mirror of
https://github.com/aquasecurity/kube-bench.git
synced 2024-11-28 10:58:20 +00:00
Fix test request timeout (#874)
* Test 1.2.24 should be manual * Test 1.2.26 should be manual * Test 1.2.26 should be manual * Change test 1.2.26 * Change test 1.2.26 * Change test 1.2.26 * Change test 1.2.26 * Change test 1.2.26
This commit is contained in:
parent
9820da9579
commit
1f4b941c51
@ -680,12 +680,7 @@ groups:
|
|||||||
- id: 1.2.24
|
- id: 1.2.24
|
||||||
text: "Ensure that the --request-timeout argument is set as appropriate (Automated)"
|
text: "Ensure that the --request-timeout argument is set as appropriate (Automated)"
|
||||||
audit: "/bin/ps -ef | grep $apiserverbin | grep -v grep"
|
audit: "/bin/ps -ef | grep $apiserverbin | grep -v grep"
|
||||||
tests:
|
type: manual
|
||||||
bin_op: or
|
|
||||||
test_items:
|
|
||||||
- flag: "--request-timeout"
|
|
||||||
set: false
|
|
||||||
- flag: "--request-timeout"
|
|
||||||
remediation: |
|
remediation: |
|
||||||
Edit the API server pod specification file $apiserverconf
|
Edit the API server pod specification file $apiserverconf
|
||||||
and set the below parameter as appropriate and if needed.
|
and set the below parameter as appropriate and if needed.
|
||||||
|
@ -766,13 +766,7 @@ groups:
|
|||||||
- id: 1.2.26
|
- id: 1.2.26
|
||||||
text: "Ensure that the --request-timeout argument is set as appropriate (Scored)"
|
text: "Ensure that the --request-timeout argument is set as appropriate (Scored)"
|
||||||
audit: "/bin/ps -ef | grep $apiserverbin | grep -v grep"
|
audit: "/bin/ps -ef | grep $apiserverbin | grep -v grep"
|
||||||
tests:
|
type: manual
|
||||||
bin_op: or
|
|
||||||
test_items:
|
|
||||||
- flag: "--request-timeout"
|
|
||||||
set: false
|
|
||||||
- flag: "--request-timeout"
|
|
||||||
set: true
|
|
||||||
remediation: |
|
remediation: |
|
||||||
Edit the API server pod specification file $apiserverconf
|
Edit the API server pod specification file $apiserverconf
|
||||||
and set the below parameter as appropriate and if needed.
|
and set the below parameter as appropriate and if needed.
|
||||||
|
@ -714,12 +714,7 @@ groups:
|
|||||||
- id: 1.2.26
|
- id: 1.2.26
|
||||||
text: "Ensure that the --request-timeout argument is set as appropriate (Automated)"
|
text: "Ensure that the --request-timeout argument is set as appropriate (Automated)"
|
||||||
audit: "/bin/ps -ef | grep $apiserverbin | grep -v grep"
|
audit: "/bin/ps -ef | grep $apiserverbin | grep -v grep"
|
||||||
tests:
|
type: manual
|
||||||
bin_op: or
|
|
||||||
test_items:
|
|
||||||
- flag: "--request-timeout"
|
|
||||||
set: false
|
|
||||||
- flag: "--request-timeout"
|
|
||||||
remediation: |
|
remediation: |
|
||||||
Edit the API server pod specification file $apiserverconf
|
Edit the API server pod specification file $apiserverconf
|
||||||
and set the below parameter as appropriate and if needed.
|
and set the below parameter as appropriate and if needed.
