master.yaml: Add --audit-policy-file check for 1.1.37. (#440)

* master.yaml: Add --audit-policy-file check for 1.1.37.

Signed-off-by: Simarpreet Singh <simar@linux.com>

* fix-177: fix line endings

Signed-off-by: Simarpreet Singh <simar@linux.com>
pull/456/head^2
Simarpreet Singh 5 years ago committed by GitHub
parent 3964377a80
commit d77eab2234
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -613,7 +613,7 @@ groups:
--admission-control-config-file=<path/to/configuration/file>
scored: true
- id: 1.1.37
- id: 1.1.37a
text: "Ensure that the AdvancedAuditing argument is not set to false (Scored)"
audit: "ps -ef | grep $apiserverbin | grep -v grep"
tests:
@ -633,6 +633,23 @@ groups:
--audit-policy-file=/etc/kubernetes/audit-policy.yaml
scored: true
- id: 1.1.37b
text: "Ensure that the AdvancedAuditing argument is not set to false (Scored)"
audit: "ps -ef | grep $apiserverbin | grep -v grep"
tests:
test_items:
- flag: "--audit-policy-file"
compare:
op: eq
value: "/etc/kubernetes/audit-policy.yaml"
set: true
remediation: |
Follow the Kubernetes documentation and set the desired audit policy in the
/etc/kubernetes/audit-policy.yaml file. Then, edit the API server pod specification file $apiserverconf
and set the below parameters.
--audit-policy-file=/etc/kubernetes/audit-policy.yaml
scored: true
- id: 1.1.38
text: "Ensure that the --request-timeout argument is set as appropriate (Scored)"
audit: "ps -ef | grep $apiserverbin | grep -v grep"

@ -618,7 +618,7 @@ groups:
--admission-control-config-file=<path/to/configuration/file>
scored: true
- id: 1.1.37
- id: 1.1.37a
text: "Ensure that the AdvancedAuditing argument is not set to false (Scored)"
audit: "ps -ef | grep $apiserverbin | grep -v grep"
tests:
@ -638,6 +638,23 @@ groups:
--audit-policy-file=/etc/kubernetes/audit-policy.yaml
scored: true
- id: 1.1.37b
text: "Ensure that the AdvancedAuditing argument is not set to false (Scored)"
audit: "ps -ef | grep $apiserverbin | grep -v grep"
tests:
test_items:
- flag: "--audit-policy-file"
compare:
op: eq
value: "/etc/kubernetes/audit-policy.yaml"
set: true
remediation: |
Follow the Kubernetes documentation and set the desired audit policy in the
/etc/kubernetes/audit-policy.yaml file. Then, edit the API server pod specification file $apiserverconf
and set the below parameters.
--audit-policy-file=/etc/kubernetes/audit-policy.yaml
scored: true
- id: 1.1.38
text: "Ensure that the --request-timeout argument is set as appropriate (Scored)"
audit: "ps -ef | grep $apiserverbin | grep -v grep"

Loading…
Cancel
Save