arno/kube-bench
1
0
Fork 0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-11-24 17:08:14 +00:00
Code Issues Releases Wiki Activity

automate check 3.2.1 Ensure that a minimal audit policy is created (#742)

Browse Source 
Co-authored-by: mengyzhou <mengyzhou@ebay.com>
This commit is contained in:
bjrara 2020-11-02 15:41:07 +08:00 committed by GitHub
parent aa2a6f08f3
commit 83b80a5816
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 22 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
cfg/cis-1.5/controlplane.yaml
View File

@ -21,7 +21,11 @@ groups:
checks: checks:
- id: 3.2.1 - id: 3.2.1
text: "Ensure that a minimal audit policy is created (Scored)" text: "Ensure that a minimal audit policy is created (Scored)"
type: "manual" audit: "/bin/ps -ef | grep $apiserverbin | grep -v grep"
tests:
test_items:
- flag: "--audit-policy-file"
set: true
remediation: | remediation: |
Create an audit policy file for your cluster. Create an audit policy file for your cluster.
scored: true scored: true

6
cfg/cis-1.6/controlplane.yaml
View File

@ -21,7 +21,11 @@ groups:
checks: checks:
- id: 3.2.1 - id: 3.2.1
text: "Ensure that a minimal audit policy is created (Manual)" text: "Ensure that a minimal audit policy is created (Manual)"
type: "manual" audit: "/bin/ps -ef | grep $apiserverbin | grep -v grep"
tests:
test_items:
- flag: "--audit-policy-file"
set: true
remediation: | remediation: |
Create an audit policy file for your cluster. Create an audit policy file for your cluster.
scored: false scored: false

10
cfg/config.yaml
View File

@ -186,7 +186,15 @@ etcd:
defaultconf: /etc/kubernetes/manifests/etcd.yaml defaultconf: /etc/kubernetes/manifests/etcd.yaml
controlplane: controlplane:
components: [] components:
- apiserver
apiserver:
bins:
- "kube-apiserver"
- "hyperkube apiserver"
- "hyperkube kube-apiserver"
- "apiserver"
policies: policies:
components: [] components: []

6
integration/testdata/cis-1.5/job.data vendored
View File

@ -193,7 +193,7 @@ on the master node and set the below parameter.
[INFO] 3.1 Authentication and Authorization [INFO] 3.1 Authentication and Authorization
[WARN] 3.1.1 Client certificate authentication should not be used for users (Not Scored) [WARN] 3.1.1 Client certificate authentication should not be used for users (Not Scored)
[INFO] 3.2 Logging [INFO] 3.2 Logging
[WARN] 3.2.1 Ensure that a minimal audit policy is created (Scored) [FAIL] 3.2.1 Ensure that a minimal audit policy is created (Scored)
[WARN] 3.2.2 Ensure that the audit policy covers key security concerns (Not Scored) [WARN] 3.2.2 Ensure that the audit policy covers key security concerns (Not Scored)
== Remediations == == Remediations ==
@ -208,8 +208,8 @@ minimum.
== Summary == == Summary ==
0 checks PASS 0 checks PASS
0 checks FAIL 1 checks FAIL
3 checks WARN 2 checks WARN
0 checks INFO 0 checks INFO
[INFO] 4 Worker Node Security Configuration [INFO] 4 Worker Node Security Configuration
[INFO] 4.1 Worker Node Configuration Files [INFO] 4.1 Worker Node Configuration Files