arno/kube-bench
1
0
Fork 0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2025-01-18 11:41:00 +00:00
Code Issues Releases Wiki Activity

Check PodSecurityPolicy when test 1.2.13 of cis-1.5 (#651)

Browse Source
This commit is contained in:
Huang Huang 2020-08-03 15:38:22 +08:00 committed by GitHub
parent db109daf43
commit 5ff32e55eb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
cfg/cis-1.5/master.yaml
View File

@ -520,12 +520,18 @@ groups:
text: "Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used (Not Scored)"
audit: "/bin/ps -ef | grep $apiserverbin | grep -v grep"
tests:
bin_op: or
test_items:
- flag: "--enable-admission-plugins"
compare:
op: has
value: "SecurityContextDeny"
set: true
- flag: "--enable-admission-plugins"
compare:
op: has
value: "PodSecurityPolicy"
set: true
remediation: |
Edit the API server pod specification file $apiserverconf
on the master node and set the --enable-admission-plugins parameter to include