1
0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-11-26 18:08:15 +00:00

Clean up OCP benchmark config.

The OCP benchmarks uses configs for only binary component variable names.
This commit cleans up the OCP config by removing all configuration
except those component binaries required to run kube-bench on OCP
installations and adds missing ones.
This commit is contained in:
Abubakr-Sadik Nii Nai Davis 2019-03-06 11:52:13 +00:00
parent 2d4019aabe
commit 53ed68a0b2
2 changed files with 5 additions and 10 deletions

View File

@ -11,25 +11,20 @@ master:
apiserver: apiserver:
bins: bins:
- openshift start master api - openshift start master api
defaultconf: /etc/origin/master/master-config.yaml
scheduler: scheduler:
bins: bins:
- openshift start master controllers - openshift start master controllers
defaultconf: /etc/origin/master/master-config.yaml
controllermanager: controllermanager:
bins: bins:
- openshift start master controllers - openshift start master controllers
defaultconf: /etc/origin/master/master-config.yaml
etcd:
defaultconf: /etc/kubernetes/manifests/etcd.yaml
node: node:
kubelet: kubelet:
defaultconf: /etc/kubernetes/kubelet.conf bins:
defaultsvc: /etc/systemd/system/kubelet.service.d/10-kubeadm.conf - openshift start network
proxy: proxy:
defaultconf: /etc/kubernetes/addons/kube-proxy-daemonset.yaml bins:
- openshift start network

View File

@ -1043,7 +1043,7 @@ groups:
remediation: | remediation: |
On the etcd server node, get the etcd data directory, passed as an argument --data-dir , On the etcd server node, get the etcd data directory, passed as an argument --data-dir ,
from the below command: from the below command:
ps -ef | grep $etcdbin ps -ef | grep etcd
Run the below command (based on the etcd data directory found above). For example, Run the below command (based on the etcd data directory found above). For example,
chmod 700 /var/lib/etcd chmod 700 /var/lib/etcd
scored: true scored: true