1
0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-12-21 14:18:06 +00:00
kube-bench/docs/platforms.md
Abubakr-Sadik Nii Nai Davis a15e8acaa3
Add GKE 1.6 CIS benchmark for GCP environment (#1672)
* Add config entries for GKE 1.6 controls

* Add gke1.6 control plane recommendations

* Add gke-1.6.0 worker node recommendations

* Add gke-1.6.0 policy recommendations

* Add managed services and policy recommendation

* Add master recommendations

* Fix formatting across gke-1.6.0 files

* Add gke-1.6.0 benchmark selection based on k8s version

* Workaround: hardcode kubelet config path for gke-1.6.0

* Fix tests for makeIPTablesUtilChaings

* Change scored field for all node tests to true

* Fix kubelet file permission to check for

---------

Co-authored-by: afdesk <work@afdesk.com>
2024-10-11 10:49:35 +06:00

6.9 KiB

CIS Kubernetes Benchmark support

kube-bench supports running tests for Kubernetes. Most of our supported benchmarks are defined in one of the following: CIS Kubernetes Benchmarks STIG Document Library

Some defined by other hardenening guides.

Source Kubernetes Benchmark kube-bench config Kubernetes versions
CIS 1.5.1 cis-1.5 1.15
CIS 1.6.0 cis-1.6 1.16-1.18
CIS 1.20 cis-1.20 1.19-1.21
CIS 1.23 cis-1.23 1.22-1.23
CIS 1.24 cis-1.24 1.24
CIS 1.7 cis-1.7 1.25
CIS 1.8 cis-1.8 1.26
CIS 1.9 cis-1.9 1.27-1.29
CIS GKE 1.0.0 gke-1.0 GKE
CIS GKE 1.2.0 gke-1.2.0 GKE
CIS GKE 1.6.0 gke-1.6.0 GKE
CIS EKS 1.0.1 eks-1.0.1 EKS
CIS EKS 1.1.0 eks-1.1.0 EKS
CIS EKS 1.2.0 eks-1.2.0 EKS
CIS ACK 1.0.0 ack-1.0 ACK
CIS AKS 1.0.0 aks-1.0 AKS
RHEL RedHat OpenShift hardening guide rh-0.7 OCP 3.10-3.11
CIS OCP4 1.1.0 rh-1.0 OCP 4.1-
CIS 1.6.0-k3s cis-1.6-k3s k3s v1.16-v1.24
DISA Kubernetes Ver 1, Rel 6 eks-stig-kubernetes-v1r6 EKS
CIS TKGI 1.2.53 tkgi-1.2.53 vmware
CIS 1.7.0-rke rke-cis-1.7 rke v1.25-v1.27
CIS 1.7.0-rke2 rke2-cis-1.6 rke2 v1.25-v1.27
CIS 1.7.0-k3s k3s-cis-1.7 k3s v1.25-v1.27