1
0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-12-23 23:18:33 +00:00

Modify 1.2.3 Ensure that the DenyServiceExternalIPs is set in CIS-1.7/1.8 (#1607)

* Modify 1.2.3 Ensure that the DenyServiceExternalIPs is set
 - op changed from `have` to `has` and removed bin_op: or
 - remediation description changed to only include --enable-admission-plugins

* Apply changes for CIS-1.9
This commit is contained in:
Andy Pitcher 2024-09-30 00:30:59 -04:00 committed by GitHub
parent b85ec78a84
commit 4b4c1ce709
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 9 additions and 11 deletions

View File

@ -345,16 +345,15 @@ groups:
text: "Ensure that the --DenyServiceExternalIPs is set (Manual)" text: "Ensure that the --DenyServiceExternalIPs is set (Manual)"
audit: "/bin/ps -ef | grep $apiserverbin | grep -v grep" audit: "/bin/ps -ef | grep $apiserverbin | grep -v grep"
tests: tests:
bin_op: or
test_items: test_items:
- flag: "--enable-admission-plugins" - flag: "--enable-admission-plugins"
compare: compare:
op: have op: has
value: "DenyServiceExternalIPs" value: "DenyServiceExternalIPs"
remediation: | remediation: |
Edit the API server pod specification file $apiserverconf Edit the API server pod specification file $apiserverconf
on the control plane node and remove the `DenyServiceExternalIPs` on the control plane node and add the `DenyServiceExternalIPs` plugin
from enabled admission plugins. to the enabled admission plugins, as such --enable-admission-plugin=DenyServiceExternalIPs.
scored: false scored: false
- id: 1.2.4 - id: 1.2.4

View File

@ -345,16 +345,15 @@ groups:
text: "Ensure that the --DenyServiceExternalIPs is set (Manual)" text: "Ensure that the --DenyServiceExternalIPs is set (Manual)"
audit: "/bin/ps -ef | grep $apiserverbin | grep -v grep" audit: "/bin/ps -ef | grep $apiserverbin | grep -v grep"
tests: tests:
bin_op: or
test_items: test_items:
- flag: "--enable-admission-plugins" - flag: "--enable-admission-plugins"
compare: compare:
op: have op: has
value: "DenyServiceExternalIPs" value: "DenyServiceExternalIPs"
remediation: | remediation: |
Edit the API server pod specification file $apiserverconf Edit the API server pod specification file $apiserverconf
on the control plane node and remove the `DenyServiceExternalIPs` on the control plane node and add the `DenyServiceExternalIPs` plugin
from enabled admission plugins. to the enabled admission plugins, as such --enable-admission-plugin=DenyServiceExternalIPs.
scored: false scored: false
- id: 1.2.4 - id: 1.2.4

View File

@ -360,12 +360,12 @@ groups:
test_items: test_items:
- flag: "--enable-admission-plugins" - flag: "--enable-admission-plugins"
compare: compare:
op: have op: has
value: "DenyServiceExternalIPs" value: "DenyServiceExternalIPs"
remediation: | remediation: |
Edit the API server pod specification file $apiserverconf Edit the API server pod specification file $apiserverconf
on the control plane node and remove the `DenyServiceExternalIPs` on the control plane node and add the `DenyServiceExternalIPs` plugin
from enabled admission plugins. to the enabled admission plugins, as such --enable-admission-plugin=DenyServiceExternalIPs.
scored: false scored: false
- id: 1.2.4 - id: 1.2.4