|
||||||
|
15
integration/testdata/cis-1.5/job-master.data
vendored
15
integration/testdata/cis-1.5/job-master.data
vendored
@ -47,7 +47,7 @@
|
|||||||
[FAIL] 1.2.23 Ensure that the --audit-log-maxage argument is set to 30 or as appropriate (Scored)
|
[FAIL] 1.2.23 Ensure that the --audit-log-maxage argument is set to 30 or as appropriate (Scored)
|
||||||
[FAIL] 1.2.24 Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate (Scored)
|
[FAIL] 1.2.24 Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate (Scored)
|
||||||
[FAIL] 1.2.25 Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate (Scored)
|
[FAIL] 1.2.25 Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate (Scored)
|
||||||
[PASS] 1.2.26 Ensure that the --request-timeout argument is set as appropriate (Scored)
|
[WARN] 1.2.26 Ensure that the --request-timeout argument is set as appropriate (Scored)
|
||||||
[PASS] 1.2.27 Ensure that the --service-account-lookup argument is set to true (Scored)
|
[PASS] 1.2.27 Ensure that the --service-account-lookup argument is set to true (Scored)
|
||||||
[PASS] 1.2.28 Ensure that the --service-account-key-file argument is set as appropriate (Scored)
|
[PASS] 1.2.28 Ensure that the --service-account-key-file argument is set as appropriate (Scored)
|
||||||
[PASS] 1.2.29 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate (Scored)
|
[PASS] 1.2.29 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate (Scored)
|
||||||
@ -140,6 +140,11 @@ on the master node and set the --audit-log-maxsize parameter to an appropriate s
|
|||||||
For example, to set it as 100 MB:
|
For example, to set it as 100 MB:
|
||||||
--audit-log-maxsize=100
|
--audit-log-maxsize=100
|
||||||
|
|
||||||
|
1.2.26 Edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml
|
||||||
|
and set the below parameter as appropriate and if needed.
|
||||||
|
For example,
|
||||||
|
--request-timeout=300s
|
||||||
|
|
||||||
1.2.33 Follow the Kubernetes documentation and configure a EncryptionConfig file.
|
1.2.33 Follow the Kubernetes documentation and configure a EncryptionConfig file.
|
||||||
Then, edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml
|
Then, edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml
|
||||||
on the master node and set the --encryption-provider-config parameter to the path of that file: --encryption-provider-config=</path/to/EncryptionConfig/File>
|
on the master node and set the --encryption-provider-config parameter to the path of that file: --encryption-provider-config=</path/to/EncryptionConfig/File>
|
||||||
@ -166,13 +171,13 @@ on the master node and set the below parameter.
|
|||||||
|
|
||||||
|
|
||||||
== Summary master ==
|
== Summary master ==
|
||||||
45 checks PASS
|
44 checks PASS
|
||||||
10 checks FAIL
|
10 checks FAIL
|
||||||
10 checks WARN
|
11 checks WARN
|
||||||
0 checks INFO
|
0 checks INFO
|
||||||
|
|
||||||
== Summary total ==
|
== Summary total ==
|
||||||
45 checks PASS
|
44 checks PASS
|
||||||
10 checks FAIL
|
10 checks FAIL
|
||||||
10 checks WARN
|
11 checks WARN
|
||||||
0 checks INFO
|
0 checks INFO
|
15
integration/testdata/cis-1.5/job.data
vendored
15
integration/testdata/cis-1.5/job.data
vendored
@ -47,7 +47,7 @@
|
|||||||
[FAIL] 1.2.23 Ensure that the --audit-log-maxage argument is set to 30 or as appropriate (Scored)
|
[FAIL] 1.2.23 Ensure that the --audit-log-maxage argument is set to 30 or as appropriate (Scored)
|
||||||
[FAIL] 1.2.24 Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate (Scored)
|
[FAIL] 1.2.24 Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate (Scored)
|
||||||
[FAIL] 1.2.25 Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate (Scored)
|
[FAIL] 1.2.25 Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate (Scored)
|
||||||
[PASS] 1.2.26 Ensure that the --request-timeout argument is set as appropriate (Scored)
|
[WARN] 1.2.26 Ensure that the --request-timeout argument is set as appropriate (Scored)
|
||||||
[PASS] 1.2.27 Ensure that the --service-account-lookup argument is set to true (Scored)
|
[PASS] 1.2.27 Ensure that the --service-account-lookup argument is set to true (Scored)
|
||||||
[PASS] 1.2.28 Ensure that the --service-account-key-file argument is set as appropriate (Scored)
|
[PASS] 1.2.28 Ensure that the --service-account-key-file argument is set as appropriate (Scored)
|
||||||
[PASS] 1.2.29 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate (Scored)
|
[PASS] 1.2.29 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate (Scored)
|
||||||
@ -140,6 +140,11 @@ on the master node and set the --audit-log-maxsize parameter to an appropriate s
|
|||||||
For example, to set it as 100 MB:
|
For example, to set it as 100 MB:
|
||||||
--audit-log-maxsize=100
|
--audit-log-maxsize=100
|
||||||
|
|
||||||
|
1.2.26 Edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml
|
||||||
|
and set the below parameter as appropriate and if needed.
