arno/kube-bench
1
0
Fork 0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2025-02-19 19:12:12 +00:00
Code Issues Releases Wiki Activity

Merge branch 'master' into config-files

Browse Source
This commit is contained in:
Liz Rice 2017-08-30 11:43:03 +01:00 committed by GitHub
commit 21baf95d6b
2 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@ -105,3 +105,6 @@ These operations are:
- `lte`: tests if the flag value is less than or equal to the compared value. - `lte`: tests if the flag value is less than or equal to the compared value.
- `has`: tests if the flag value contains the compared value. - `has`: tests if the flag value contains the compared value.
- `nothave`: tests if the flag value does not contain the compared value. - `nothave`: tests if the flag value does not contain the compared value.
# Roadmap
The tests are up-to-date with the CIS Benchmark 1.1.0, which refers to Kubernetes 1.7. Going forward we should release updates to kube-bench to reflect new releases of the Benchmark, which in turn we can anticipate being made for each new Kubernetes release.

3
cfg/node.yaml
View File

@ -79,10 +79,11 @@ groups:
text: "Ensure that the --streaming-connection-idle-timeout argument is not set to 0 (Scored)" text: "Ensure that the --streaming-connection-idle-timeout argument is not set to 0 (Scored)"
audit: "ps -ef | grep $kubeletbin | grep -v grep" audit: "ps -ef | grep $kubeletbin | grep -v grep"
tests: tests:
bin_op: or
test_items: test_items:
- flag: "--streaming-connection-idle-timeout" - flag: "--streaming-connection-idle-timeout"
compare: compare:
op: gt op: noteq
value: 0 value: 0
set: true set: true
remediation: "Edit the $kubeletconf file on each node and set the KUBELET_ARGS remediation: "Edit the $kubeletconf file on each node and set the KUBELET_ARGS