You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Within the /cfg/cis-1.24/master.yaml; the test/audit for CIS 1.1.20 will search recursively in /etc/kubernetes/pki/ for any '*.crt' and validate permissions are '600'.
If you are running a stacked etcd setup, this will include the /etc/kubernetes/pki/etcd/ folder
The remediation suggested command would only rectify the top level folder
How did you run kube-bench?
Install Kubeadm environment
Copy kube-bench/v0.6.12/job.yaml locally
Modify job.yaml to include to run on master/control-plane (attached)
WARNING: This version information is deprecated and will be replaced with the output from kubectl version --short. Use --output=yaml|json to get the full version.
Client Version: version.Info{Major:"1", Minor:"24", GitVersion:"v1.24.2", GitCommit:"f66044f4361b9f1f96f0053dd46cb7dce5e990a8", GitTreeState:"clean", BuildDate:"2022-06-15T14:22:29Z", GoVersion:"go1.18.3", Compiler:"gc", Platform:"linux/amd64"}
Kustomize Version: v4.5.4
Server Version: version.Info{Major:"1", Minor:"24", GitVersion:"v1.24.2", GitCommit:"f66044f4361b9f1f96f0053dd46cb7dce5e990a8", GitTreeState:"clean", BuildDate:"2022-06-15T14:15:38Z", GoVersion:"go1.18.3", Compiler:"gc", Platform:"linux/amd64"}
The text was updated successfully, but these errors were encountered:
Overview
/cfg/cis-1.24/master.yaml
; the test/audit for CIS 1.1.20 will search recursively in/etc/kubernetes/pki/
for any '*.crt' and validate permissions are '600'./etc/kubernetes/pki/etcd/
folderHow did you run kube-bench?
job_v1.24.0_master.txt
What happened?
CIS 1.1.20 test fails/warns
CIS Kubernetes v1.24-1.0.0 (09-21-2022):
Audit:
ls -laR /etc/kubernetes/pki/*.crt
Kube-bench v0.6.12 cfg/cis-1.24/master.yaml - 1.1.20:
audit: "find /etc/kubernetes/pki/ -name '*.crt' | xargs stat -c permissions=%a"
/etc/kubernetes/pki/ permissions:
What did you expect to happen:
sudo find /etc/kubernetes/pki/ -name '*.crt' -type f -exec chmod 600 {} \;
Environment
Kube-bench version: Kubernetes deployment branch:0.6.12
Kubernetes version:
The text was updated successfully, but these errors were encountered: