diff --git a/cfg/cis-1.6/master.yaml b/cfg/cis-1.6/master.yaml index b1bf0b5..8f07ced 100644 --- a/cfg/cis-1.6/master.yaml +++ b/cfg/cis-1.6/master.yaml @@ -254,7 +254,7 @@ groups: use_multiple_values: true tests: test_items: - - flag: "root root" + - flag: "root:root" remediation: | Run the below command (based on the file location on your system) on the master node. For example, diff --git a/integration/testdata/cis-1.6/job-master.data b/integration/testdata/cis-1.6/job-master.data index f4ddebf..ffdc510 100644 --- a/integration/testdata/cis-1.6/job-master.data +++ b/integration/testdata/cis-1.6/job-master.data @@ -18,7 +18,7 @@ [PASS] 1.1.16 Ensure that the scheduler.conf file ownership is set to root:root (Automated) [PASS] 1.1.17 Ensure that the controller-manager.conf file permissions are set to 644 or more restrictive (Automated) [PASS] 1.1.18 Ensure that the controller-manager.conf file ownership is set to root:root (Automated) -[FAIL] 1.1.19 Ensure that the Kubernetes PKI directory and file ownership is set to root:root (Automated) +[PASS] 1.1.19 Ensure that the Kubernetes PKI directory and file ownership is set to root:root (Automated) [PASS] 1.1.20 Ensure that the Kubernetes PKI certificate file permissions are set to 644 or more restrictive (Manual) [PASS] 1.1.21 Ensure that the Kubernetes PKI key file permissions are set to 600 (Manual) [INFO] 1.2 API Server @@ -84,10 +84,6 @@ ps -ef | grep etcd Run the below command (based on the etcd data directory found above). For example, chown etcd:etcd /var/lib/etcd -1.1.19 Run the below command (based on the file location on your system) on the master node. -For example, -chown -R root:root /etc/kubernetes/pki/ - 1.2.1 Edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml on the master node and set the below parameter. --anonymous-auth=false @@ -177,7 +173,7 @@ on the master node and set the below parameter. == Summary == -43 checks PASS -12 checks FAIL +44 checks PASS +11 checks FAIL 10 checks WARN 0 checks INFO diff --git a/integration/testdata/cis-1.6/job.data b/integration/testdata/cis-1.6/job.data index 5b809d7..04a1c55 100644 --- a/integration/testdata/cis-1.6/job.data +++ b/integration/testdata/cis-1.6/job.data @@ -18,7 +18,7 @@ [PASS] 1.1.16 Ensure that the scheduler.conf file ownership is set to root:root (Automated) [PASS] 1.1.17 Ensure that the controller-manager.conf file permissions are set to 644 or more restrictive (Automated) [PASS] 1.1.18 Ensure that the controller-manager.conf file ownership is set to root:root (Automated) -[FAIL] 1.1.19 Ensure that the Kubernetes PKI directory and file ownership is set to root:root (Automated) +[PASS] 1.1.19 Ensure that the Kubernetes PKI directory and file ownership is set to root:root (Automated) [PASS] 1.1.20 Ensure that the Kubernetes PKI certificate file permissions are set to 644 or more restrictive (Manual) [PASS] 1.1.21 Ensure that the Kubernetes PKI key file permissions are set to 600 (Manual) [INFO] 1.2 API Server @@ -84,10 +84,6 @@ ps -ef | grep etcd Run the below command (based on the etcd data directory found above). For example, chown etcd:etcd /var/lib/etcd -1.1.19 Run the below command (based on the file location on your system) on the master node. -For example, -chown -R root:root /etc/kubernetes/pki/ - 1.2.1 Edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml on the master node and set the below parameter. --anonymous-auth=false @@ -177,8 +173,8 @@ on the master node and set the below parameter. == Summary == -43 checks PASS -12 checks FAIL +44 checks PASS +11 checks FAIL 10 checks WARN 0 checks INFO [INFO] 2 Etcd Node Configuration