From fd120d0adf659d47a403c353cfda3a6e72e943e0 Mon Sep 17 00:00:00 2001 From: Martin Mosegaard Amdisen Date: Thu, 27 Dec 2018 14:48:21 +0100 Subject: [PATCH 1/2] Remove spaces in remediation command for tls-cipher-suites Makes it easier to copy-paste the remediation. Matches the other occurences of tls-cipher-suites in the configuration. --- cfg/1.11/master.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cfg/1.11/master.yaml b/cfg/1.11/master.yaml index 11a8b3a..018d318 100644 --- a/cfg/1.11/master.yaml +++ b/cfg/1.11/master.yaml @@ -496,7 +496,7 @@ groups: remediation: | Edit the API server pod specification file $apiserverconf on the master node and set the below parameter. - --tls-cipher- suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM _SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM _SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM _SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256 + --tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256 scored: false - id: 1.1.31 From ffe7ffb3d35be811e91992f08180cfd59a1c0440 Mon Sep 17 00:00:00 2001 From: Colin GILLE Date: Mon, 31 Dec 2018 16:36:15 +0100 Subject: [PATCH 2/2] Type: trailing whitespace for rule text --- cfg/1.11/master.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cfg/1.11/master.yaml b/cfg/1.11/master.yaml index 11a8b3a..68128f2 100644 --- a/cfg/1.11/master.yaml +++ b/cfg/1.11/master.yaml @@ -1422,7 +1422,7 @@ groups: scored: false - id: 1.7.5 - text: " Do not admit containers with allowPrivilegeEscalation (Not Scored)" + text: "Do not admit containers with allowPrivilegeEscalation (Not Scored)" type: "manual" remediation: | Create a PSP as described in the Kubernetes documentation, ensuring that the .spec.allowPrivilegeEscalation field is omitted or set to false.