kube-bench

mirror of https://github.com/aquasecurity/kube-bench.git synced 2025-01-15 10:11:08 +00:00

History

Andy Pitcher 3a2348eba7 Add CIS Kubernetes CIS-1.10 for k8s v1.28 - v1.31 (#1753 ) * Create cis-1.10 yamls and Update info - Modify yaml versions from 1.9 to 1.10 - Adapt configmap to cover cis-1.10 - Adapt docs and cmd files * Adapt master.yaml - 1.2.29 update cipher list to remove the following insecure ones (RC4-Based, 3DES-Based, RSA-Based AES CBC): TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA ticket: https://workbench.cisecurity.org/community/43/tickets/21760 * Adapt policies.yaml - 5.1.11 typo in sub-resource name 'certificatesigningrequest' https://workbench.cisecurity.org/tickets/21352 - 5.2.2 new audit to verify if a container is privileged or not. https://workbench.cisecurity.org/tickets/20919 - 5.2.3 new audit to verify the presence of hostPID opt-in across all pods. https://workbench.cisecurity.org/tickets/20919 - 5.2.4 new audit to verify the presence of hostIPC opt-in across all pods. https://workbench.cisecurity.org/tickets/20923 - 5.2.5 new audit to verify the presence of hostNetwork opt-in across all pods. https://workbench.cisecurity.org/tickets/20921 - 5.2.6 new audit to verify the presence of 'allowPrivilegeEscalation' to true across all pods' container(s) - 5.2.6 the 'allowPrivilegeEscalation' setting is moved from 'spec' to 'securityContext' https://workbench.cisecurity.org/tickets/20922 - 5.2.9 new audit to verify the presence of added capabilities across all pods' container(s) * Fix 5.2.6 remediation		2025-01-13 11:18:15 +06:00
..
ack-1.0	fix: correct TLSCipherSuites to tlsCipherSuites (#1703 )	2024-10-16 11:50:10 +06:00
aks-1.0	Fixed typo in policies.yaml (#1113 )	2022-03-13 09:27:25 +02:00
cis-1.5	fix: correct TLSCipherSuites to tlsCipherSuites (#1703 )	2024-10-16 11:50:10 +06:00
cis-1.6	fix: correct TLSCipherSuites to tlsCipherSuites (#1703 )	2024-10-16 11:50:10 +06:00
cis-1.6-k3s	Fix to empty grep and other cis-1.6-k3s checks (#1352 )	2023-01-13 18:06:57 +02:00
cis-1.7	fix: correct TLSCipherSuites to tlsCipherSuites (#1703 )	2024-10-16 11:50:10 +06:00
cis-1.8	fix: correct TLSCipherSuites to tlsCipherSuites (#1703 )	2024-10-16 11:50:10 +06:00
cis-1.9	fix: correct TLSCipherSuites to tlsCipherSuites (#1703 )	2024-10-16 11:50:10 +06:00
cis-1.10	Add CIS Kubernetes CIS-1.10 for k8s v1.28 - v1.31 (#1753 )	2025-01-13 11:18:15 +06:00
cis-1.20	fix: correct TLSCipherSuites to tlsCipherSuites (#1703 )	2024-10-16 11:50:10 +06:00
cis-1.23	fix: correct TLSCipherSuites to tlsCipherSuites (#1703 )	2024-10-16 11:50:10 +06:00
cis-1.24	Ensure 127.0.0.1 for the --bind-address parameter (#1723 )	2024-11-18 09:56:28 +06:00
cis-1.24-microk8s	fix: correct TLSCipherSuites to tlsCipherSuites (#1703 )	2024-10-16 11:50:10 +06:00
eks-1.0.1	Fixed typo in policies.yaml (#1113 )	2022-03-13 09:27:25 +02:00
eks-1.1.0	Support CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.1.0 (#1222 )	2022-09-15 09:04:54 +03:00
eks-1.2.0	support CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.2.0 (#1449 )	2023-05-21 17:53:58 +03:00
eks-1.5.0	feat: CIS EKS 1.5.0 (#1653 )	2025-01-10 15:18:50 +06:00
eks-stig-kubernetes-v1r6	Adding eks-stig-kubernetes-v1r6 (#1266 )	2022-09-14 17:40:48 +03:00
gke-1.0	Fixed typo in policies.yaml (#1113 )	2022-03-13 09:27:25 +02:00
gke-1.2.0	Fixed typo in policies.yaml (#1113 )	2022-03-13 09:27:25 +02:00
gke-1.6.0	Add GKE 1.6 CIS benchmark for GCP environment (#1672 )	2024-10-11 10:49:35 +06:00
k3s-cis-1.7	fix: k3s-cis-*- CHECK 4.2.1-4.2.3 (#1739 )	2024-12-06 13:29:34 +06:00
k3s-cis-1.8	fix: k3s-cis-*- CHECK 4.2.1-4.2.3 (#1739 )	2024-12-06 13:29:34 +06:00
k3s-cis-1.23	fix: k3s-cis-*- CHECK 4.2.1-4.2.3 (#1739 )	2024-12-06 13:29:34 +06:00
k3s-cis-1.24	fix: k3s-cis-*- CHECK 4.2.1-4.2.3 (#1739 )	2024-12-06 13:29:34 +06:00
rh-0.7	Fix experimental-encryption-provider-config test on OCP 3.11 - Issue #926 (#1024 )	2021-10-27 12:56:00 +03:00
rh-1.0	fix: rh-1.0 check 4.1.3 typo (#1652 )	2024-10-04 13:42:56 +06:00
rke2-cis-1.7	fix: correct TLSCipherSuites to tlsCipherSuites (#1703 )	2024-10-16 11:50:10 +06:00
rke2-cis-1.23	fix: correct TLSCipherSuites to tlsCipherSuites (#1703 )	2024-10-16 11:50:10 +06:00
rke2-cis-1.24	fix: correct TLSCipherSuites to tlsCipherSuites (#1703 )	2024-10-16 11:50:10 +06:00
rke-cis-1.7	fix: change the folder name for certificate files in rke-cis-1.7	2024-12-09 11:16:04 +06:00
rke-cis-1.23	fix: change the folder name for certificate files in rke-1.23 and rke-1.24, fixes #1747 (#1749 )	2024-12-16 11:44:08 +06:00
rke-cis-1.24	fix: change the folder name for certificate files in rke-1.23 and rke-1.24, fixes #1747 (#1749 )	2024-12-16 11:44:08 +06:00
tkgi-1.2.53	fix: correct TLSCipherSuites to tlsCipherSuites (#1703 )	2024-10-16 11:50:10 +06:00
config.yaml	Add CIS Kubernetes CIS-1.10 for k8s v1.28 - v1.31 (#1753 )	2025-01-13 11:18:15 +06:00