From 83b80a5816bffa6bb89641d3c9900c8d9bbf34e4 Mon Sep 17 00:00:00 2001
From: bjrara <bjrara@sina.com>
Date: Mon, 2 Nov 2020 15:41:07 +0800
Subject: [PATCH] automate check 3.2.1 Ensure that a minimal audit policy is
 created (#742)

Co-authored-by: mengyzhou <mengyzhou@ebay.com>
---
 cfg/cis-1.5/controlplane.yaml         |  6 +++++-
 cfg/cis-1.6/controlplane.yaml         |  6 +++++-
 cfg/config.yaml                       | 10 +++++++++-
 integration/testdata/cis-1.5/job.data |  6 +++---
 4 files changed, 22 insertions(+), 6 deletions(-)

diff --git a/cfg/cis-1.5/controlplane.yaml b/cfg/cis-1.5/controlplane.yaml
index 94bfff7..51c2612 100644
--- a/cfg/cis-1.5/controlplane.yaml
+++ b/cfg/cis-1.5/controlplane.yaml
@@ -21,7 +21,11 @@ groups:
     checks:
       - id: 3.2.1
         text: "Ensure that a minimal audit policy is created (Scored)"
-        type: "manual"
+        audit: "/bin/ps -ef | grep $apiserverbin | grep -v grep"
+        tests:
+          test_items:
+            - flag: "--audit-policy-file"
+              set: true
         remediation: |
           Create an audit policy file for your cluster.
         scored: true
diff --git a/cfg/cis-1.6/controlplane.yaml b/cfg/cis-1.6/controlplane.yaml
index c116fdb..d4038c3 100644
--- a/cfg/cis-1.6/controlplane.yaml
+++ b/cfg/cis-1.6/controlplane.yaml
@@ -21,7 +21,11 @@ groups:
     checks:
       - id: 3.2.1
         text: "Ensure that a minimal audit policy is created (Manual)"
-        type: "manual"
+        audit: "/bin/ps -ef | grep $apiserverbin | grep -v grep"
+        tests:
+          test_items:
+            - flag: "--audit-policy-file"
+              set: true
         remediation: |
           Create an audit policy file for your cluster.
         scored: false
diff --git a/cfg/config.yaml b/cfg/config.yaml
index 52360fb..c25c103 100644
--- a/cfg/config.yaml
+++ b/cfg/config.yaml
@@ -186,7 +186,15 @@ etcd:
     defaultconf: /etc/kubernetes/manifests/etcd.yaml
 
 controlplane:
-  components: []
+  components:
+    - apiserver
+
+  apiserver:
+    bins:
+      - "kube-apiserver"
+      - "hyperkube apiserver"
+      - "hyperkube kube-apiserver"
+      - "apiserver"
 
 policies:
   components: []
diff --git a/integration/testdata/cis-1.5/job.data b/integration/testdata/cis-1.5/job.data
index 89d6d35..e3a6456 100644
--- a/integration/testdata/cis-1.5/job.data
+++ b/integration/testdata/cis-1.5/job.data
@@ -193,7 +193,7 @@ on the master node and set the below parameter.
 [INFO] 3.1 Authentication and Authorization
 [WARN] 3.1.1 Client certificate authentication should not be used for users (Not Scored)
 [INFO] 3.2 Logging
-[WARN] 3.2.1 Ensure that a minimal audit policy is created (Scored)
+[FAIL] 3.2.1 Ensure that a minimal audit policy is created (Scored)
 [WARN] 3.2.2 Ensure that the audit policy covers key security concerns (Not Scored)
 
 == Remediations ==
@@ -208,8 +208,8 @@ minimum.
 
 == Summary ==
 0 checks PASS
-0 checks FAIL
-3 checks WARN
+1 checks FAIL
+2 checks WARN
 0 checks INFO
 [INFO] 4 Worker Node Security Configuration
 [INFO] 4.1 Worker Node Configuration Files