|
|
@ -226,11 +226,12 @@ groups:
|
|
|
|
scored: true
|
|
|
|
scored: true
|
|
|
|
|
|
|
|
|
|
|
|
- id: 2.1.11
|
|
|
|
- id: 2.1.11
|
|
|
|
text: "Ensure that the --cadvisor-port argument is set to 0 (Scored)"
|
|
|
|
text: "[DEPRECATED] Ensure that the --cadvisor-port argument is set to 0"
|
|
|
|
# This is one of those properties that can only be set as a command line argument.
|
|
|
|
# This is one of those properties that can only be set as a command line argument.
|
|
|
|
# To check if the property is set as expected, we need to parse the kubelet command
|
|
|
|
# To check if the property is set as expected, we need to parse the kubelet command
|
|
|
|
# instead reading the Kubelet Configuration file.
|
|
|
|
# instead reading the Kubelet Configuration file.
|
|
|
|
audit: "ps -fC $kubeletbin"
|
|
|
|
audit: "ps -fC $kubeletbin"
|
|
|
|
|
|
|
|
type: skip
|
|
|
|
tests:
|
|
|
|
tests:
|
|
|
|
bin_op: or
|
|
|
|
bin_op: or
|
|
|
|
test_items:
|
|
|
|
test_items:
|
|
|
@ -248,7 +249,7 @@ groups:
|
|
|
|
Based on your system, restart the kubelet service. For example:
|
|
|
|
Based on your system, restart the kubelet service. For example:
|
|
|
|
systemctl daemon-reload
|
|
|
|
systemctl daemon-reload
|
|
|
|
systemctl restart kubelet.service
|
|
|
|
systemctl restart kubelet.service
|
|
|
|
scored: true
|
|
|
|
scored: false
|
|
|
|
|
|
|
|
|
|
|
|
- id: 2.1.12
|
|
|
|
- id: 2.1.12
|
|
|
|
text: "Ensure that the --rotate-certificates argument is not set to false (Scored)"
|
|
|
|
text: "Ensure that the --rotate-certificates argument is not set to false (Scored)"
|
|
|
|