automate check 3.2.1 Ensure that a minimal audit policy is created (#742)

Co-authored-by: mengyzhou <mengyzhou@ebay.com>
2024-11-24 08:58:11 +00:00 · 2020-11-02 15:41:07 +08:00 · 2020-11-02 15:41:07 +08:00 · 83b80a5816
commit 83b80a5816
parent aa2a6f08f3
4 changed files with 22 additions and 6 deletions
--- a/cfg/cis-1.5/controlplane.yaml
+++ b/cfg/cis-1.5/controlplane.yaml
@ -21,7 +21,11 @@ groups:
    checks:
      - id: 3.2.1
        text: "Ensure that a minimal audit policy is created (Scored)"
-        type: "manual"
+        audit: "/bin/ps -ef | grep $apiserverbin | grep -v grep"
+        tests:
+          test_items:
+            - flag: "--audit-policy-file"
+              set: true
        remediation: |
          Create an audit policy file for your cluster.
        scored: true
--- a/cfg/cis-1.6/controlplane.yaml
+++ b/cfg/cis-1.6/controlplane.yaml
@ -21,7 +21,11 @@ groups:
    checks:
      - id: 3.2.1
        text: "Ensure that a minimal audit policy is created (Manual)"
-        type: "manual"
+        audit: "/bin/ps -ef | grep $apiserverbin | grep -v grep"
+        tests:
+          test_items:
+            - flag: "--audit-policy-file"
+              set: true
        remediation: |
          Create an audit policy file for your cluster.
        scored: false
--- a/cfg/config.yaml
+++ b/cfg/config.yaml
@ -186,7 +186,15 @@ etcd:
    defaultconf: /etc/kubernetes/manifests/etcd.yaml

 controlplane:
-  components: []
+  components:
+    - apiserver
+
+  apiserver:
+    bins:
+      - "kube-apiserver"
+      - "hyperkube apiserver"
+      - "hyperkube kube-apiserver"
+      - "apiserver"

 policies:
  components: []
--- a/integration/testdata/cis-1.5/job.data
+++ b/integration/testdata/cis-1.5/job.data
@ -193,7 +193,7 @@ on the master node and set the below parameter.
 [INFO] 3.1 Authentication and Authorization
 [WARN] 3.1.1 Client certificate authentication should not be used for users (Not Scored)
 [INFO] 3.2 Logging
-[WARN] 3.2.1 Ensure that a minimal audit policy is created (Scored)
+[FAIL] 3.2.1 Ensure that a minimal audit policy is created (Scored)
 [WARN] 3.2.2 Ensure that the audit policy covers key security concerns (Not Scored)

 == Remediations ==
@ -208,8 +208,8 @@ minimum.

 == Summary ==
 0 checks PASS
-0 checks FAIL
-3 checks WARN
+1 checks FAIL
+2 checks WARN
 0 checks INFO
 [INFO] 4 Worker Node Security Configuration
 [INFO] 4.1 Worker Node Configuration Files