diff --git a/cfg/cis-1.20/node.yaml b/cfg/cis-1.20/node.yaml index 8963e2a..aa12820 100644 --- a/cfg/cis-1.20/node.yaml +++ b/cfg/cis-1.20/node.yaml @@ -84,7 +84,7 @@ groups: scored: true - id: 4.1.6 - text: "Ensure that the --kubeconfig kubelet.conf file ownership is set to root:root (Manual)" + text: "Ensure that the --kubeconfig kubelet.conf file ownership is set to root:root (Automated)" audit: '/bin/sh -c ''if test -e $kubeletkubeconfig; then stat -c %U:%G $kubeletkubeconfig; fi'' ' tests: test_items: @@ -93,7 +93,7 @@ groups: Run the below command (based on the file location on your system) on the each worker node. For example, chown root:root $kubeletkubeconfig - scored: false + scored: true - id: 4.1.7 text: "Ensure that the certificate authorities file permissions are set to 644 or more restrictive (Manual)" diff --git a/integration/testdata/Expected_output.data b/integration/testdata/Expected_output.data index 0281037..1dd154e 100644 --- a/integration/testdata/Expected_output.data +++ b/integration/testdata/Expected_output.data @@ -224,7 +224,7 @@ minimum. [PASS] 4.1.3 If proxy kubeconfig file exists ensure permissions are set to 644 or more restrictive (Manual) [PASS] 4.1.4 If proxy kubeconfig file exists ensure ownership is set to root:root (Manual) [PASS] 4.1.5 Ensure that the --kubeconfig kubelet.conf file permissions are set to 644 or more restrictive (Automated) -[PASS] 4.1.6 Ensure that the --kubeconfig kubelet.conf file ownership is set to root:root (Manual) +[PASS] 4.1.6 Ensure that the --kubeconfig kubelet.conf file ownership is set to root:root (Automated) [PASS] 4.1.7 Ensure that the certificate authorities file permissions are set to 644 or more restrictive (Manual) [PASS] 4.1.8 Ensure that the client certificate authorities file ownership is set to root:root (Manual) [PASS] 4.1.9 Ensure that the kubelet --config configuration file has permissions set to 644 or more restrictive (Automated)