mirror of
https://github.com/aquasecurity/kube-bench.git
synced 2024-11-22 16:18:07 +00:00
Change check 1.15
Check is successful in case --kubelet-https is set to true OR missing
This commit is contained in:
parent
1ad63cb4e6
commit
eefa0dfb61
@ -64,11 +64,14 @@ groups:
|
|||||||
audit: "ps -ef | grep kube-apiserver | grep -v grep"
|
audit: "ps -ef | grep kube-apiserver | grep -v grep"
|
||||||
tests:
|
tests:
|
||||||
test_items:
|
test_items:
|
||||||
|
bin_flag: or
|
||||||
- flag: "--kubelet-https"
|
- flag: "--kubelet-https"
|
||||||
compare:
|
compare:
|
||||||
op: eq
|
op: eq
|
||||||
value: true
|
value: true
|
||||||
set: true
|
set: true
|
||||||
|
- flag: "--kubelet-https"
|
||||||
|
set: false
|
||||||
remediation: "Edit the $kubeConfDir/apiserver file on the master node and remove
|
remediation: "Edit the $kubeConfDir/apiserver file on the master node and remove
|
||||||
the --kubelet-https argument from the KUBE_API_ARGS parameter."
|
the --kubelet-https argument from the KUBE_API_ARGS parameter."
|
||||||
scored: true
|
scored: true
|
||||||
|
Loading…
Reference in New Issue
Block a user