arno/kube-bench
1
0
Fork 0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-11-22 16:18:07 +00:00
Code Issues Releases Wiki Activity

Change check 1.15

Browse Source 
Check is successful in case --kubelet-https is set to true OR missing
This commit is contained in:
Amir Jerbi 2017-06-20 13:29:58 +03:00
parent 1ad63cb4e6
commit eefa0dfb61
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
cfg/master.yaml
View File

@ -59,16 +59,19 @@ groups:
the --insecure-allow-any-token argument from the KUBE_API_ARGS parameter." the --insecure-allow-any-token argument from the KUBE_API_ARGS parameter."
scored: true scored: true
- id: 1.1.5 - id: 1.1.5
text: "Ensure that the --kubelet-https argument is set to true (Scored)" text: "Ensure that the --kubelet-https argument is set to true (Scored)"
audit: "ps -ef | grep kube-apiserver | grep -v grep" audit: "ps -ef | grep kube-apiserver | grep -v grep"
tests: tests:
test_items: test_items:
bin_flag: or
- flag: "--kubelet-https" - flag: "--kubelet-https"
compare: compare:
op: eq op: eq
value: true value: true
set: true set: true
- flag: "--kubelet-https"
set: false
remediation: "Edit the $kubeConfDir/apiserver file on the master node and remove remediation: "Edit the $kubeConfDir/apiserver file on the master node and remove
the --kubelet-https argument from the KUBE_API_ARGS parameter." the --kubelet-https argument from the KUBE_API_ARGS parameter."
scored: true scored: true