mirror of
https://github.com/aquasecurity/kube-bench.git
synced 2025-01-15 10:11:08 +00:00
3a2348eba7
* Create cis-1.10 yamls and Update info
- Modify yaml versions from 1.9 to 1.10
- Adapt configmap to cover cis-1.10
- Adapt docs and cmd files
* Adapt master.yaml
- 1.2.29 update cipher list to remove the following insecure ones (RC4-Based, 3DES-Based, RSA-Based AES CBC):
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA256,
TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_RSA_WITH_AES_256_CBC_SHA,
TLS_RSA_WITH_RC4_128_SHA,
TLS_ECDHE_RSA_WITH_RC4_128_SHA
ticket: https://workbench.cisecurity.org/community/43/tickets/21760
* Adapt policies.yaml
- 5.1.11 typo in sub-resource name 'certificatesigningrequest' https://workbench.cisecurity.org/tickets/21352
- 5.2.2 new audit to verify if a container is privileged or not. https://workbench.cisecurity.org/tickets/20919
- 5.2.3 new audit to verify the presence of hostPID opt-in across all pods. https://workbench.cisecurity.org/tickets/20919
- 5.2.4 new audit to verify the presence of hostIPC opt-in across all pods. https://workbench.cisecurity.org/tickets/20923
- 5.2.5 new audit to verify the presence of hostNetwork opt-in across all pods. https://workbench.cisecurity.org/tickets/20921
- 5.2.6 new audit to verify the presence of 'allowPrivilegeEscalation' to true across all pods' container(s)
- 5.2.6 the 'allowPrivilegeEscalation' setting is moved from 'spec' to 'securityContext' https://workbench.cisecurity.org/tickets/20922
- 5.2.9 new audit to verify the presence of added capabilities across all pods' container(s)
* Fix 5.2.6 remediation
|
||
|---|---|---|
| .. | ||
| testdata | ||
| common_test.go | ||
| common.go | ||
| database.go | ||
| kubernetes_version_test.go | ||
| kubernetes_version.go | ||
| root.go | ||
| run_test.go | ||
| run.go | ||
| securityHub.go | ||
| util_test.go | ||
| util.go | ||
| version.go | ||