mirror of
https://github.com/aquasecurity/kube-bench.git
synced 2024-11-28 02:49:10 +00:00
Fix test request timeout (#874)
* Test 1.2.24 should be manual * Test 1.2.26 should be manual * Test 1.2.26 should be manual * Change test 1.2.26 * Change test 1.2.26 * Change test 1.2.26 * Change test 1.2.26 * Change test 1.2.26
This commit is contained in:
parent
9820da9579
commit
1f4b941c51
@ -680,12 +680,7 @@ groups:
|
||||
- id: 1.2.24
|
||||
text: "Ensure that the --request-timeout argument is set as appropriate (Automated)"
|
||||
audit: "/bin/ps -ef | grep $apiserverbin | grep -v grep"
|
||||
tests:
|
||||
bin_op: or
|
||||
test_items:
|
||||
- flag: "--request-timeout"
|
||||
set: false
|
||||
- flag: "--request-timeout"
|
||||
type: manual
|
||||
remediation: |
|
||||
Edit the API server pod specification file $apiserverconf
|
||||
and set the below parameter as appropriate and if needed.
|
||||
|
@ -766,13 +766,7 @@ groups:
|
||||
- id: 1.2.26
|
||||
text: "Ensure that the --request-timeout argument is set as appropriate (Scored)"
|
||||
audit: "/bin/ps -ef | grep $apiserverbin | grep -v grep"
|
||||
tests:
|
||||
bin_op: or
|
||||
test_items:
|
||||
- flag: "--request-timeout"
|
||||
set: false
|
||||
- flag: "--request-timeout"
|
||||
set: true
|
||||
type: manual
|
||||
remediation: |
|
||||
Edit the API server pod specification file $apiserverconf
|
||||
and set the below parameter as appropriate and if needed.
|
||||
|
@ -714,12 +714,7 @@ groups:
|
||||
- id: 1.2.26
|
||||
text: "Ensure that the --request-timeout argument is set as appropriate (Automated)"
|
||||
audit: "/bin/ps -ef | grep $apiserverbin | grep -v grep"
|
||||
tests:
|
||||
bin_op: or
|
||||
test_items:
|
||||
- flag: "--request-timeout"
|
||||
set: false
|
||||
- flag: "--request-timeout"
|
||||
type: manual
|
||||
remediation: |
|
||||
Edit the API server pod specification file $apiserverconf
|
||||
and set the below parameter as appropriate and if needed.
|
||||
|
15
integration/testdata/cis-1.5/job-master.data
vendored
15
integration/testdata/cis-1.5/job-master.data
vendored
@ -47,7 +47,7 @@
|
||||
[FAIL] 1.2.23 Ensure that the --audit-log-maxage argument is set to 30 or as appropriate (Scored)
|
||||
[FAIL] 1.2.24 Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate (Scored)
|
||||
[FAIL] 1.2.25 Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate (Scored)
|
||||
[PASS] 1.2.26 Ensure that the --request-timeout argument is set as appropriate (Scored)
|
||||
[WARN] 1.2.26 Ensure that the --request-timeout argument is set as appropriate (Scored)
|
||||
[PASS] 1.2.27 Ensure that the --service-account-lookup argument is set to true (Scored)
|
||||
[PASS] 1.2.28 Ensure that the --service-account-key-file argument is set as appropriate (Scored)
|
||||
[PASS] 1.2.29 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate (Scored)
|
||||
@ -140,6 +140,11 @@ on the master node and set the --audit-log-maxsize parameter to an appropriate s
|
||||
For example, to set it as 100 MB:
|
||||
--audit-log-maxsize=100
|
||||
|
||||
1.2.26 Edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml
|
||||
and set the below parameter as appropriate and if needed.
