1
0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-11-23 00:28:07 +00:00

Merge branch 'master' into doc-kubectl-host-pid

This commit is contained in:
Liz Rice 2019-01-02 10:59:19 +00:00 committed by GitHub
commit 9f2899027e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -496,7 +496,7 @@ groups:
remediation: |
Edit the API server pod specification file $apiserverconf
on the master node and set the below parameter.
--tls-cipher- suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM _SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM _SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM _SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256
--tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256
scored: false
- id: 1.1.31
@ -1422,7 +1422,7 @@ groups:
scored: false
- id: 1.7.5
text: " Do not admit containers with allowPrivilegeEscalation (Not Scored)"
text: "Do not admit containers with allowPrivilegeEscalation (Not Scored)"
type: "manual"
remediation: |
Create a PSP as described in the Kubernetes documentation, ensuring that the .spec.allowPrivilegeEscalation field is omitted or set to false.