From e50de8145c60f50df526f614cc9f8f4433c1cfff Mon Sep 17 00:00:00 2001 From: Huang Huang Date: Sun, 3 Oct 2021 18:00:58 +0800 Subject: [PATCH] Fix status of cis-1.20 1.2.25 should be Manual (#1010) * fix status of cis-1.20 1.2.25 should be Manual * Fix tests Co-authored-by: Yoav Rotem --- cfg/cis-1.20/master.yaml | 4 ++-- integration/testdata/Expected_output.data | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/cfg/cis-1.20/master.yaml b/cfg/cis-1.20/master.yaml index 96df150..032f858 100644 --- a/cfg/cis-1.20/master.yaml +++ b/cfg/cis-1.20/master.yaml @@ -699,7 +699,7 @@ groups: scored: true - id: 1.2.25 - text: "Ensure that the --request-timeout argument is set as appropriate (Automated)" + text: "Ensure that the --request-timeout argument is set as appropriate (Manual)" audit: "/bin/ps -ef | grep $apiserverbin | grep -v grep" type: manual remediation: | @@ -707,7 +707,7 @@ groups: and set the below parameter as appropriate and if needed. For example, --request-timeout=300s - scored: true + scored: false - id: 1.2.26 text: "Ensure that the --service-account-lookup argument is set to true (Automated)" diff --git a/integration/testdata/Expected_output.data b/integration/testdata/Expected_output.data index a2e35d3..0281037 100644 --- a/integration/testdata/Expected_output.data +++ b/integration/testdata/Expected_output.data @@ -46,7 +46,7 @@ [FAIL] 1.2.22 Ensure that the --audit-log-maxage argument is set to 30 or as appropriate (Automated) [FAIL] 1.2.23 Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate (Automated) [FAIL] 1.2.24 Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate (Automated) -[WARN] 1.2.25 Ensure that the --request-timeout argument is set as appropriate (Automated) +[WARN] 1.2.25 Ensure that the --request-timeout argument is set as appropriate (Manual) [PASS] 1.2.26 Ensure that the --service-account-lookup argument is set to true (Automated) [PASS] 1.2.27 Ensure that the --service-account-key-file argument is set as appropriate (Automated) [PASS] 1.2.28 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate (Automated)