Today we using a generic name for policy and rule in multiple policy violation. Need to a have focused name for policy and rule each policy violations
- category: CIS Benchmarks
message: Ensure that the controller manager pod specification file permissions are
set to 644 or more restrictive (Automated)
policy: Master Node Security Configuration
properties:
AuditConfig: ""
AuditEnv: ""
IsMultiple: "false"
actual_value: permissions=600
audit: /bin/sh -c 'if test -e /etc/kubernetes/manifests/kube-controller-manager.yaml;
then stat -c permissions=%a /etc/kubernetes/manifests/kube-controller-manager.yaml;
fi'
expected_result: permissions has permissions 600, expected 644 or more restrictive
index: 1.1.3
reason: ""
remediation: |
Run the below command (based on the file location on your system) on the master node.
For example,
chmod 644 /etc/kubernetes/manifests/kube-controller-manager.yaml
test_info: |
Run the below command (based on the file location on your system) on the master node.
For example,
chmod 644 /etc/kubernetes/manifests/kube-controller-manager.yaml
type: ""
result: pass
rule: Master Node Configuration Files
scored: true
source: ""
timestamp:
nanos: 0
seconds: 0
- category: CIS Benchmarks
message: Ensure that the controller manager pod specification file ownership is
set to root:root (Automated)
policy: Master Node Security Configuration
properties:
AuditConfig: ""
AuditEnv: ""
IsMultiple: "false"
actual_value: root:root
audit: /bin/sh -c 'if test -e /etc/kubernetes/manifests/kube-controller-manager.yaml;
then stat -c %U:%G /etc/kubernetes/manifests/kube-controller-manager.yaml; fi'
expected_result: '''root:root'' is present'
index: 1.1.4
reason: ""
remediation: |
Run the below command (based on the file location on your system) on the master node.
For example,
chown root:root /etc/kubernetes/manifests/kube-controller-manager.yaml
test_info: |
Run the below command (based on the file location on your system) on the master node.
For example,
chown root:root /etc/kubernetes/manifests/kube-controller-manager.yaml
type: ""
result: pass
rule: Master Node Configuration Files
scored: true
source: ""
timestamp:
nanos: 0
seconds: 0
- category: CIS Benchmarks
message: Ensure that the scheduler pod specification file permissions are set to
644 or more restrictive (Automated)
policy: Master Node Security Configuration
properties:
AuditConfig: ""
AuditEnv: ""
IsMultiple: "false"
actual_value: permissions=600
audit: /bin/sh -c 'if test -e /etc/kubernetes/manifests/kube-scheduler.yaml; then
stat -c permissions=%a /etc/kubernetes/manifests/kube-scheduler.yaml; fi'
expected_result: permissions has permissions 600, expected 644 or more restrictive
index: 1.1.5
reason: ""
remediation: |
Run the below command (based on the file location on your system) on the master node.
For example,
chmod 644 /etc/kubernetes/manifests/kube-scheduler.yaml
test_info: |
Run the below command (based on the file location on your system) on the master node.
For example,
chmod 644 /etc/kubernetes/manifests/kube-scheduler.yaml
type: ""
result: pass
rule: Master Node Configuration Files
scored: true
source: ""
timestamp:
nanos: 0
seconds: 0
Today we using a generic name for policy and rule in multiple policy violation. Need to a have focused name for policy and rule each policy violations