arno
/
kube-bench
mirror of https://github.com/aquasecurity/kube-bench.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Support config files which use .yml file extension (#586)

Browse Source 
Co-authored-by: Roberto Rojas <robertojrojas@gmail.com>
pull/581/head^2
Huang Huang 4 years ago committed by GitHub
parent 0b07f40c9b
commit 70988356c8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 24 additions and 0 deletions
Show Stats Download Patch File Download Diff File

6
cfg/cis-1.3/master.yaml
Unescape View File

@ -637,12 +637,18 @@ groups:
text: "Ensure that the AdvancedAuditing argument is not set to false (Scored)"
audit: "/bin/ps -ef | grep $apiserverbin | grep -v grep"
tests:
bin_op: or
test_items:
- flag: "--audit-policy-file"
compare:
op: eq
value: "/etc/kubernetes/audit-policy.yaml"
set: true
- flag: "--audit-policy-file"
compare:
op: eq
value: "/etc/kubernetes/audit-policy.yml"
set: true
remediation: |
Follow the Kubernetes documentation and set the desired audit policy in the
/etc/kubernetes/audit-policy.yaml file. Then, edit the API server pod specification file $apiserverconf

6
cfg/cis-1.4/master.yaml
Unescape View File

@ -641,12 +641,18 @@ groups:
text: "Ensure that the AdvancedAuditing argument is not set to false (Scored)"
audit: "/bin/ps -ef | grep $apiserverbin | grep -v grep"
tests:
bin_op: or
test_items:
- flag: "--audit-policy-file"
compare:
op: eq
value: "/etc/kubernetes/audit-policy.yaml"
set: true
- flag: "--audit-policy-file"
compare:
op: eq
value: "/etc/kubernetes/audit-policy.yml"
set: true
remediation: |
Follow the Kubernetes documentation and set the desired audit policy in the
/etc/kubernetes/audit-policy.yaml file. Then, edit the API server pod specification file $apiserverconf

10
cfg/config.yaml
Unescape View File

@ -27,6 +27,7 @@ master:
- "apiserver"
confs:
- /etc/kubernetes/manifests/kube-apiserver.yaml
- /etc/kubernetes/manifests/kube-apiserver.yml
- /etc/kubernetes/manifests/kube-apiserver.manifest
- /var/snap/kube-apiserver/current/args
defaultconf: /etc/kubernetes/manifests/kube-apiserver.yaml
@ -39,6 +40,7 @@ master:
- "scheduler"
confs:
- /etc/kubernetes/manifests/kube-scheduler.yaml
- /etc/kubernetes/manifests/kube-scheduler.yml
- /etc/kubernetes/manifests/kube-scheduler.manifest
- /var/snap/kube-scheduler/current/args
defaultconf: /etc/kubernetes/manifests/kube-scheduler.yaml
@ -52,6 +54,7 @@ master:
- "controller-manager"
confs:
- /etc/kubernetes/manifests/kube-controller-manager.yaml
- /etc/kubernetes/manifests/kube-controller-manager.yml
- /etc/kubernetes/manifests/kube-controller-manager.manifest
- /var/snap/kube-controller-manager/current/args
defaultconf: /etc/kubernetes/manifests/kube-controller-manager.yaml
@ -62,9 +65,11 @@ master:
- "etcd"
confs:
- /etc/kubernetes/manifests/etcd.yaml
- /etc/kubernetes/manifests/etcd.yml
- /etc/kubernetes/manifests/etcd.manifest
- /etc/etcd/etcd.conf
- /var/snap/etcd/common/etcd.conf.yml
- /var/snap/etcd/common/etcd.conf.yaml
defaultconf: /etc/kubernetes/manifests/etcd.yaml
flanneld:
@ -104,8 +109,10 @@ node:
- "/etc/kubernetes/kubelet-kubeconfig"
confs:
- "/var/lib/kubelet/config.yaml"
- "/var/lib/kubelet/config.yml"
- "/etc/kubernetes/kubelet/kubelet-config.json"
- "/home/kubernetes/kubelet-config.yaml"
- "/home/kubernetes/kubelet-config.yml"
- "/etc/default/kubelet"
- "/var/lib/kubelet/kubeconfig"
- "/var/snap/kubelet/current/args"
@ -133,6 +140,7 @@ node:
confs:
- /etc/kubernetes/proxy
- /etc/kubernetes/addons/kube-proxy-daemonset.yaml
- /etc/kubernetes/addons/kube-proxy-daemonset.yml
- /var/snap/kube-proxy/current/args
kubeconfig:
- "/etc/kubernetes/kubelet-kubeconfig"
@ -151,9 +159,11 @@ etcd:
- "etcd"
confs:
- /etc/kubernetes/manifests/etcd.yaml
- /etc/kubernetes/manifests/etcd.yml
- /etc/kubernetes/manifests/etcd.manifest
- /etc/etcd/etcd.conf
- /var/snap/etcd/common/etcd.conf.yml
- /var/snap/etcd/common/etcd.conf.yaml
defaultconf: /etc/kubernetes/manifests/etcd.yaml
controlplane:

2
cfg/node_only.yaml
Unescape View File

@ -29,8 +29,10 @@ node:
- "/etc/kubernetes/kubelet-kubeconfig"
confs:
- "/var/lib/kubelet/config.yaml"
- "/var/lib/kubelet/config.yml"
- "/etc/kubernetes/kubelet/kubelet-config.json"
- "/home/kubernetes/kubelet-config.yaml"
- "/home/kubernetes/kubelet-config.yml"
- "/etc/default/kubelet"
## Due to the fact that the kubelet might be configured
## without a kubelet-config file, we use a work-around

Write Preview
Loading…
Cancel
Save