From 6262bc79ec100c4eee454a5ef57f2c9354a1c9e1 Mon Sep 17 00:00:00 2001 From: Dmytro Oboznyi <55382034+DOboznyi@users.noreply.github.com> Date: Thu, 11 Feb 2021 11:54:41 +0200 Subject: [PATCH] Automated testing 1.2.34 (#801) * Automated testing 1.2.34 Signed-off-by: Dmytro Oboznyi * Changed automation status in test Signed-off-by: Dmytro Oboznyi * Changed one more test Signed-off-by: Dmytro Oboznyi * Changed Automated to manual Signed-off-by: Dmytro Oboznyi --- cfg/cis-1.6/master.yaml | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/cfg/cis-1.6/master.yaml b/cfg/cis-1.6/master.yaml index 989736b..e4f971a 100644 --- a/cfg/cis-1.6/master.yaml +++ b/cfg/cis-1.6/master.yaml @@ -819,8 +819,15 @@ groups: - id: 1.2.34 text: "Ensure that encryption providers are appropriately configured (Manual)" - audit: "/bin/ps -ef | grep $apiserverbin | grep -v grep" - type: "manual" + audit: | + ENCRYPTION_PROVIDER_CONFIG=$(ps -ef | grep $apiserverbin | grep -- --encryption-provider-config | sed 's%.*encryption-provider-config[= ]\([^ ]*\).*%\1%') + if test -e $ENCRYPTION_PROVIDER_CONFIG; then grep -A1 'providers:' $ENCRYPTION_PROVIDER_CONFIG | tail -n1 | grep -o "[A-Za-z]*" | sed 's/^/provider=/'; fi + tests: + test_items: + - flag: "provider" + compare: + op: valid_elements + value: "aescbc,kms,secretbox" remediation: | Follow the Kubernetes documentation and configure a EncryptionConfig file. In this file, choose aescbc, kms or secretbox as the encryption provider.