arno/kube-bench
1
0
Fork 0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2025-06-25 01:18:59 +00:00
Code Issues Releases Wiki Activity

Test fixes for 1.8

Browse Source
This commit is contained in:
Lee Briggs 2018-01-30 09:28:20 -08:00
parent 4f07b01ead
commit 165444df60
No known key found for this signature in database
GPG Key ID: 297497967E665533
1 changed files with 50 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
cfg/1.8/master.yaml
View File

@ -978,12 +978,23 @@ groups:
more restrictive (Scored)" more restrictive (Scored)"
audit: "/bin/sh -c 'if test -e /etc/kubernetes/admin.conf; then stat -c %a /etc/kubernetes/admin.conf; fi'" audit: "/bin/sh -c 'if test -e /etc/kubernetes/admin.conf; then stat -c %a /etc/kubernetes/admin.conf; fi'"
tests: tests:
bin_op: or
test_items: test_items:
- flag: "644" - flag: "644"
compare: compare:
op: eq op: eq
value: "644" value: "644"
set: true set: true
- flag: "640"
compare:
op: eq
value: "640"
set: true
- flag: "600"
compare:
op: eq
value: "600"
set: true
remediation: | remediation: |
Run the below command (based on the file location on your system) on the master node. Run the below command (based on the file location on your system) on the master node.
For example, For example,
@ -1009,14 +1020,25 @@ groups:
- id: 1.4.15 - id: 1.4.15
text: "Ensure that the scheduler.conf file permissions are set to 644 or text: "Ensure that the scheduler.conf file permissions are set to 644 or
more restrictive (Scored)" more restrictive (Scored)"
audit: "/bin/sh -c 'if test -e $schedulerconf then stat -c %a $schedulerconf; fi'" audit: "/bin/sh -c 'if test -e $schedulerconf; then stat -c %a $schedulerconf; fi'"
tests: tests:
bin_op: or
test_items: test_items:
- flag: "644" - flag: "644"
compare: compare:
op: eq op: eq
value: "644" value: "644"
set: true set: true
- flag: "640"
compare:
op: eq
value: "640"
set: true
- flag: "600"
compare:
op: eq
value: "600"
set: true
remediation: | remediation: |
Run the below command (based on the file location on your system) on the master node. Run the below command (based on the file location on your system) on the master node.
For example, For example,
@ -1042,14 +1064,25 @@ groups:
- id: 1.4.17 - id: 1.4.17
text: "Ensure that the controller-manager.conf file permissions are set text: "Ensure that the controller-manager.conf file permissions are set
to 644 or more restrictive (Scored)" to 644 or more restrictive (Scored)"
audit: "/bin/sh -c 'if test -e $controllermanagerconf then stat -c %a $controllermanagerconf; fi'" audit: "/bin/sh -c 'if test -e $controllermanagerconf; then stat -c %a $controllermanagerconf; fi'"
tests: tests:
bin_op: or
test_items: test_items:
- flag: "644" - flag: "644"
compare: compare:
op: eq op: eq
value: "644" value: "644"
set: true set: true
- flag: "640"
compare:
op: eq
value: "640"
set: true
- flag: "600"
compare:
op: eq
value: "600"
set: true
remediation: | remediation: |
Run the below command (based on the file location on your system) on the master node. Run the below command (based on the file location on your system) on the master node.
For example, For example,