* Test 1.2.24 should be manual
* Test 1.2.26 should be manual
* Test 1.2.26 should be manual
* Change test 1.2.26
* Change test 1.2.26
* Change test 1.2.26
* Change test 1.2.26
* Change test 1.2.26
[FAIL] 1.2.23 Ensure that the --audit-log-maxage argument is set to 30 or as appropriate (Scored)
[FAIL] 1.2.24 Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate (Scored)
[FAIL] 1.2.25 Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate (Scored)
[PASS] 1.2.26 Ensure that the --request-timeout argument is set as appropriate (Scored)
[WARN] 1.2.26 Ensure that the --request-timeout argument is set as appropriate (Scored)
[PASS] 1.2.27 Ensure that the --service-account-lookup argument is set to true (Scored)
[PASS] 1.2.28 Ensure that the --service-account-key-file argument is set as appropriate (Scored)
[PASS] 1.2.29 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate (Scored)
@ -140,6 +140,11 @@ on the master node and set the --audit-log-maxsize parameter to an appropriate s
For example, to set it as 100 MB:
--audit-log-maxsize=100
1.2.26 Edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml
and set the below parameter as appropriate and if needed.
For example,
--request-timeout=300s
1.2.33 Follow the Kubernetes documentation and configure a EncryptionConfig file.
Then, edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml
on the master node and set the --encryption-provider-config parameter to the path of that file: --encryption-provider-config=</path/to/EncryptionConfig/File>
@ -166,13 +171,13 @@ on the master node and set the below parameter.
[FAIL] 1.2.23 Ensure that the --audit-log-maxage argument is set to 30 or as appropriate (Scored)
[FAIL] 1.2.24 Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate (Scored)
[FAIL] 1.2.25 Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate (Scored)
[PASS] 1.2.26 Ensure that the --request-timeout argument is set as appropriate (Scored)
[WARN] 1.2.26 Ensure that the --request-timeout argument is set as appropriate (Scored)
[PASS] 1.2.27 Ensure that the --service-account-lookup argument is set to true (Scored)
[PASS] 1.2.28 Ensure that the --service-account-key-file argument is set as appropriate (Scored)
[PASS] 1.2.29 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate (Scored)
@ -140,6 +140,11 @@ on the master node and set the --audit-log-maxsize parameter to an appropriate s
For example, to set it as 100 MB:
--audit-log-maxsize=100
1.2.26 Edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml
and set the below parameter as appropriate and if needed.
For example,
--request-timeout=300s
1.2.33 Follow the Kubernetes documentation and configure a EncryptionConfig file.
Then, edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml
on the master node and set the --encryption-provider-config parameter to the path of that file: --encryption-provider-config=</path/to/EncryptionConfig/File>
@ -166,9 +171,9 @@ on the master node and set the below parameter.
== Summary master ==
45 checks PASS
44 checks PASS
10 checks FAIL
10 checks WARN
11 checks WARN
0 checks INFO
[INFO] 2 Etcd Node Configuration
@ -410,7 +415,7 @@ resources and that all new resources are created in a specific namespace.
[FAIL] 1.2.23 Ensure that the --audit-log-maxage argument is set to 30 or as appropriate (Automated)
[FAIL] 1.2.24 Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate (Automated)
[FAIL] 1.2.25 Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate (Automated)
[PASS] 1.2.26 Ensure that the --request-timeout argument is set as appropriate (Automated)
[WARN] 1.2.26 Ensure that the --request-timeout argument is set as appropriate (Automated)
[PASS] 1.2.27 Ensure that the --service-account-lookup argument is set to true (Automated)
[PASS] 1.2.28 Ensure that the --service-account-key-file argument is set as appropriate (Automated)
[PASS] 1.2.29 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate (Automated)
@ -140,6 +140,11 @@ on the master node and set the --audit-log-maxsize parameter to an appropriate s
For example, to set it as 100 MB:
--audit-log-maxsize=100
1.2.26 Edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml
and set the below parameter as appropriate and if needed.
For example,
--request-timeout=300s
1.2.33 Follow the Kubernetes documentation and configure a EncryptionConfig file.
Then, edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml
on the master node and set the --encryption-provider-config parameter to the path of that file: --encryption-provider-config=</path/to/EncryptionConfig/File>
@ -169,13 +174,13 @@ on the master node and set the below parameter.
[FAIL] 1.2.23 Ensure that the --audit-log-maxage argument is set to 30 or as appropriate (Automated)
[FAIL] 1.2.24 Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate (Automated)
[FAIL] 1.2.25 Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate (Automated)
[PASS] 1.2.26 Ensure that the --request-timeout argument is set as appropriate (Automated)
[WARN] 1.2.26 Ensure that the --request-timeout argument is set as appropriate (Automated)
[PASS] 1.2.27 Ensure that the --service-account-lookup argument is set to true (Automated)
[PASS] 1.2.28 Ensure that the --service-account-key-file argument is set as appropriate (Automated)
[PASS] 1.2.29 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate (Automated)
@ -140,6 +140,11 @@ on the master node and set the --audit-log-maxsize parameter to an appropriate s
For example, to set it as 100 MB:
--audit-log-maxsize=100
1.2.26 Edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml
and set the below parameter as appropriate and if needed.
For example,
--request-timeout=300s
1.2.33 Follow the Kubernetes documentation and configure a EncryptionConfig file.
Then, edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml
on the master node and set the --encryption-provider-config parameter to the path of that file: --encryption-provider-config=</path/to/EncryptionConfig/File>
@ -169,9 +174,9 @@ on the master node and set the below parameter.
== Summary master ==
45 checks PASS
44 checks PASS
10 checks FAIL
10 checks WARN
11 checks WARN
0 checks INFO
[INFO] 2 Etcd Node Configuration
@ -413,7 +418,7 @@ resources and that all new resources are created in a specific namespace.