arno/kube-bench
1
0
Fork 0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-12-18 20:58:10 +00:00
Code Issues Releases Wiki Activity

issue #337: Adds comment for properties detected thru parsing command line. Fixed Audit for test 2.1.8 (#354)

Browse Source
This commit is contained in:
Roberto Rojas 2019-07-11 12:05:24 -04:00 committed by Liz Rice
parent d127512ab9
commit 3926ba3977
2 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
cfg/1.11-json/node.yaml
View File

@ -10,6 +10,9 @@ groups:
checks:
- id: 2.1.1
text: "Ensure that the --allow-privileged argument is set to false (Scored)"
# This is one of those properties that can only be set as a command line argument.
# To check if the property is set as expected, we need to parse the kubelet command
# instead reading the Kubelet Configuration file.
audit: "ps -fC $kubeletbin"
tests:
test_items:

10
cfg/1.13-json/node.yaml
View File

@ -160,7 +160,10 @@ groups:
- id: 2.1.8
text: "Ensure that the --hostname-override argument is not set (Scored)"
audit: "cat $kubeletconf"
# This is one of those properties that can only be set as a command line argument.
# To check if the property is set as expected, we need to parse the kubelet command
# instead reading the Kubelet Configuration file.
audit: "ps -fC $kubeletbin"
tests:
test_items:
- flag: "--hostname-override"
@ -221,7 +224,10 @@ groups:
- id: 2.1.11
text: "Ensure that the --cadvisor-port argument is set to 0 (Scored)"
audit: "cat $kubeletconf"
# This is one of those properties that can only be set as a command line argument.
# To check if the property is set as expected, we need to parse the kubelet command
# instead reading the Kubelet Configuration file.
audit: "ps -fC $kubeletbin"
tests:
bin_op: or
test_items: