1
0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-12-24 23:48:26 +00:00

Fix test request timeout (#874)

* Test 1.2.24 should be manual

* Test 1.2.26 should be manual

* Test 1.2.26 should be manual

* Change test 1.2.26

* Change test 1.2.26

* Change test 1.2.26

* Change test 1.2.26

* Change test 1.2.26
This commit is contained in:
Yoav Rotem 2021-05-18 16:53:50 +03:00 committed by GitHub
parent 9820da9579
commit 1f4b941c51
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 45 additions and 41 deletions

View File

@ -680,12 +680,7 @@ groups:
- id: 1.2.24
text: "Ensure that the --request-timeout argument is set as appropriate (Automated)"
audit: "/bin/ps -ef | grep $apiserverbin | grep -v grep"
tests:
bin_op: or
test_items:
- flag: "--request-timeout"
set: false
- flag: "--request-timeout"
type: manual
remediation: |
Edit the API server pod specification file $apiserverconf
and set the below parameter as appropriate and if needed.

View File

@ -766,13 +766,7 @@ groups:
- id: 1.2.26
text: "Ensure that the --request-timeout argument is set as appropriate (Scored)"
audit: "/bin/ps -ef | grep $apiserverbin | grep -v grep"
tests:
bin_op: or
test_items:
- flag: "--request-timeout"
set: false
- flag: "--request-timeout"
set: true
type: manual
remediation: |
Edit the API server pod specification file $apiserverconf
and set the below parameter as appropriate and if needed.

View File

@ -714,12 +714,7 @@ groups:
- id: 1.2.26
text: "Ensure that the --request-timeout argument is set as appropriate (Automated)"
audit: "/bin/ps -ef | grep $apiserverbin | grep -v grep"
tests:
bin_op: or
test_items:
- flag: "--request-timeout"
set: false
- flag: "--request-timeout"
type: manual
remediation: |
Edit the API server pod specification file $apiserverconf
and set the below parameter as appropriate and if needed.

View File

@ -47,7 +47,7 @@
[FAIL] 1.2.23 Ensure that the --audit-log-maxage argument is set to 30 or as appropriate (Scored)
[FAIL] 1.2.24 Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate (Scored)
[FAIL] 1.2.25 Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate (Scored)
[PASS] 1.2.26 Ensure that the --request-timeout argument is set as appropriate (Scored)
[WARN] 1.2.26 Ensure that the --request-timeout argument is set as appropriate (Scored)
[PASS] 1.2.27 Ensure that the --service-account-lookup argument is set to true (Scored)
[PASS] 1.2.28 Ensure that the --service-account-key-file argument is set as appropriate (Scored)
[PASS] 1.2.29 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate (Scored)
@ -140,6 +140,11 @@ on the master node and set the --audit-log-maxsize parameter to an appropriate s
For example, to set it as 100 MB:
--audit-log-maxsize=100
1.2.26 Edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml
and set the below parameter as appropriate and if needed.
For example,
--request-timeout=300s
1.2.33 Follow the Kubernetes documentation and configure a EncryptionConfig file.
Then, edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml
on the master node and set the --encryption-provider-config parameter to the path of that file: --encryption-provider-config=</path/to/EncryptionConfig/File>
@ -166,13 +171,13 @@ on the master node and set the below parameter.
== Summary master ==
45 checks PASS
44 checks PASS
10 checks FAIL
10 checks WARN
11 checks WARN
0 checks INFO
== Summary total ==
45 checks PASS
44 checks PASS
10 checks FAIL
10 checks WARN
0 checks INFO
11 checks WARN
0 checks INFO

