mirror of
https://github.com/aquasecurity/kube-bench.git
synced 2024-12-21 14:18:06 +00:00
a15e8acaa3
* Add config entries for GKE 1.6 controls * Add gke1.6 control plane recommendations * Add gke-1.6.0 worker node recommendations * Add gke-1.6.0 policy recommendations * Add managed services and policy recommendation * Add master recommendations * Fix formatting across gke-1.6.0 files * Add gke-1.6.0 benchmark selection based on k8s version * Workaround: hardcode kubelet config path for gke-1.6.0 * Fix tests for makeIPTablesUtilChaings * Change scored field for all node tests to true * Fix kubelet file permission to check for --------- Co-authored-by: afdesk <work@afdesk.com>
6.9 KiB
6.9 KiB
CIS Kubernetes Benchmark support
kube-bench supports running tests for Kubernetes. Most of our supported benchmarks are defined in one of the following: CIS Kubernetes Benchmarks STIG Document Library
Some defined by other hardenening guides.
Source | Kubernetes Benchmark | kube-bench config | Kubernetes versions |
---|---|---|---|
CIS | 1.5.1 | cis-1.5 | 1.15 |
CIS | 1.6.0 | cis-1.6 | 1.16-1.18 |
CIS | 1.20 | cis-1.20 | 1.19-1.21 |
CIS | 1.23 | cis-1.23 | 1.22-1.23 |
CIS | 1.24 | cis-1.24 | 1.24 |
CIS | 1.7 | cis-1.7 | 1.25 |
CIS | 1.8 | cis-1.8 | 1.26 |
CIS | 1.9 | cis-1.9 | 1.27-1.29 |
CIS | GKE 1.0.0 | gke-1.0 | GKE |
CIS | GKE 1.2.0 | gke-1.2.0 | GKE |
CIS | GKE 1.6.0 | gke-1.6.0 | GKE |
CIS | EKS 1.0.1 | eks-1.0.1 | EKS |
CIS | EKS 1.1.0 | eks-1.1.0 | EKS |
CIS | EKS 1.2.0 | eks-1.2.0 | EKS |
CIS | ACK 1.0.0 | ack-1.0 | ACK |
CIS | AKS 1.0.0 | aks-1.0 | AKS |
RHEL | RedHat OpenShift hardening guide | rh-0.7 | OCP 3.10-3.11 |
CIS | OCP4 1.1.0 | rh-1.0 | OCP 4.1- |
CIS | 1.6.0-k3s | cis-1.6-k3s | k3s v1.16-v1.24 |
DISA | Kubernetes Ver 1, Rel 6 | eks-stig-kubernetes-v1r6 | EKS |
CIS | TKGI 1.2.53 | tkgi-1.2.53 | vmware |
CIS | 1.7.0-rke | rke-cis-1.7 | rke v1.25-v1.27 |
CIS | 1.7.0-rke2 | rke2-cis-1.6 | rke2 v1.25-v1.27 |
CIS | 1.7.0-k3s | k3s-cis-1.7 | k3s v1.25-v1.27 |