mirror of
https://github.com/aquasecurity/kube-bench.git
synced 2024-12-23 23:18:33 +00:00
Modify 1.2.3 Ensure that the DenyServiceExternalIPs is set
in CIS-1.7/1.8 (#1607)
* Modify 1.2.3 Ensure that the DenyServiceExternalIPs is set - op changed from `have` to `has` and removed bin_op: or - remediation description changed to only include --enable-admission-plugins * Apply changes for CIS-1.9
This commit is contained in:
parent
b85ec78a84
commit
4b4c1ce709
@ -345,16 +345,15 @@ groups:
|
|||||||
text: "Ensure that the --DenyServiceExternalIPs is set (Manual)"
|
text: "Ensure that the --DenyServiceExternalIPs is set (Manual)"
|
||||||
audit: "/bin/ps -ef | grep $apiserverbin | grep -v grep"
|
audit: "/bin/ps -ef | grep $apiserverbin | grep -v grep"
|
||||||
tests:
|
tests:
|
||||||
bin_op: or
|
|
||||||
test_items:
|
test_items:
|
||||||
- flag: "--enable-admission-plugins"
|
- flag: "--enable-admission-plugins"
|
||||||
compare:
|
compare:
|
||||||
op: have
|
op: has
|
||||||
value: "DenyServiceExternalIPs"
|
value: "DenyServiceExternalIPs"
|
||||||
remediation: |
|
remediation: |
|
||||||
Edit the API server pod specification file $apiserverconf
|
Edit the API server pod specification file $apiserverconf
|
||||||
on the control plane node and remove the `DenyServiceExternalIPs`
|
on the control plane node and add the `DenyServiceExternalIPs` plugin
|
||||||
from enabled admission plugins.
|
to the enabled admission plugins, as such --enable-admission-plugin=DenyServiceExternalIPs.
|
||||||
scored: false
|
scored: false
|
||||||
|
|
||||||
- id: 1.2.4
|
- id: 1.2.4
|
||||||
|
@ -345,16 +345,15 @@ groups:
|
|||||||
text: "Ensure that the --DenyServiceExternalIPs is set (Manual)"
|
text: "Ensure that the --DenyServiceExternalIPs is set (Manual)"
|
||||||
audit: "/bin/ps -ef | grep $apiserverbin | grep -v grep"
|
audit: "/bin/ps -ef | grep $apiserverbin | grep -v grep"
|
||||||
tests:
|
tests:
|
||||||
bin_op: or
|
|
||||||
test_items:
|
test_items:
|
||||||
- flag: "--enable-admission-plugins"
|
- flag: "--enable-admission-plugins"
|
||||||
compare:
|
compare:
|
||||||
op: have
|
op: has
|
||||||
value: "DenyServiceExternalIPs"
|
value: "DenyServiceExternalIPs"
|
||||||
remediation: |
|
remediation: |
|
||||||
Edit the API server pod specification file $apiserverconf
|
Edit the API server pod specification file $apiserverconf
|
||||||
on the control plane node and remove the `DenyServiceExternalIPs`
|
on the control plane node and add the `DenyServiceExternalIPs` plugin
|
||||||
from enabled admission plugins.
|
to the enabled admission plugins, as such --enable-admission-plugin=DenyServiceExternalIPs.
|
||||||
scored: false
|
scored: false
|
||||||
|
|
||||||
- id: 1.2.4
|
- id: 1.2.4
|
||||||
|
@ -360,12 +360,12 @@ groups:
|
|||||||
test_items:
|
test_items:
|
||||||
- flag: "--enable-admission-plugins"
|
- flag: "--enable-admission-plugins"
|
||||||
compare:
|
compare:
|
||||||
op: have
|
op: has
|
||||||
value: "DenyServiceExternalIPs"
|
value: "DenyServiceExternalIPs"
|
||||||
remediation: |
|
remediation: |
|
||||||
Edit the API server pod specification file $apiserverconf
|
Edit the API server pod specification file $apiserverconf
|
||||||
on the control plane node and remove the `DenyServiceExternalIPs`
|
on the control plane node and add the `DenyServiceExternalIPs` plugin
|
||||||
from enabled admission plugins.
|
to the enabled admission plugins, as such --enable-admission-plugin=DenyServiceExternalIPs.
|
||||||
scored: false
|
scored: false
|
||||||
|
|
||||||
- id: 1.2.4
|
- id: 1.2.4
|
||||||
|
Loading…
Reference in New Issue
Block a user