arno/kube-bench
1
0
Fork 0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-12-19 21:28:07 +00:00
Code Issues Releases Wiki Activity

Automated testing 1.2.34 (#801)

Browse Source 
* Automated testing 1.2.34

Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com>

* Changed automation status in test

Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com>

* Changed one more test

Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com>

* Changed Automated to manual

Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com>
This commit is contained in:
Dmytro Oboznyi 2021-02-11 11:54:41 +02:00 committed by GitHub
parent ed53e56356
commit 6262bc79ec
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
cfg/cis-1.6/master.yaml
View File

@ -819,8 +819,15 @@ groups:
- id: 1.2.34 - id: 1.2.34
text: "Ensure that encryption providers are appropriately configured (Manual)" text: "Ensure that encryption providers are appropriately configured (Manual)"
audit: "/bin/ps -ef | grep $apiserverbin | grep -v grep" audit: |
type: "manual" ENCRYPTION_PROVIDER_CONFIG=$(ps -ef | grep $apiserverbin | grep -- --encryption-provider-config | sed 's%.*encryption-provider-config[= ]\([^ ]*\).*%\1%')
if test -e $ENCRYPTION_PROVIDER_CONFIG; then grep -A1 'providers:' $ENCRYPTION_PROVIDER_CONFIG | tail -n1 | grep -o "[A-Za-z]*" | sed 's/^/provider=/'; fi
tests:
test_items:
- flag: "provider"
compare:
op: valid_elements
value: "aescbc,kms,secretbox"
remediation: | remediation: |
Follow the Kubernetes documentation and configure a EncryptionConfig file. Follow the Kubernetes documentation and configure a EncryptionConfig file.
In this file, choose aescbc, kms or secretbox as the encryption provider. In this file, choose aescbc, kms or secretbox as the encryption provider.