1
0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-12-23 23:18:33 +00:00

Updated check to pass if flag isn't set (#379)

This commit is contained in:
mwwolters 2019-08-09 10:24:20 -07:00 committed by Liz Rice
parent f8b2f6c841
commit 787bf6ca4d
2 changed files with 6 additions and 0 deletions

View File

@ -441,12 +441,15 @@ groups:
text: "Ensure that the admission control plugin ServiceAccount is set(Scored)" text: "Ensure that the admission control plugin ServiceAccount is set(Scored)"
audit: "ps -ef | grep $apiserverbin | grep -v grep" audit: "ps -ef | grep $apiserverbin | grep -v grep"
tests: tests:
bin_op: or
test_items: test_items:
- flag: "--enable-admission-plugins" - flag: "--enable-admission-plugins"
compare: compare:
op: has op: has
value: "ServiceAccount" value: "ServiceAccount"
set: true set: true
- flag: "--enable-admission-plugins"
set: false
remediation: | remediation: |
Follow the documentation and create ServiceAccount objects as per your environment. Follow the documentation and create ServiceAccount objects as per your environment.
Then, edit the API server pod specification file $apiserverconf Then, edit the API server pod specification file $apiserverconf

View File

@ -445,12 +445,15 @@ groups:
text: "Ensure that the admission control plugin ServiceAccount is set(Scored)" text: "Ensure that the admission control plugin ServiceAccount is set(Scored)"
audit: "ps -ef | grep $apiserverbin | grep -v grep" audit: "ps -ef | grep $apiserverbin | grep -v grep"
tests: tests:
bin_op: or
test_items: test_items:
- flag: "--enable-admission-plugins" - flag: "--enable-admission-plugins"
compare: compare:
op: has op: has
value: "ServiceAccount" value: "ServiceAccount"
set: true set: true
- flag: "--enable-admission-plugins"
set: false
remediation: | remediation: |
Follow the documentation and create ServiceAccount objects as per your environment. Follow the documentation and create ServiceAccount objects as per your environment.
Then, edit the API server pod specification file $apiserverconf Then, edit the API server pod specification file $apiserverconf