remediation: "Edit the /etc/kubernetes/apiserver file on the master node and either remove the -secure-port argument from the KUBE_API_ARGS parameter or set it to a different desired port."
scored: true
- id: 1.4.1
text: "Ensure that the apiserver file permissions are set to 644 or more restrictive (Scored)"
audit: "stat -c %a /etc/kubernetes/apiserver"
- id: 8
text: "test flag with arbitrary text"
tests:
test_items:
- flag: "644"
compare:
op: eq
value: "644"
set: true
remediation: "Run the below command (based on the file location on your system) on the master node. For example, chmod 644 /etc/kubernetes/apiserver"
scored: true
- id: 2.1.14
text: "Ensure that the apiserver file permissions are set to 644 or more restrictive (Scored)"
audit: "ps -ef | grep kubelet | grep -v grep"
- id: 9
text: "test permissions"
audit: "/bin/sh -c 'if test -e $config; then stat -c %a $config; fi'"
tests:
bin_op: or
test_items:
- flag: "KubeletClient"
- flag: "644"
compare:
op: eq
value: "644"
set: true
- flag: "640"
compare:
op: eq
value: "640"
set: true
- flag: "600"
compare:
op: eq
value: true
value: "600"
set: true
remediation: "Run the below command (based on the file location on your system) on the master node. For example, chmod 644 /etc/kubernetes/apiserver"
{input:"Here's a file with no substitutions",sub:"blah",subname:"blah",output:"Here's a file with no substitutions"},
{input:"Here's a file with a substitution",sub:"blah",subname:"substitution",output:"Here's a file with a blah"},
{input:"Here's a file with multi-word substitutions",sub:"multi word",subname:"multi-word",output:"Here's a file with 'multi word' substitutions"},
{input:"Here's a file with several several substitutions several",sub:"blah",subname:"several",output:"Here's a file with blah blah substitutions blah"},