1
0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-11-22 16:18:07 +00:00

Change check 1.15

Check is successful in case --kubelet-https is set to true OR missing
This commit is contained in:
Amir Jerbi 2017-06-20 13:29:58 +03:00
parent 1ad63cb4e6
commit eefa0dfb61

View File

@ -64,11 +64,14 @@ groups:
audit: "ps -ef | grep kube-apiserver | grep -v grep" audit: "ps -ef | grep kube-apiserver | grep -v grep"
tests: tests:
test_items: test_items:
bin_flag: or
- flag: "--kubelet-https" - flag: "--kubelet-https"
compare: compare:
op: eq op: eq
value: true value: true
set: true set: true
- flag: "--kubelet-https"
set: false
remediation: "Edit the $kubeConfDir/apiserver file on the master node and remove remediation: "Edit the $kubeConfDir/apiserver file on the master node and remove
the --kubelet-https argument from the KUBE_API_ARGS parameter." the --kubelet-https argument from the KUBE_API_ARGS parameter."
scored: true scored: true