mirror of
https://github.com/aquasecurity/kube-bench.git
synced 2024-12-23 23:18:33 +00:00
Updated check to pass if flag isn't set (#379)
This commit is contained in:
parent
f8b2f6c841
commit
787bf6ca4d
@ -441,12 +441,15 @@ groups:
|
|||||||
text: "Ensure that the admission control plugin ServiceAccount is set(Scored)"
|
text: "Ensure that the admission control plugin ServiceAccount is set(Scored)"
|
||||||
audit: "ps -ef | grep $apiserverbin | grep -v grep"
|
audit: "ps -ef | grep $apiserverbin | grep -v grep"
|
||||||
tests:
|
tests:
|
||||||
|
bin_op: or
|
||||||
test_items:
|
test_items:
|
||||||
- flag: "--enable-admission-plugins"
|
- flag: "--enable-admission-plugins"
|
||||||
compare:
|
compare:
|
||||||
op: has
|
op: has
|
||||||
value: "ServiceAccount"
|
value: "ServiceAccount"
|
||||||
set: true
|
set: true
|
||||||
|
- flag: "--enable-admission-plugins"
|
||||||
|
set: false
|
||||||
remediation: |
|
remediation: |
|
||||||
Follow the documentation and create ServiceAccount objects as per your environment.
|
Follow the documentation and create ServiceAccount objects as per your environment.
|
||||||
Then, edit the API server pod specification file $apiserverconf
|
Then, edit the API server pod specification file $apiserverconf
|
||||||
|
@ -445,12 +445,15 @@ groups:
|
|||||||
text: "Ensure that the admission control plugin ServiceAccount is set(Scored)"
|
text: "Ensure that the admission control plugin ServiceAccount is set(Scored)"
|
||||||
audit: "ps -ef | grep $apiserverbin | grep -v grep"
|
audit: "ps -ef | grep $apiserverbin | grep -v grep"
|
||||||
tests:
|
tests:
|
||||||
|
bin_op: or
|
||||||
test_items:
|
test_items:
|
||||||
- flag: "--enable-admission-plugins"
|
- flag: "--enable-admission-plugins"
|
||||||
compare:
|
compare:
|
||||||
op: has
|
op: has
|
||||||
value: "ServiceAccount"
|
value: "ServiceAccount"
|
||||||
set: true
|
set: true
|
||||||
|
- flag: "--enable-admission-plugins"
|
||||||
|
set: false
|
||||||
remediation: |
|
remediation: |
|
||||||
Follow the documentation and create ServiceAccount objects as per your environment.
|
Follow the documentation and create ServiceAccount objects as per your environment.
|
||||||
Then, edit the API server pod specification file $apiserverconf
|
Then, edit the API server pod specification file $apiserverconf
|
||||||
|
Loading…
Reference in New Issue
Block a user