|
||||
For example,
|
||||
--request-timeout=300s
|
||||
|
||||
1.2.33 Follow the Kubernetes documentation and configure a EncryptionConfig file.
|
||||
Then, edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml
|
||||
on the master node and set the --encryption-provider-config parameter to the path of that file: --encryption-provider-config=</path/to/EncryptionConfig/File>
|
||||
@ -166,13 +171,13 @@ on the master node and set the below parameter.
|
||||
|
||||
|
||||
== Summary master ==
|
||||
45 checks PASS
|
||||
44 checks PASS
|
||||
10 checks FAIL
|
||||
10 checks WARN
|
||||
11 checks WARN
|
||||
0 checks INFO
|
||||
|
||||
== Summary total ==
|
||||
45 checks PASS
|
||||
44 checks PASS
|
||||
10 checks FAIL
|
||||
10 checks WARN
|
||||
11 checks WARN
|
||||
0 checks INFO
|
15
integration/testdata/cis-1.5/job.data
vendored
15
integration/testdata/cis-1.5/job.data
vendored
@ -47,7 +47,7 @@
|
||||
[FAIL] 1.2.23 Ensure that the --audit-log-maxage argument is set to 30 or as appropriate (Scored)
|
||||
[FAIL] 1.2.24 Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate (Scored)
|
||||
[FAIL] 1.2.25 Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate (Scored)
|
||||
[PASS] 1.2.26 Ensure that the --request-timeout argument is set as appropriate (Scored)
|
||||
[WARN] 1.2.26 Ensure that the --request-timeout argument is set as appropriate (Scored)
|
||||
[PASS] 1.2.27 Ensure that the --service-account-lookup argument is set to true (Scored)
|
||||
[PASS] 1.2.28 Ensure that the --service-account-key-file argument is set as appropriate (Scored)
|
||||
[PASS] 1.2.29 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate (Scored)
|
||||
@ -140,6 +140,11 @@ on the master node and set the --audit-log-maxsize parameter to an appropriate s
|
||||
For example, to set it as 100 MB:
|
||||
--audit-log-maxsize=100
|
||||
|
||||
1.2.26 Edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml
|
||||
and set the below parameter as appropriate and if needed.
|
||||
For example,
|
||||
--request-timeout=300s
|
||||
|
||||
1.2.33 Follow the Kubernetes documentation and configure a EncryptionConfig file.
|
||||
Then, edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml
|
||||
on the master node and set the --encryption-provider-config parameter to the path of that file: --encryption-provider-config=</path/to/EncryptionConfig/File>
|
||||
@ -166,9 +171,9 @@ on the master node and set the below parameter.
|
||||
|
||||
|
||||
== Summary master ==
|
||||
45 checks PASS
|
||||
44 checks PASS
|
||||
10 checks FAIL
|
||||
10 checks WARN
|
||||
11 checks WARN
|
||||
0 checks INFO
|
||||
|
||||
[INFO] 2 Etcd Node Configuration
|
||||
@ -410,7 +415,7 @@ resources and that all new resources are created in a specific namespace.
|
||||
0 checks INFO
|
||||
|
||||
== Summary total ==
|
||||
72 checks PASS
|
||||
71 checks PASS
|
||||
13 checks FAIL
|
||||
37 checks WARN
|
||||
38 checks WARN
|
||||
0 checks INFO
|
||||
|
15
integration/testdata/cis-1.6/job-master.data
vendored
15
integration/testdata/cis-1.6/job-master.data
vendored
@ -47,7 +47,7 @@
|
||||
[FAIL] 1.2.23 Ensure that the --audit-log-maxage argument is set to 30 or as appropriate (Automated)
|
||||
[FAIL] 1.2.24 Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate (Automated)
|
||||
[FAIL] 1.2.25 Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate (Automated)
|
||||
[PASS] 1.2.26 Ensure that the --request-timeout argument is set as appropriate (Automated)
|
||||
[WARN] 1.2.26 Ensure that the --request-timeout argument is set as appropriate (Automated)
|
||||
[PASS] 1.2.27 Ensure that the --service-account-lookup argument is set to true (Automated)
|
||||
[PASS] 1.2.28 Ensure that the --service-account-key-file argument is set as appropriate (Automated)
|
||||
[PASS] 1.2.29 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate (Automated)
|
||||
@ -140,6 +140,11 @@ on the master node and set the --audit-log-maxsize parameter to an appropriate s
|
||||
For example, to set it as 100 MB:
|
||||
--audit-log-maxsize=100
|
||||
|
||||
1.2.26 Edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml
|
||||
and set the below parameter as appropriate and if needed.
