|
|
|
@ -496,7 +496,7 @@ groups:
|
|
|
|
|
remediation: |
|
|
|
|
|
Edit the API server pod specification file $apiserverconf
|
|
|
|
|
on the master node and set the below parameter.
|
|
|
|
|
--tls-cipher- suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM _SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM _SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM _SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256
|
|
|
|
|
--tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256
|
|
|
|
|
scored: false
|
|
|
|
|
|
|
|
|
|
- id: 1.1.31
|
|
|
|
@ -1422,7 +1422,7 @@ groups:
|
|
|
|
|
scored: false
|
|
|
|
|
|
|
|
|
|
- id: 1.7.5
|
|
|
|
|
text: " Do not admit containers with allowPrivilegeEscalation (Not Scored)"
|
|
|
|
|
text: "Do not admit containers with allowPrivilegeEscalation (Not Scored)"
|
|
|
|
|
type: "manual"
|
|
|
|
|
remediation: |
|
|
|
|
|
Create a PSP as described in the Kubernetes documentation, ensuring that the .spec.allowPrivilegeEscalation field is omitted or set to false.
|
|
|
|
|