arno/kube-bench
1
0
Fork 0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-11-27 02:18:16 +00:00
Code Issues Releases Wiki Activity

Ensure 127.0.0.1 for the --bind-address parameter (#1723)

Browse Source
This commit is contained in:
Konstantinos Tsakalozos 2024-11-18 05:56:28 +02:00 committed by GitHub
parent 4de7b2095a
commit 39dfe93b68
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 0 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
cfg/cis-1.24/master.yaml
View File

@ -900,14 +900,11 @@ groups:
text: "Ensure that the --bind-address argument is set to 127.0.0.1 (Automated)" text: "Ensure that the --bind-address argument is set to 127.0.0.1 (Automated)"
audit: "/bin/ps -ef | grep $controllermanagerbin | grep -v grep" audit: "/bin/ps -ef | grep $controllermanagerbin | grep -v grep"
tests: tests:
bin_op: or
test_items: test_items:
- flag: "--bind-address" - flag: "--bind-address"
compare: compare:
op: eq op: eq
value: "127.0.0.1" value: "127.0.0.1"
- flag: "--bind-address"
set: false
remediation: | remediation: |
Edit the Controller Manager pod specification file $controllermanagerconf Edit the Controller Manager pod specification file $controllermanagerconf
on the control plane node and ensure the correct value for the --bind-address parameter on the control plane node and ensure the correct value for the --bind-address parameter
@ -935,14 +932,11 @@ groups:
text: "Ensure that the --bind-address argument is set to 127.0.0.1 (Automated)" text: "Ensure that the --bind-address argument is set to 127.0.0.1 (Automated)"
audit: "/bin/ps -ef | grep $schedulerbin | grep -v grep" audit: "/bin/ps -ef | grep $schedulerbin | grep -v grep"
tests: tests:
bin_op: or
test_items: test_items:
- flag: "--bind-address" - flag: "--bind-address"
compare: compare:
op: eq op: eq
value: "127.0.0.1" value: "127.0.0.1"
- flag: "--bind-address"
set: false
remediation: | remediation: |
Edit the Scheduler pod specification file $schedulerconf Edit the Scheduler pod specification file $schedulerconf
on the control plane node and ensure the correct value for the --bind-address parameter on the control plane node and ensure the correct value for the --bind-address parameter