mirror of
https://github.com/aquasecurity/kube-bench.git
synced 2024-12-18 12:48:08 +00:00
Automated testing 1.2.34 (#801)
* Automated testing 1.2.34 Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com> * Changed automation status in test Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com> * Changed one more test Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com> * Changed Automated to manual Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com>
This commit is contained in:
parent
ed53e56356
commit
6262bc79ec
@ -819,8 +819,15 @@ groups:
|
||||
|
||||
- id: 1.2.34
|
||||
text: "Ensure that encryption providers are appropriately configured (Manual)"
|
||||
audit: "/bin/ps -ef | grep $apiserverbin | grep -v grep"
|
||||
type: "manual"
|
||||
audit: |
|
||||
ENCRYPTION_PROVIDER_CONFIG=$(ps -ef | grep $apiserverbin | grep -- --encryption-provider-config | sed 's%.*encryption-provider-config[= ]\([^ ]*\).*%\1%')
|
||||
if test -e $ENCRYPTION_PROVIDER_CONFIG; then grep -A1 'providers:' $ENCRYPTION_PROVIDER_CONFIG | tail -n1 | grep -o "[A-Za-z]*" | sed 's/^/provider=/'; fi
|
||||
tests:
|
||||
test_items:
|
||||
- flag: "provider"
|
||||
compare:
|
||||
op: valid_elements
|
||||
value: "aescbc,kms,secretbox"
|
||||
remediation: |
|
||||
Follow the Kubernetes documentation and configure a EncryptionConfig file.
|
||||
In this file, choose aescbc, kms or secretbox as the encryption provider.
|
||||
|
Loading…
Reference in New Issue
Block a user