1
0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-11-22 16:18:07 +00:00

Change node check 2.1.6 to use operation noteq instead of gt.

Kubelet option --streaming-connection-idle-timeout expects a string
value which fails parsing to integer for greater than comparison.

The string "0" indicates no timeout and this is what we are checking
for.
This commit is contained in:
Abubakr-Sadik Nii Nai Davis 2017-08-24 18:30:25 +00:00
parent 8c0761149d
commit 3e3aa0ed82

View File

@ -79,10 +79,11 @@ groups:
text: "Ensure that the --streaming-connection-idle-timeout argument is not set to 0 (Scored)" text: "Ensure that the --streaming-connection-idle-timeout argument is not set to 0 (Scored)"
audit: "ps -ef | grep $kubeletbin | grep -v grep" audit: "ps -ef | grep $kubeletbin | grep -v grep"
tests: tests:
bin_op: or
test_items: test_items:
- flag: "--streaming-connection-idle-timeout" - flag: "--streaming-connection-idle-timeout"
compare: compare:
op: gt op: noteq
value: 0 value: 0
set: true set: true
remediation: "Edit the $kubeletconf file on each node and set the KUBELET_ARGS remediation: "Edit the $kubeletconf file on each node and set the KUBELET_ARGS