1
0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-12-18 12:48:08 +00:00

Automated testing 1.2.34 (#801)

* Automated testing 1.2.34

Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com>

* Changed automation status in test

Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com>

* Changed one more test

Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com>

* Changed Automated to manual

Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com>
This commit is contained in:
Dmytro Oboznyi 2021-02-11 11:54:41 +02:00 committed by GitHub
parent ed53e56356
commit 6262bc79ec
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -819,8 +819,15 @@ groups:
- id: 1.2.34
text: "Ensure that encryption providers are appropriately configured (Manual)"
audit: "/bin/ps -ef | grep $apiserverbin | grep -v grep"
type: "manual"
audit: |
ENCRYPTION_PROVIDER_CONFIG=$(ps -ef | grep $apiserverbin | grep -- --encryption-provider-config | sed 's%.*encryption-provider-config[= ]\([^ ]*\).*%\1%')
if test -e $ENCRYPTION_PROVIDER_CONFIG; then grep -A1 'providers:' $ENCRYPTION_PROVIDER_CONFIG | tail -n1 | grep -o "[A-Za-z]*" | sed 's/^/provider=/'; fi
tests:
test_items:
- flag: "provider"
compare:
op: valid_elements
value: "aescbc,kms,secretbox"
remediation: |
Follow the Kubernetes documentation and configure a EncryptionConfig file.
In this file, choose aescbc, kms or secretbox as the encryption provider.