1
0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-11-22 16:18:07 +00:00

Merge pull request #94 from jaxxstorm/test_updates

Test fixes for 1.8
This commit is contained in:
Liz Rice 2018-01-30 19:58:12 +00:00 committed by GitHub
commit 1f52a13400
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -628,7 +628,7 @@ groups:
set: true
remediation: |
Remediation:
Edit the Scheduler pod specification file $apiserverconf
Edit the Scheduler pod specification file $schedulerconf
file on the master node and set the below parameter.
--profiling=false
scored: true
@ -644,7 +644,7 @@ groups:
- flag: "--terminated-pod-gc-threshold"
set: true
remediation: |
Edit the Controller Manager pod specification file $apiserverconf
Edit the Controller Manager pod specification file $controllermanagerconf
on the master node and set the --terminated-pod-gc-threshold to an appropriate threshold, for example:
--terminated-pod-gc-threshold=10
scored: true
@ -978,12 +978,23 @@ groups:
more restrictive (Scored)"
audit: "/bin/sh -c 'if test -e /etc/kubernetes/admin.conf; then stat -c %a /etc/kubernetes/admin.conf; fi'"
tests:
bin_op: or
test_items:
- flag: "644"
compare:
op: eq
value: "644"
set: true
- flag: "640"
compare:
op: eq
value: "640"
set: true
- flag: "600"
compare:
op: eq
value: "600"
set: true
remediation: |
Run the below command (based on the file location on your system) on the master node.
For example,
@ -1009,14 +1020,25 @@ groups:
- id: 1.4.15
text: "Ensure that the scheduler.conf file permissions are set to 644 or
more restrictive (Scored)"
audit: "/bin/sh -c 'if test -e $schedulerconf then stat -c %a $schedulerconf; fi'"
audit: "/bin/sh -c 'if test -e $schedulerconf; then stat -c %a $schedulerconf; fi'"
tests:
bin_op: or
test_items:
- flag: "644"
compare:
op: eq
value: "644"
set: true
- flag: "640"
compare:
op: eq
value: "640"
set: true
- flag: "600"
compare:
op: eq
value: "600"
set: true
remediation: |
Run the below command (based on the file location on your system) on the master node.
For example,
@ -1042,14 +1064,25 @@ groups:
- id: 1.4.17
text: "Ensure that the controller-manager.conf file permissions are set
to 644 or more restrictive (Scored)"
audit: "/bin/sh -c 'if test -e $controllermanagerconf then stat -c %a $controllermanagerconf; fi'"
audit: "/bin/sh -c 'if test -e $controllermanagerconf; then stat -c %a $controllermanagerconf; fi'"
tests:
bin_op: or
test_items:
- flag: "644"
compare:
op: eq
value: "644"
set: true
- flag: "640"
compare:
op: eq
value: "640"
set: true
- flag: "600"
compare:
op: eq
value: "600"
set: true
remediation: |
Run the below command (based on the file location on your system) on the master node.
For example,