arno
/
kube-bench
mirror of https://github.com/aquasecurity/kube-bench.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Change check 1.15

Browse Source 
Check is successful in case --kubelet-https is set to true OR missing
pull/6/head
Amir Jerbi 7 years ago
parent 1ad63cb4e6
commit eefa0dfb61
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File

5
cfg/master.yaml
Unescape View File

@ -59,16 +59,19 @@ groups:
the --insecure-allow-any-token argument from the KUBE_API_ARGS parameter."
scored: true
- id: 1.1.5
- id: 1.1.5
text: "Ensure that the --kubelet-https argument is set to true (Scored)"
audit: "ps -ef | grep kube-apiserver | grep -v grep"
tests:
test_items:
bin_flag: or
- flag: "--kubelet-https"
compare:
op: eq
value: true
set: true
- flag: "--kubelet-https"
set: false
remediation: "Edit the $kubeConfDir/apiserver file on the master node and remove
the --kubelet-https argument from the KUBE_API_ARGS parameter."
scored: true

Write Preview
Loading…
Cancel
Save