|
||||||
|
For example,
|
||||||
|
--request-timeout=300s
|
||||||
|
|
||||||
1.2.33 Follow the Kubernetes documentation and configure a EncryptionConfig file.
|
1.2.33 Follow the Kubernetes documentation and configure a EncryptionConfig file.
|
||||||
Then, edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml
|
Then, edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml
|
||||||
on the master node and set the --encryption-provider-config parameter to the path of that file: --encryption-provider-config=</path/to/EncryptionConfig/File>
|
on the master node and set the --encryption-provider-config parameter to the path of that file: --encryption-provider-config=</path/to/EncryptionConfig/File>
|
||||||
@ -166,9 +171,9 @@ on the master node and set the below parameter.
|
|||||||
|
|
||||||
|
|
||||||
== Summary master ==
|
== Summary master ==
|
||||||
45 checks PASS
|
44 checks PASS
|
||||||
10 checks FAIL
|
10 checks FAIL
|
||||||
10 checks WARN
|
11 checks WARN
|
||||||
0 checks INFO
|
0 checks INFO
|
||||||
|
|
||||||
[INFO] 2 Etcd Node Configuration
|
[INFO] 2 Etcd Node Configuration
|
||||||
@ -410,7 +415,7 @@ resources and that all new resources are created in a specific namespace.
|
|||||||
0 checks INFO
|
0 checks INFO
|
||||||
|
|
||||||
== Summary total ==
|
== Summary total ==
|
||||||
72 checks PASS
|
71 checks PASS
|
||||||
13 checks FAIL
|
13 checks FAIL
|
||||||
37 checks WARN
|
38 checks WARN
|
||||||
0 checks INFO
|
0 checks INFO
|
||||||
|
15
integration/testdata/cis-1.6/job-master.data
vendored
15
integration/testdata/cis-1.6/job-master.data
vendored
@ -47,7 +47,7 @@
|
|||||||
[FAIL] 1.2.23 Ensure that the --audit-log-maxage argument is set to 30 or as appropriate (Automated)
|
[FAIL] 1.2.23 Ensure that the --audit-log-maxage argument is set to 30 or as appropriate (Automated)
|
||||||
[FAIL] 1.2.24 Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate (Automated)
|
[FAIL] 1.2.24 Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate (Automated)
|
||||||
[FAIL] 1.2.25 Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate (Automated)
|
[FAIL] 1.2.25 Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate (Automated)
|
||||||
[PASS] 1.2.26 Ensure that the --request-timeout argument is set as appropriate (Automated)
|
[WARN] 1.2.26 Ensure that the --request-timeout argument is set as appropriate (Automated)
|
||||||
[PASS] 1.2.27 Ensure that the --service-account-lookup argument is set to true (Automated)
|
[PASS] 1.2.27 Ensure that the --service-account-lookup argument is set to true (Automated)
|
||||||
[PASS] 1.2.28 Ensure that the --service-account-key-file argument is set as appropriate (Automated)
|
[PASS] 1.2.28 Ensure that the --service-account-key-file argument is set as appropriate (Automated)
|
||||||
[PASS] 1.2.29 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate (Automated)
|
[PASS] 1.2.29 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate (Automated)
|
||||||
@ -140,6 +140,11 @@ on the master node and set the --audit-log-maxsize parameter to an appropriate s
|
|||||||
For example, to set it as 100 MB:
|
For example, to set it as 100 MB:
|
||||||
--audit-log-maxsize=100
|
--audit-log-maxsize=100
|
||||||
|
|
||||||
|
1.2.26 Edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml
|
||||||
|
and set the below parameter as appropriate and if needed.
|
||||||
|
For example,
|
||||||
|
--request-timeout=300s
|
||||||
|
|
||||||
1.2.33 Follow the Kubernetes documentation and configure a EncryptionConfig file.
|
1.2.33 Follow the Kubernetes documentation and configure a EncryptionConfig file.
|
||||||
Then, edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml
|
Then, edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml
|
||||||
on the master node and set the --encryption-provider-config parameter to the path of that file: --encryption-provider-config=</path/to/EncryptionConfig/File>
|
on the master node and set the --encryption-provider-config parameter to the path of that file: --encryption-provider-config=</path/to/EncryptionConfig/File>
|
||||||
@ -169,13 +174,13 @@ on the master node and set the below parameter.
