arno/kube-bench
1
0
Fork 0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-11-22 08:08:07 +00:00
Code Issues Releases Wiki Activity

Fix typo of 1.1.19 in cis-1.6 (#728)

Browse Source
This commit is contained in:
Huang Huang 2020-10-09 22:39:05 +08:00 committed by GitHub
parent 8207532d16
commit ff0ce661a8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 7 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cfg/cis-1.6/master.yaml
View File

@ -254,7 +254,7 @@ groups:
use_multiple_values: true use_multiple_values: true
tests: tests:
test_items: test_items:
- flag: "root root" - flag: "root:root"
remediation: | remediation: |
Run the below command (based on the file location on your system) on the master node. Run the below command (based on the file location on your system) on the master node.
For example, For example,

10
integration/testdata/cis-1.6/job-master.data vendored
View File

@ -18,7 +18,7 @@
[PASS] 1.1.16 Ensure that the scheduler.conf file ownership is set to root:root (Automated) [PASS] 1.1.16 Ensure that the scheduler.conf file ownership is set to root:root (Automated)
[PASS] 1.1.17 Ensure that the controller-manager.conf file permissions are set to 644 or more restrictive (Automated) [PASS] 1.1.17 Ensure that the controller-manager.conf file permissions are set to 644 or more restrictive (Automated)
[PASS] 1.1.18 Ensure that the controller-manager.conf file ownership is set to root:root (Automated) [PASS] 1.1.18 Ensure that the controller-manager.conf file ownership is set to root:root (Automated)
[FAIL] 1.1.19 Ensure that the Kubernetes PKI directory and file ownership is set to root:root (Automated) [PASS] 1.1.19 Ensure that the Kubernetes PKI directory and file ownership is set to root:root (Automated)
[PASS] 1.1.20 Ensure that the Kubernetes PKI certificate file permissions are set to 644 or more restrictive (Manual) [PASS] 1.1.20 Ensure that the Kubernetes PKI certificate file permissions are set to 644 or more restrictive (Manual)
[PASS] 1.1.21 Ensure that the Kubernetes PKI key file permissions are set to 600 (Manual) [PASS] 1.1.21 Ensure that the Kubernetes PKI key file permissions are set to 600 (Manual)
[INFO] 1.2 API Server [INFO] 1.2 API Server
@ -84,10 +84,6 @@ ps -ef | grep etcd
Run the below command (based on the etcd data directory found above). Run the below command (based on the etcd data directory found above).
For example, chown etcd:etcd /var/lib/etcd For example, chown etcd:etcd /var/lib/etcd
1.1.19 Run the below command (based on the file location on your system) on the master node.
For example,
chown -R root:root /etc/kubernetes/pki/
1.2.1 Edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml 1.2.1 Edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml
on the master node and set the below parameter. on the master node and set the below parameter.
--anonymous-auth=false --anonymous-auth=false
@ -177,7 +173,7 @@ on the master node and set the below parameter.
== Summary == == Summary ==
43 checks PASS 44 checks PASS
12 checks FAIL 11 checks FAIL
10 checks WARN 10 checks WARN
0 checks INFO 0 checks INFO

10
integration/testdata/cis-1.6/job.data vendored
View File

@ -18,7 +18,7 @@
[PASS] 1.1.16 Ensure that the scheduler.conf file ownership is set to root:root (Automated) [PASS] 1.1.16 Ensure that the scheduler.conf file ownership is set to root:root (Automated)
[PASS] 1.1.17 Ensure that the controller-manager.conf file permissions are set to 644 or more restrictive (Automated) [PASS] 1.1.17 Ensure that the controller-manager.conf file permissions are set to 644 or more restrictive (Automated)
[PASS] 1.1.18 Ensure that the controller-manager.conf file ownership is set to root:root (Automated) [PASS] 1.1.18 Ensure that the controller-manager.conf file ownership is set to root:root (Automated)
[FAIL] 1.1.19 Ensure that the Kubernetes PKI directory and file ownership is set to root:root (Automated) [PASS] 1.1.19 Ensure that the Kubernetes PKI directory and file ownership is set to root:root (Automated)
[PASS] 1.1.20 Ensure that the Kubernetes PKI certificate file permissions are set to 644 or more restrictive (Manual) [PASS] 1.1.20 Ensure that the Kubernetes PKI certificate file permissions are set to 644 or more restrictive (Manual)
[PASS] 1.1.21 Ensure that the Kubernetes PKI key file permissions are set to 600 (Manual) [PASS] 1.1.21 Ensure that the Kubernetes PKI key file permissions are set to 600 (Manual)
[INFO] 1.2 API Server [INFO] 1.2 API Server
@ -84,10 +84,6 @@ ps -ef | grep etcd
Run the below command (based on the etcd data directory found above). Run the below command (based on the etcd data directory found above).
For example, chown etcd:etcd /var/lib/etcd For example, chown etcd:etcd /var/lib/etcd
1.1.19 Run the below command (based on the file location on your system) on the master node.
For example,
chown -R root:root /etc/kubernetes/pki/
1.2.1 Edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml 1.2.1 Edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml
on the master node and set the below parameter. on the master node and set the below parameter.
--anonymous-auth=false --anonymous-auth=false
@ -177,8 +173,8 @@ on the master node and set the below parameter.
== Summary == == Summary ==
43 checks PASS 44 checks PASS
12 checks FAIL 11 checks FAIL
10 checks WARN 10 checks WARN
0 checks INFO 0 checks INFO
[INFO] 2 Etcd Node Configuration [INFO] 2 Etcd Node Configuration