arno/kube-bench
1
0
Fork 0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-12-18 20:58:10 +00:00
Code Issues Releases Wiki Activity

Updated check to pass if flag isn't set (#375)

Browse Source
This commit is contained in:
mwwolters 2019-07-30 10:09:24 -07:00 committed by Liz Rice
parent 937bfc7b2e
commit 893aa3588c
2 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
cfg/1.11/master.yaml
View File

@ -153,12 +153,15 @@ groups:
text: "Ensure that the admission control plugin AlwaysAdmit is not set (Scored)"
audit: "ps -ef | grep $apiserverbin | grep -v grep"
tests:
bin_op: or
test_items:
- flag: "--enable-admission-plugins"
compare:
op: nothave
value: AlwaysAdmit
set: true
- flag: "--enable-admission-plugins"
set: false
remediation: |
Edit the API server pod specification file $apiserverconf
on the master node and set the --enable-admission-plugins parameter to a

3
cfg/1.13/master.yaml
View File

@ -153,12 +153,15 @@ groups:
text: "Ensure that the admission control plugin AlwaysAdmit is not set (Scored)"
audit: "ps -ef | grep $apiserverbin | grep -v grep"
tests:
bin_op: or
test_items:
- flag: "--enable-admission-plugins"
compare:
op: nothave
value: AlwaysAdmit
set: true
- flag: "--enable-admission-plugins"
set: false
remediation: |
Edit the API server pod specification file $apiserverconf
on the master node and set the --enable-admission-plugins parameter to a