View File

@ -47,7 +47,7 @@
[FAIL] 1.2.23 Ensure that the --audit-log-maxage argument is set to 30 or as appropriate (Scored)
[FAIL] 1.2.24 Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate (Scored)
[FAIL] 1.2.25 Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate (Scored)
[PASS] 1.2.26 Ensure that the --request-timeout argument is set as appropriate (Scored)
[WARN] 1.2.26 Ensure that the --request-timeout argument is set as appropriate (Scored)
[PASS] 1.2.27 Ensure that the --service-account-lookup argument is set to true (Scored)
[PASS] 1.2.28 Ensure that the --service-account-key-file argument is set as appropriate (Scored)
[PASS] 1.2.29 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate (Scored)
@ -140,6 +140,11 @@ on the master node and set the --audit-log-maxsize parameter to an appropriate s
For example, to set it as 100 MB:
--audit-log-maxsize=100
1.2.26 Edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml
and set the below parameter as appropriate and if needed.
For example,
--request-timeout=300s
1.2.33 Follow the Kubernetes documentation and configure a EncryptionConfig file.
Then, edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml
on the master node and set the --encryption-provider-config parameter to the path of that file: --encryption-provider-config=</path/to/EncryptionConfig/File>
@ -166,9 +171,9 @@ on the master node and set the below parameter.
== Summary master ==
45 checks PASS
44 checks PASS
10 checks FAIL
10 checks WARN
11 checks WARN
0 checks INFO
[INFO] 2 Etcd Node Configuration
@ -410,7 +415,7 @@ resources and that all new resources are created in a specific namespace.
0 checks INFO
== Summary total ==
72 checks PASS
71 checks PASS
13 checks FAIL
37 checks WARN
38 checks WARN
0 checks INFO

View File

@ -47,7 +47,7 @@
[FAIL] 1.2.23 Ensure that the --audit-log-maxage argument is set to 30 or as appropriate (Automated)
[FAIL] 1.2.24 Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate (Automated)
[FAIL] 1.2.25 Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate (Automated)
[PASS] 1.2.26 Ensure that the --request-timeout argument is set as appropriate (Automated)
[WARN] 1.2.26 Ensure that the --request-timeout argument is set as appropriate (Automated)
[PASS] 1.2.27 Ensure that the --service-account-lookup argument is set to true (Automated)
[PASS] 1.2.28 Ensure that the --service-account-key-file argument is set as appropriate (Automated)
[PASS] 1.2.29 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate (Automated)
@ -140,6 +140,11 @@ on the master node and set the --audit-log-maxsize parameter to an appropriate s
For example, to set it as 100 MB:
--audit-log-maxsize=100
1.2.26 Edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml
and set the below parameter as appropriate and if needed.
For example,
--request-timeout=300s
1.2.33 Follow the Kubernetes documentation and configure a EncryptionConfig file.
Then, edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml
on the master node and set the --encryption-provider-config parameter to the path of that file: --encryption-provider-config=</path/to/EncryptionConfig/File>
@ -169,13 +174,13 @@ on the master node and set the below parameter.
== Summary master ==
45 checks PASS
44 checks PASS
10 checks FAIL
10 checks WARN
11 checks WARN
0 checks INFO
== Summary total ==
45 checks PASS
44 checks PASS
10 checks FAIL
10 checks WARN
0 checks INFO
11 checks WARN
0 checks INFO

View File

@ -47,7 +47,7 @@
[FAIL] 1.2.23 Ensure that the --audit-log-maxage argument is set to 30 or as appropriate (Automated)
[FAIL] 1.2.24 Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate (Automated)
[FAIL] 1.2.25 Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate (Automated)
[PASS] 1.2.26 Ensure that the --request-timeout argument is set as appropriate (Automated)
[WARN] 1.2.26 Ensure that the --request-timeout argument is set as appropriate (Automated)
[PASS] 1.2.27 Ensure that the --service-account-lookup argument is set to true (Automated)
[PASS] 1.2.28 Ensure that the --service-account-key-file argument is set as appropriate (Automated)
[PASS] 1.2.29 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate (Automated)
@ -140,6 +140,11 @@ on the master node and set the --audit-log-maxsize parameter to an appropriate s
For example, to set it as 100 MB:
--audit-log-maxsize=100
1.2.26 Edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml
and set the below parameter as appropriate and if needed.
For example,
--request-timeout=300s
1.2.33 Follow the Kubernetes documentation and configure a EncryptionConfig file.
Then, edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml
on the master node and set the --encryption-provider-config parameter to the path of that file: --encryption-provider-config=</path/to/EncryptionConfig/File>
@ -169,9 +174,9 @@ on the master node and set the below parameter.
== Summary master ==
45 checks PASS
44 checks PASS
10 checks FAIL
10 checks WARN
11 checks WARN
0 checks INFO
[INFO] 2 Etcd Node Configuration
@ -413,7 +418,7 @@ resources and that all new resources are created in a specific namespace.
0 checks INFO
== Summary total ==
72 checks PASS
71 checks PASS
11 checks FAIL
39 checks WARN
40 checks WARN
0 checks INFO