mirror of
https://github.com/aquasecurity/kube-bench.git
synced 2024-11-28 10:58:20 +00:00
automate check 3.2.1 Ensure that a minimal audit policy is created (#742)
Co-authored-by: mengyzhou <mengyzhou@ebay.com>
This commit is contained in:
parent
aa2a6f08f3
commit
83b80a5816
@ -21,7 +21,11 @@ groups:
|
|||||||
checks:
|
checks:
|
||||||
- id: 3.2.1
|
- id: 3.2.1
|
||||||
text: "Ensure that a minimal audit policy is created (Scored)"
|
text: "Ensure that a minimal audit policy is created (Scored)"
|
||||||
type: "manual"
|
audit: "/bin/ps -ef | grep $apiserverbin | grep -v grep"
|
||||||
|
tests:
|
||||||
|
test_items:
|
||||||
|
- flag: "--audit-policy-file"
|
||||||
|
set: true
|
||||||
remediation: |
|
remediation: |
|
||||||
Create an audit policy file for your cluster.
|
Create an audit policy file for your cluster.
|
||||||
scored: true
|
scored: true
|
||||||
|
@ -21,7 +21,11 @@ groups:
|
|||||||
checks:
|
checks:
|
||||||
- id: 3.2.1
|
- id: 3.2.1
|
||||||
text: "Ensure that a minimal audit policy is created (Manual)"
|
text: "Ensure that a minimal audit policy is created (Manual)"
|
||||||
type: "manual"
|
audit: "/bin/ps -ef | grep $apiserverbin | grep -v grep"
|
||||||
|
tests:
|
||||||
|
test_items:
|
||||||
|
- flag: "--audit-policy-file"
|
||||||
|
set: true
|
||||||
remediation: |
|
remediation: |
|
||||||
Create an audit policy file for your cluster.
|
Create an audit policy file for your cluster.
|
||||||
scored: false
|
scored: false
|
||||||
|
@ -186,7 +186,15 @@ etcd:
|
|||||||
defaultconf: /etc/kubernetes/manifests/etcd.yaml
|
defaultconf: /etc/kubernetes/manifests/etcd.yaml
|
||||||
|
|
||||||
controlplane:
|
controlplane:
|
||||||
components: []
|
components:
|
||||||
|
- apiserver
|
||||||
|
|
||||||
|
apiserver:
|
||||||
|
bins:
|
||||||
|
- "kube-apiserver"
|
||||||
|
- "hyperkube apiserver"
|
||||||
|
- "hyperkube kube-apiserver"
|
||||||
|
- "apiserver"
|
||||||
|
|
||||||
policies:
|
policies:
|
||||||
components: []
|
components: []
|
||||||
|
6
integration/testdata/cis-1.5/job.data
vendored
6
integration/testdata/cis-1.5/job.data
vendored
@ -193,7 +193,7 @@ on the master node and set the below parameter.
|
|||||||
[INFO] 3.1 Authentication and Authorization
|
[INFO] 3.1 Authentication and Authorization
|
||||||
[WARN] 3.1.1 Client certificate authentication should not be used for users (Not Scored)
|
[WARN] 3.1.1 Client certificate authentication should not be used for users (Not Scored)
|
||||||
[INFO] 3.2 Logging
|
[INFO] 3.2 Logging
|
||||||
[WARN] 3.2.1 Ensure that a minimal audit policy is created (Scored)
|
[FAIL] 3.2.1 Ensure that a minimal audit policy is created (Scored)
|
||||||
[WARN] 3.2.2 Ensure that the audit policy covers key security concerns (Not Scored)
|
[WARN] 3.2.2 Ensure that the audit policy covers key security concerns (Not Scored)
|
||||||
|
|
||||||
== Remediations ==
|
== Remediations ==
|
||||||
@ -208,8 +208,8 @@ minimum.
|
|||||||
|
|
||||||
== Summary ==
|
== Summary ==
|
||||||
0 checks PASS
|
0 checks PASS
|
||||||
0 checks FAIL
|
1 checks FAIL
|
||||||
3 checks WARN
|
2 checks WARN
|
||||||
0 checks INFO
|
0 checks INFO
|
||||||
[INFO] 4 Worker Node Security Configuration
|
[INFO] 4 Worker Node Security Configuration
|
||||||
[INFO] 4.1 Worker Node Configuration Files
|
[INFO] 4.1 Worker Node Configuration Files
|
||||||
|
Loading…
Reference in New Issue
Block a user