|
|
|
@ -9,18 +9,18 @@ groups:
|
|
|
|
|
text: "Control Plane Node Configuration Files"
|
|
|
|
|
checks:
|
|
|
|
|
- id: 1.1.1
|
|
|
|
|
text: "Ensure that the API server pod specification file permissions are set to 644 or more restrictive (Automated)"
|
|
|
|
|
text: "Ensure that the API server pod specification file permissions are set to 600 or more restrictive (Automated)"
|
|
|
|
|
audit: "/bin/sh -c 'if test -e $apiserverconf; then stat -c permissions=%a $apiserverconf; fi'"
|
|
|
|
|
tests:
|
|
|
|
|
test_items:
|
|
|
|
|
- flag: "permissions"
|
|
|
|
|
compare:
|
|
|
|
|
op: bitmask
|
|
|
|
|
value: "644"
|
|
|
|
|
value: "600"
|
|
|
|
|
remediation: |
|
|
|
|
|
Run the below command (based on the file location on your system) on the
|
|
|
|
|
control plane node.
|
|
|
|
|
For example, chmod 644 $apiserverconf
|
|
|
|
|
For example, chmod 600 $apiserverconf
|
|
|
|
|
scored: true
|
|
|
|
|
|
|
|
|
|
- id: 1.1.2
|
|
|
|
|