|
|||||||
|
|
||||||
|
|
||||||
== Summary master ==
|
== Summary master ==
|
||||||
45 checks PASS
|
44 checks PASS
|
||||||
10 checks FAIL
|
10 checks FAIL
|
||||||
10 checks WARN
|
11 checks WARN
|
||||||
0 checks INFO
|
0 checks INFO
|
||||||
|
|
||||||
== Summary total ==
|
== Summary total ==
|
||||||
45 checks PASS
|
44 checks PASS
|
||||||
10 checks FAIL
|
10 checks FAIL
|
||||||
10 checks WARN
|
11 checks WARN
|
||||||
0 checks INFO
|
0 checks INFO
|
15
integration/testdata/cis-1.6/job.data
vendored
15
integration/testdata/cis-1.6/job.data
vendored
@ -47,7 +47,7 @@
|
|||||||
[FAIL] 1.2.23 Ensure that the --audit-log-maxage argument is set to 30 or as appropriate (Automated)
|
[FAIL] 1.2.23 Ensure that the --audit-log-maxage argument is set to 30 or as appropriate (Automated)
|
||||||
[FAIL] 1.2.24 Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate (Automated)
|
[FAIL] 1.2.24 Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate (Automated)
|
||||||
[FAIL] 1.2.25 Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate (Automated)
|
[FAIL] 1.2.25 Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate (Automated)
|
||||||
[PASS] 1.2.26 Ensure that the --request-timeout argument is set as appropriate (Automated)
|
[WARN] 1.2.26 Ensure that the --request-timeout argument is set as appropriate (Automated)
|
||||||
[PASS] 1.2.27 Ensure that the --service-account-lookup argument is set to true (Automated)
|
[PASS] 1.2.27 Ensure that the --service-account-lookup argument is set to true (Automated)
|
||||||
[PASS] 1.2.28 Ensure that the --service-account-key-file argument is set as appropriate (Automated)
|
[PASS] 1.2.28 Ensure that the --service-account-key-file argument is set as appropriate (Automated)
|
||||||
[PASS] 1.2.29 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate (Automated)
|
[PASS] 1.2.29 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate (Automated)
|
||||||
@ -140,6 +140,11 @@ on the master node and set the --audit-log-maxsize parameter to an appropriate s
|
|||||||
For example, to set it as 100 MB:
|
For example, to set it as 100 MB:
|
||||||
--audit-log-maxsize=100
|
--audit-log-maxsize=100
|
||||||
|
|
||||||
|
1.2.26 Edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml
|
||||||
|
and set the below parameter as appropriate and if needed.
|
||||||
|
For example,
|
||||||
|
--request-timeout=300s
|
||||||
|
|
||||||
1.2.33 Follow the Kubernetes documentation and configure a EncryptionConfig file.
|
1.2.33 Follow the Kubernetes documentation and configure a EncryptionConfig file.
|
||||||
Then, edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml
|
Then, edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml
|
||||||
on the master node and set the --encryption-provider-config parameter to the path of that file: --encryption-provider-config=</path/to/EncryptionConfig/File>
|
on the master node and set the --encryption-provider-config parameter to the path of that file: --encryption-provider-config=</path/to/EncryptionConfig/File>
|
||||||
@ -169,9 +174,9 @@ on the master node and set the below parameter.
|
|||||||
|
|
||||||
|
|
||||||
== Summary master ==
|
== Summary master ==
|
||||||
45 checks PASS
|
44 checks PASS
|
||||||
10 checks FAIL
|
10 checks FAIL
|
||||||
10 checks WARN
|
11 checks WARN
|
||||||
0 checks INFO
|
0 checks INFO
|
||||||
|
|
||||||
[INFO] 2 Etcd Node Configuration
|
[INFO] 2 Etcd Node Configuration
|
||||||
@ -413,7 +418,7 @@ resources and that all new resources are created in a specific namespace.
|
|||||||
0 checks INFO
|
0 checks INFO
|
||||||
|
|
||||||
== Summary total ==
|
== Summary total ==
|
||||||
72 checks PASS
|
71 checks PASS
|
||||||
11 checks FAIL
|
11 checks FAIL
|
||||||
39 checks WARN
|
40 checks WARN
|
||||||
0 checks INFO
|
0 checks INFO
|
||||||
|
Loading…
Reference in New Issue
Block a user