arno/kube-bench
1
0
Fork 0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-12-18 12:48:08 +00:00
Code Issues Releases Wiki Activity

Fixes bugs on tests 2.1.4 and 2.1.5 - 1.13-json (#365)

Browse Source 
* Adds bin_op to Test 2.1.4

* Adds bin_op to Test 2.1.5
This commit is contained in:
Roberto Rojas 2019-07-13 02:35:44 -04:00 committed by Liz Rice
parent b649588f46
commit c87c5cfb51
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
cfg/1.13-json/node.yaml
View File

@ -74,12 +74,15 @@ groups:
text: "Ensure that the --read-only-port argument is set to 0 (Scored)"
audit: "cat $kubeletconf"
tests:
bin_op: or
test_items:
- path: "{.readOnlyPort}"
compare:
op: eq
value: 0
set: true
- path: "{.readOnlyPort}"
set: false
remediation: |
If using a Kubelet config file, edit the file to set readOnlyPort to 0 .
If using command line arguments, edit the kubelet service file
@ -95,12 +98,15 @@ groups:
text: "Ensure that the --streaming-connection-idle-timeout argument is not set to 0 (Scored)"
audit: "cat $kubeletconf"
tests:
bin_op: or
test_items:
- path: "{.streamingConnectionIdleTimeout}"
compare:
op: noteq
value: 0
set: true
- path: "{.streamingConnectionIdleTimeout}"
set: false
remediation: |
If using a Kubelet config file, edit the file to set streamingConnectionIdleTimeout to a
value other than 0.