arno/kube-bench
1
0
Fork 0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2025-02-21 12:02:30 +00:00
Code Issues Releases Wiki Activity

Fixes issue #407 (#409)

Browse Source 
* fixes issue #407

* fixes issue #407
This commit is contained in:
Roberto Rojas 2019-08-30 12:33:14 -04:00 committed by Liz Rice
parent 13dfa15ad6
commit ec3b1076c0
2 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
cfg/1.11-json/node.yaml
View File

@ -436,6 +436,10 @@ groups:
Run the below command (based on the file location on your system) on the each worker Run the below command (based on the file location on your system) on the each worker
node. For example, node. For example,
chmod 644 $proxykubeconfig chmod 644 $proxykubeconfig
Note - This test reports "FAIL" if kube-proxy has been configured
using a kubernetes configMap. Only under this situation, the "FAIL" can safely be ignored
as the kube-proxy does not expose the kubeconfig file to the worker node.
scored: true scored: true
- id: 2.2.6 - id: 2.2.6
@ -449,6 +453,10 @@ groups:
Run the below command (based on the file location on your system) on the each worker Run the below command (based on the file location on your system) on the each worker
node. For example, node. For example,
chown root:root $proxykubeconfig chown root:root $proxykubeconfig
Note - This test reports "FAIL" if kube-proxy has been configured
using a kubernetes configMap. Only under this situation, the "FAIL" can safely be ignored
as the kube-proxy does not expose the kubeconfig file to the worker node.
scored: true scored: true
- id: 2.2.7 - id: 2.2.7

8
cfg/1.13-json/node.yaml
View File

@ -417,6 +417,10 @@ groups:
Run the below command (based on the file location on your system) on the each worker Run the below command (based on the file location on your system) on the each worker
node. For example, node. For example,
chmod 644 $proxykubeconfig chmod 644 $proxykubeconfig
Note - This test reports "FAIL" if kube-proxy has been configured
using a kubernetes configMap. Only under this situation, the "FAIL" can safely be ignored
as the kube-proxy does not expose the kubeconfig file to the worker node.
scored: true scored: true
- id: 2.2.6 - id: 2.2.6
@ -430,6 +434,10 @@ groups:
Run the below command (based on the file location on your system) on the each worker Run the below command (based on the file location on your system) on the each worker
node. For example, node. For example,
chown root:root $proxykubeconfig chown root:root $proxykubeconfig
Note - This test reports "FAIL" if kube-proxy has been configured
using a kubernetes configMap. Only under this situation, the "FAIL" can safely be ignored
as the kube-proxy does not expose the kubeconfig file to the worker node.
scored: true scored: true
- id: 2.2.7 - id: 2.2.7