|
||||
For example,
|
||||
--request-timeout=300s
|
||||
|
||||
1.2.33 Follow the Kubernetes documentation and configure a EncryptionConfig file.
|
||||
Then, edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml
|
||||
on the master node and set the --encryption-provider-config parameter to the path of that file: --encryption-provider-config=</path/to/EncryptionConfig/File>
|
||||
@ -169,13 +174,13 @@ on the master node and set the below parameter.
|
||||
|
||||
|
||||
== Summary master ==
|
||||
45 checks PASS
|
||||
44 checks PASS
|
||||
10 checks FAIL
|
||||
10 checks WARN
|
||||
11 checks WARN
|
||||
0 checks INFO
|
||||
|
||||
== Summary total ==
|
||||
45 checks PASS
|
||||
44 checks PASS
|
||||
10 checks FAIL
|
||||
10 checks WARN
|
||||
11 checks WARN
|
||||
0 checks INFO
|
15
integration/testdata/cis-1.6/job.data
vendored
15
integration/testdata/cis-1.6/job.data
vendored
@ -47,7 +47,7 @@
|
||||
[FAIL] 1.2.23 Ensure that the --audit-log-maxage argument is set to 30 or as appropriate (Automated)
|
||||
[FAIL] 1.2.24 Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate (Automated)
|
||||
[FAIL] 1.2.25 Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate (Automated)
|
||||
[PASS] 1.2.26 Ensure that the --request-timeout argument is set as appropriate (Automated)
|
||||
[WARN] 1.2.26 Ensure that the --request-timeout argument is set as appropriate (Automated)
|
||||
[PASS] 1.2.27 Ensure that the --service-account-lookup argument is set to true (Automated)
|
||||
[PASS] 1.2.28 Ensure that the --service-account-key-file argument is set as appropriate (Automated)
|
||||
[PASS] 1.2.29 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate (Automated)
|
||||
@ -140,6 +140,11 @@ on the master node and set the --audit-log-maxsize parameter to an appropriate s
|
||||
For example, to set it as 100 MB:
|
||||
--audit-log-maxsize=100
|
||||
|
||||
1.2.26 Edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml
|
||||
and set the below parameter as appropriate and if needed.
|
||||
For example,
|
||||
--request-timeout=300s
|
||||
|
||||
1.2.33 Follow the Kubernetes documentation and configure a EncryptionConfig file.
|
||||
Then, edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml
|
||||
on the master node and set the --encryption-provider-config parameter to the path of that file: --encryption-provider-config=</path/to/EncryptionConfig/File>
|
||||
@ -169,9 +174,9 @@ on the master node and set the below parameter.
|
||||
|
||||
|
||||
== Summary master ==
|
||||
45 checks PASS
|
||||
44 checks PASS
|
||||
10 checks FAIL
|
||||
10 checks WARN
|
||||
11 checks WARN
|
||||
0 checks INFO
|
||||
|
||||
[INFO] 2 Etcd Node Configuration
|
||||
@ -413,7 +418,7 @@ resources and that all new resources are created in a specific namespace.
|
||||
0 checks INFO
|
||||
|
||||
== Summary total ==
|
||||
72 checks PASS
|
||||
71 checks PASS
|
||||
11 checks FAIL
|
||||
39 checks WARN
|
||||
40 checks WARN
|
||||
0 checks INFO
|
||||
|
Loading…
Reference in New Issue
Block a user