mirror of
https://github.com/aquasecurity/kube-bench.git
synced 2024-12-24 15:38:06 +00:00
7280438eb5
* Add new cis version yamls Add new cis version yamls * Add new cis version yamls * Add cis-1.6 to versions table * support version mapping cis-1.6 * support version mapping cis-1.6 * Update controlplane.yaml * Update etcd.yaml * Update node.yaml * Update policies.yaml * Create job.data * Create job-node.data * Create job-master.data * Create add-tls-kind.yaml * Change node version to 1.15.0 * Add tests for cis-1.6 * Delete node_only.yaml * Change tests 1.1.19-1.1.21 Change 1.1.19-1.1.21 because failing tests * Update job.data * Update job-master.data * Update job-master.data * Update job.data * fix 1.2.35 remediation tabs instead of spaces * Update job-master.data * Remove extra space * Update job.data * Create node_only.yaml * Add tests for cis-1.6 Add tests for cis-1.6 and change some from 1,5 to 1.6 * Fix typo * Add mapping for cis-1.6 * Remove extra space in 1.2.35 remediation * Update job.data * Update job-master.data * Fix type 1.2.35 * Remove trailing spaces * Remove trailing spaces * Remove trailing spaces * Remove trailing spaces * Add version 1.19 kubernetes support * Add version 1.19 kubernetes support * Add version 1.19 kubernetes support
36 lines
1.0 KiB
YAML
36 lines
1.0 KiB
YAML
---
|
|
controls:
|
|
version: 1.6
|
|
id: 3
|
|
text: "Control Plane Configuration"
|
|
type: "controlplane"
|
|
groups:
|
|
- id: 3.1
|
|
text: "Authentication and Authorization"
|
|
checks:
|
|
- id: 3.1.1
|
|
text: "Client certificate authentication should not be used for users (Manual)"
|
|
type: "manual"
|
|
remediation: |
|
|
Alternative mechanisms provided by Kubernetes such as the use of OIDC should be
|
|
implemented in place of client certificates.
|
|
scored: false
|
|
|
|
- id: 3.2
|
|
text: "Logging"
|
|
checks:
|
|
- id: 3.2.1
|
|
text: "Ensure that a minimal audit policy is created (Manual)"
|
|
type: "manual"
|
|
remediation: |
|
|
Create an audit policy file for your cluster.
|
|
scored: false
|
|
|
|
- id: 3.2.2
|
|
text: "Ensure that the audit policy covers key security concerns (Manual)"
|
|
type: "manual"
|
|
remediation: |
|
|
Consider modification of the audit policy in use on the cluster to include these items, at a
|
|
minimum.
|
|
scored: false
|