mirror of
https://github.com/aquasecurity/kube-bench.git
synced 2024-11-24 17:08:14 +00:00
Fix typo of 1.1.19 in cis-1.6 (#728)
This commit is contained in:
parent
8207532d16
commit
ff0ce661a8
@ -254,7 +254,7 @@ groups:
|
|||||||
use_multiple_values: true
|
use_multiple_values: true
|
||||||
tests:
|
tests:
|
||||||
test_items:
|
test_items:
|
||||||
- flag: "root root"
|
- flag: "root:root"
|
||||||
remediation: |
|
remediation: |
|
||||||
Run the below command (based on the file location on your system) on the master node.
|
Run the below command (based on the file location on your system) on the master node.
|
||||||
For example,
|
For example,
|
||||||
|
10
integration/testdata/cis-1.6/job-master.data
vendored
10
integration/testdata/cis-1.6/job-master.data
vendored
@ -18,7 +18,7 @@
|
|||||||
[PASS] 1.1.16 Ensure that the scheduler.conf file ownership is set to root:root (Automated)
|
[PASS] 1.1.16 Ensure that the scheduler.conf file ownership is set to root:root (Automated)
|
||||||
[PASS] 1.1.17 Ensure that the controller-manager.conf file permissions are set to 644 or more restrictive (Automated)
|
[PASS] 1.1.17 Ensure that the controller-manager.conf file permissions are set to 644 or more restrictive (Automated)
|
||||||
[PASS] 1.1.18 Ensure that the controller-manager.conf file ownership is set to root:root (Automated)
|
[PASS] 1.1.18 Ensure that the controller-manager.conf file ownership is set to root:root (Automated)
|
||||||
[FAIL] 1.1.19 Ensure that the Kubernetes PKI directory and file ownership is set to root:root (Automated)
|
[PASS] 1.1.19 Ensure that the Kubernetes PKI directory and file ownership is set to root:root (Automated)
|
||||||
[PASS] 1.1.20 Ensure that the Kubernetes PKI certificate file permissions are set to 644 or more restrictive (Manual)
|
[PASS] 1.1.20 Ensure that the Kubernetes PKI certificate file permissions are set to 644 or more restrictive (Manual)
|
||||||
[PASS] 1.1.21 Ensure that the Kubernetes PKI key file permissions are set to 600 (Manual)
|
[PASS] 1.1.21 Ensure that the Kubernetes PKI key file permissions are set to 600 (Manual)
|
||||||
[INFO] 1.2 API Server
|
[INFO] 1.2 API Server
|
||||||
@ -84,10 +84,6 @@ ps -ef | grep etcd
|
|||||||
Run the below command (based on the etcd data directory found above).
|
Run the below command (based on the etcd data directory found above).
|
||||||
For example, chown etcd:etcd /var/lib/etcd
|
For example, chown etcd:etcd /var/lib/etcd
|
||||||
|
|
||||||
1.1.19 Run the below command (based on the file location on your system) on the master node.
|
|
||||||
For example,
|
|
||||||
chown -R root:root /etc/kubernetes/pki/
|
|
||||||
|
|
||||||
1.2.1 Edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml
|
1.2.1 Edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml
|
||||||
on the master node and set the below parameter.
|
on the master node and set the below parameter.
|
||||||
--anonymous-auth=false
|
--anonymous-auth=false
|
||||||
@ -177,7 +173,7 @@ on the master node and set the below parameter.
|
|||||||
|
|
||||||
|
|
||||||
== Summary ==
|
== Summary ==
|
||||||
43 checks PASS
|
44 checks PASS
|
||||||
12 checks FAIL
|
11 checks FAIL
|
||||||
10 checks WARN
|
10 checks WARN
|
||||||
0 checks INFO
|
0 checks INFO
|
||||||
|
10
integration/testdata/cis-1.6/job.data
vendored
10
integration/testdata/cis-1.6/job.data
vendored
@ -18,7 +18,7 @@
|
|||||||
[PASS] 1.1.16 Ensure that the scheduler.conf file ownership is set to root:root (Automated)
|
[PASS] 1.1.16 Ensure that the scheduler.conf file ownership is set to root:root (Automated)
|
||||||
[PASS] 1.1.17 Ensure that the controller-manager.conf file permissions are set to 644 or more restrictive (Automated)
|
[PASS] 1.1.17 Ensure that the controller-manager.conf file permissions are set to 644 or more restrictive (Automated)
|
||||||
[PASS] 1.1.18 Ensure that the controller-manager.conf file ownership is set to root:root (Automated)
|
[PASS] 1.1.18 Ensure that the controller-manager.conf file ownership is set to root:root (Automated)
|
||||||
[FAIL] 1.1.19 Ensure that the Kubernetes PKI directory and file ownership is set to root:root (Automated)
|
[PASS] 1.1.19 Ensure that the Kubernetes PKI directory and file ownership is set to root:root (Automated)
|
||||||
[PASS] 1.1.20 Ensure that the Kubernetes PKI certificate file permissions are set to 644 or more restrictive (Manual)
|
[PASS] 1.1.20 Ensure that the Kubernetes PKI certificate file permissions are set to 644 or more restrictive (Manual)
|
||||||
[PASS] 1.1.21 Ensure that the Kubernetes PKI key file permissions are set to 600 (Manual)
|
[PASS] 1.1.21 Ensure that the Kubernetes PKI key file permissions are set to 600 (Manual)
|
||||||
[INFO] 1.2 API Server
|
[INFO] 1.2 API Server
|
||||||
@ -84,10 +84,6 @@ ps -ef | grep etcd
|
|||||||
Run the below command (based on the etcd data directory found above).
|
Run the below command (based on the etcd data directory found above).
|
||||||
For example, chown etcd:etcd /var/lib/etcd
|
For example, chown etcd:etcd /var/lib/etcd
|
||||||
|
|
||||||
1.1.19 Run the below command (based on the file location on your system) on the master node.
|
|
||||||
For example,
|
|
||||||
chown -R root:root /etc/kubernetes/pki/
|
|
||||||
|
|
||||||
1.2.1 Edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml
|
1.2.1 Edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml
|
||||||
on the master node and set the below parameter.
|
on the master node and set the below parameter.
|
||||||
--anonymous-auth=false
|
--anonymous-auth=false
|
||||||
@ -177,8 +173,8 @@ on the master node and set the below parameter.
|
|||||||
|
|
||||||
|
|
||||||
== Summary ==
|
== Summary ==
|
||||||
43 checks PASS
|
44 checks PASS
|
||||||
12 checks FAIL
|
11 checks FAIL
|
||||||
10 checks WARN
|
10 checks WARN
|
||||||
0 checks INFO
|
0 checks INFO
|
||||||
[INFO] 2 Etcd Node Configuration
|
[INFO] 2 Etcd Node Configuration
|
||||||
|
Loading…
Reference in New Issue
Block a user