mirror of
https://github.com/aquasecurity/kube-bench.git
synced 2024-12-27 08:58:06 +00:00
Changed 1.1.14 to not fail when flag is not set
Added another test item that checks whether --disable-admission-plugins is not set and an "or" bin_op. This causes check 1.1.14 to be successful when the flag is not set, while still failing when the flag is set and includes the value NamespaceLifecycle
This commit is contained in:
parent
f6cab11357
commit
791fbba9e7
@ -220,12 +220,15 @@ groups:
|
|||||||
text: "Ensure that the admission control plugin NamespaceLifecycle is set (Scored)"
|
text: "Ensure that the admission control plugin NamespaceLifecycle is set (Scored)"
|
||||||
audit: "ps -ef | grep $apiserverbin | grep -v grep"
|
audit: "ps -ef | grep $apiserverbin | grep -v grep"
|
||||||
tests:
|
tests:
|
||||||
|
bin_op: or
|
||||||
test_items:
|
test_items:
|
||||||
- flag: "--disable-admission-plugins"
|
- flag: "--disable-admission-plugins"
|
||||||
compare:
|
compare:
|
||||||
op: nothave
|
op: nothave
|
||||||
value: "NamespaceLifecycle"
|
value: "NamespaceLifecycle"
|
||||||
set: true
|
set: true
|
||||||
|
- flag: "--disable-admission-plugins"
|
||||||
|
set: false
|
||||||
remediation: |
|
remediation: |
|
||||||
Edit the API server pod specification file $apiserverconf
|
Edit the API server pod specification file $apiserverconf
|
||||||
on the master node and set the --disable-admission-plugins parameter to
|
on the master node and set the --disable-admission-plugins parameter to
|
||||||
|
Loading…
Reference in New Issue
Block a user