fix 4.2.11 in cis-1.20 should be Automated (#1213)

2 years ago · e6b3eddb03
parent 907d952fb3
commit e6b3eddb03
2 changed files with 3 additions and 3 deletions
--- a/cfg/cis-1.20/node.yaml
+++ b/cfg/cis-1.20/node.yaml
@ -388,7 +388,7 @@ groups:
        scored: false

      - id: 4.2.11
-        text: "Ensure that the --rotate-certificates argument is not set to false (Manual)"
+        text: "Ensure that the --rotate-certificates argument is not set to false (Automated)"
        audit: "/bin/ps -fC $kubeletbin"
        audit_config: "/bin/cat $kubeletconf"
        tests:
@ -412,7 +412,7 @@ groups:
          Based on your system, restart the kubelet service. For example:
          systemctl daemon-reload
          systemctl restart kubelet.service
-        scored: false
+        scored: true

      - id: 4.2.12
        text: "Verify that the RotateKubeletServerCertificate argument is set to true (Manual)"
--- a/integration/testdata/Expected_output.data
+++ b/integration/testdata/Expected_output.data
@ -240,7 +240,7 @@ minimum.
 [PASS] 4.2.8 Ensure that the --hostname-override argument is not set (Manual)
 [WARN] 4.2.9 Ensure that the --event-qps argument is set to 0 or a level which ensures appropriate event capture (Manual)
 [WARN] 4.2.10 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate (Manual)
-[PASS] 4.2.11 Ensure that the --rotate-certificates argument is not set to false (Manual)
+[PASS] 4.2.11 Ensure that the --rotate-certificates argument is not set to false (Automated)
 [PASS] 4.2.12 Verify that the RotateKubeletServerCertificate argument is set to true (Manual)
 [WARN] 4.2.13 Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers (Manual)