare:
op: eq op: eq
value: "640" value: "640"
- flag: "600"
set: true set: true
- flag: "600"
compare: compare:
op: eq op: eq
value: "600" value: "600"
set: true
- flag: "444"
compare:
op: eq
value: "444"
set: true
- flag: "440"
compare:
op: eq
value: "440"
set: true
- flag: "400"
compare:
op: eq
value: "400"
set: true
- flag: "000"
compare:
op: eq
value: "000"
set: true
bin_op: or bin_op: or
remediation: | remediation: |
Run the below command (based on the file location on your system) on the each worker node. Run the below command (based on the file location on your system) on the each worker node.
@ -93,20 +133,40 @@ groups:
tests: tests:
test_items: test_items:
- flag: "644" - flag: "644"
set: true
compare: compare:
op: eq op: eq
value: "644" value: "644"
- flag: "640"
set: true set: true
- flag: "640"
compare: compare:
op: eq op: eq
value: "640" value: "640"
- flag: "600"
set: true set: true
- flag: "600"
compare: compare:
op: eq op: eq
value: "600" value: "600"
set: true
- flag: "444"
compare:
op: eq
value: "444"
set: true
- flag: "440"
compare:
op: eq
value: "440"
set: true
- flag: "400"
compare:
op: eq
value: "400"
set: true
- flag: "000"
compare:
op: eq
value: "000"
set: true
bin_op: or bin_op: or
remediation: | remediation: |
Run the below command (based on the file location on your system) on the each worker node. Run the below command (based on the file location on your system) on the each worker node.
@ -173,6 +233,26 @@ groups:
compare: compare:
op: eq op: eq
value: "600" value: "600"
- flag: "444"
compare:
op: eq
value: "444"
set: true
- flag: "440"
compare:
op: eq
value: "440"
set: true
- flag: "400"
compare:
op: eq
value: "400"
set: true
- flag: "000"
compare:
op: eq
value: "000"
set: true
bin_op: or bin_op: or
remediation: | remediation: |
Run the following command (using the config file location identied in the Audit step) Run the following command (using the config file location identied in the Audit step)

80
cfg/rh-0.7/master.yaml
View File

@ -962,6 +962,26 @@ groups:
op: eq op: eq
value: "600" value: "600"
set: true set: true
- flag: "444"
compare:
op: eq
value: "444"
set: true
- flag: "440"
compare:
op: eq
value: "440"
set: true
- flag: "400"
compare:
op: eq
value: "400"
set: true
- flag: "000"
compare:
op: eq
value: "000"
set: true
remediation: | remediation: |
Run the below command. Run the below command.
@ -1039,6 +1059,26 @@ groups:
op: eq op: eq
value: "600" value: "600"
set: true set: true
- flag: "444"
compare:
op: eq
value: "444"
set: true
- flag: "440"
compare:
op: eq
value: "440"
set: true
- flag: "400"
compare:
op: eq
value: "400"
set: true
- flag: "000"
compare:
op: eq
value: "000"
set: true
remediation: | remediation: |
Run the below command. Run the below command.
@ -1082,6 +1122,26 @@ groups:
op: eq op: eq
value: "600" value: "600"
set: true set: true
- flag: "444"
compare:
op: eq
value: "444"
set: true
- flag: "440"
compare:
op: eq
value: "440"
set: true
- flag: "400"
compare:
op: eq
value: "400"
set: true
- flag: "000"
compare:
op: eq
value: "000"
set: true
remediation: | remediation: |
Run the below command. Run the below command.
@ -1125,6 +1185,26 @@ groups:
op: eq op: eq
value: "600" value: "600"
set: true set: true
- flag: "444"
compare:
op: eq
value: "444"
set: true
- flag: "440"
compare:
op: eq
value: "440"
set: true
- flag: "400"
compare:
op: eq
value: "400"
set: true
- flag: "000"
compare:
op: eq
value: "000"
set: true
remediation: | remediation: |
Run the below command. Run the below command.

80
cfg/rh-0.7/node.yaml
View File

@ -232,6 +232,26 @@ groups:
op: eq op: eq
value: "600" value: "600"
set: true set: true
- flag: "444"
compare:
op: eq
value: "444"
set: true
- flag: "440"
compare:
op: eq
value: "440"
set: true
- flag: "400"
compare:
op: eq
value: "400"
set: true
- flag: "000"
compare:
op: eq
value: "000"
set: true
remediation: | remediation: |
Run the below command on each worker node. Run the below command on each worker node.
chmod 644 /etc/origin/node/node.kubeconfig chmod 644 /etc/origin/node/node.kubeconfig
@ -273,6 +293,26 @@ groups:
op: eq op: eq
value: "600" value: "600"
set: true set: true
- flag: "444"
compare:
op: eq
value: "444"
set: true
- flag: "440"
compare:
op: eq
value: "440"
set: true
- flag: "400"
compare:
op: eq
value: "400"
set: true
- flag: "000"
compare:
op: eq
value: "000"
set: true
remediation: | remediation: |
Run the below command on each worker node. Run the below command on each worker node.
chmod 644 $nodesvc chmod 644 $nodesvc
@ -314,6 +354,26 @@ groups:
op: eq op: eq
value: "600" value: "600"
set: true set: true
- flag: "444"
compare:
op: eq
value: "444"
set: true
- flag: "440"
compare:
op: eq
value: "440"
set: true
- flag: "400"
compare:
op: eq
value: "400"
set: true
- flag: "000"
compare:
op: eq
value: "000"
set: true
remediation: | remediation: |
Run the below command on each worker node. Run the below command on each worker node.
chmod 644 /etc/origin/node/node.kubeconfig chmod 644 /etc/origin/node/node.kubeconfig
@ -355,6 +415,26 @@ groups:
op: eq op: eq
value: "600" value: "600"
set: true set: true
- flag: "444"
compare:
op: eq
value: "444"
set: true
- flag: "440"
compare:
op: eq
value: "440"
set: true
- flag: "400"
compare:
op: eq
value: "400"
set: true
- flag: "000"
compare:
op: eq
value: "000"
set: true
remediation: | remediation: |
Run the below command on each worker node. Run the below command on each worker node.
chmod 644 /etc/origin/node/client-ca.crt chmod 644 /etc/origin/node/client-ca.crt