search

raspbernetes / k8s-security-policies

This repository offers a comprehensive library of security policies designed to enhance the security of Kubernetes cluster configurations. The policies are developed in accordance with the CIS Kubernetes benchmark.
https://raspbernetes.github.io/
Apache License 2.0
176 stars 24 forks source link

policies 1.2.18/19,1.2.8/9 #11

Closed hsy3418 closed 4 years ago

hsy3418 commented 4 years ago

Signed-off-by: hus5 siyuan.hu@anz.com

Description

Polices 1.2.8,1.2.9,1.2.18,1.2.19

Type Of Change

To help us figure out who should review this PR, please put an X in all the areas that this PR affects.

Issue Ref (Optional)

Which issue(s) this PR fixes (optional, using fixes #(, fixes #, ...) format, will close the issue(s) when the PR gets merged): Fixes #

Notes

Add special notes for your reviewer here.

github-actions[bot] commented 4 years ago

OPA Test Results

data.cis_1_2_1.test_violation: PASS (2.625948ms)
data.cis_1_2_1.test_violation_2: PASS (2.236241ms)
data.cis_1_2_1.test_no_violation: PASS (1.909035ms)
data.cis_1_2_1.test_no_violation_2: PASS (747.614µs)
data.cis_1_2_10.test_violation: PASS (3.995673ms)
data.cis_1_2_10.test_no_violation: PASS (3.007755ms)
data.cis_1_2_10.test_no_violation_02: PASS (716.913µs)
data.cis_1_2_11.test_violation: PASS (2.252742ms)
data.cis_1_2_11.test_no_violation: PASS (1.633329ms)
data.cis_1_2_11.test_no_violation_2: PASS (1.418326ms)
data.cis_1_2_11.test_no_violation_3: PASS (648.312µs)
data.cis_1_2_12.test_violation: PASS (2.072537ms)
data.cis_1_2_12.test_no_violation: PASS (1.68763ms)
data.cis_1_2_12.test_no_violation_02: PASS (1.206722ms)
data.cis_1_2_13.test_violation: PASS (7.109229ms)
data.cis_1_2_13.test_no_violation_02: PASS (2.162039ms)
data.cis_1_2_13.test_no_violation: PASS (654.412µs)
data.cis_1_2_14.test_violation: PASS (1.812533ms)
data.cis_1_2_14.test_no_violation: PASS (1.511027ms)
data.cis_1_2_14.test_no_violation_02: PASS (650.612µs)
data.cis_1_2_15.test_violation: PASS (1.833334ms)
data.cis_1_2_15.test_no_violation: PASS (1.532528ms)
data.cis_1_2_15.test_no_violation_02: PASS (654.512µs)
data.cis_1_2_16.test_violation: PASS (3.167158ms)
data.cis_1_2_16.test_no_violation: PASS (3.742068ms)
data.cis_1_2_16.test_no_violation_02: PASS (703.012µs)
data.cis_1_2_17.test_violation: PASS (2.046437ms)
data.cis_1_2_17.test_no_violation: PASS (1.732432ms)
data.cis_1_2_17.test_no_violation_02: PASS (661.012µs)
data.cis_1_2_18.test_violation: PASS (1.63113ms)
data.cis_1_2_18.test_no_violation: PASS (3.654767ms)
data.cis_1_2_18.test_no_violation_02: PASS (668.012µs)
data.cis_1_2_19.test_violation: PASS (2.107239ms)
data.cis_1_2_19.test_no_violation: PASS (1.702831ms)
data.cis_1_2_19.test_no_violation_02: PASS (651.612µs)
data.cis_1_2_2.test_violation: PASS (4.179376ms)
data.cis_1_2_2.test_no_violation: PASS (2.685849ms)
data.cis_1_2_2.test_no_violation_02: PASS (682.112µs)
data.cis_1_2_3.test_violation: PASS (1.614629ms)
data.cis_1_2_3.test_no_violation: PASS (1.251623ms)
data.cis_1_2_3.test_no_violation_02: PASS (653.712µs)
data.cis_1_2_4.test_violation: PASS (2.403444ms)
data.cis_1_2_4.test_no_violation: PASS (1.413626ms)
data.cis_1_2_4.test_no_violation_02: PASS (1.63983ms)
data.cis_1_2_4.test_no_violation_03: PASS (650.512µs)
data.cis_1_2_5.test_violation: PASS (1.740032ms)
data.cis_1_2_5.test_violation_02: PASS (3.392662ms)
data.cis_1_2_5.test_violation_03: PASS (5.746605ms)
data.cis_1_2_5.test_no_violation: PASS (1.704232ms)
data.cis_1_2_5.test_no_violation_02: PASS (657.612µs)
data.cis_1_2_6.test_violation: PASS (1.562728ms)
data.cis_1_2_6.test_no_violation: PASS (1.215222ms)
data.cis_1_2_6.test_no_violation_02: PASS (687.013µs)
data.cis_1_2_7.test_violation: PASS (2.150739ms)
data.cis_1_2_7.test_no_violation: PASS (1.65453ms)
data.cis_1_2_7.test_no_violation_02: PASS (653.811µs)
data.cis_1_2_8.test_violation: PASS (1.999236ms)
data.cis_1_2_8.test_no_violation: PASS (1.735232ms)
data.cis_1_2_8.test_no_violatio_02: PASS (5.184394ms)
data.cis_1_2_8.test_no_violation_03: PASS (942.717µs)
data.cis_1_2_9.test_violation: PASS (2.917053ms)
data.cis_1_2_9.test_no_violation: PASS (1.818133ms)
data.cis_1_2_9.test_no_violatio_02: PASS (1.62553ms)
data.cis_1_2_9.test_no_violation_03: PASS (640.812µs)
data.cis_1_3_2.test_violation: PASS (1.924335ms)
data.cis_1_3_2.test_no_violation: PASS (1.722732ms)
data.cis_1_3_2.test_no_violation_02: PASS (667.312µs)
data.cis_1_3_7.test_violation: PASS (2.245041ms)
data.cis_1_3_7.test_no_violation: PASS (1.896735ms)
data.cis_1_3_7.test_no_violation_02: PASS (774.914µs)
data.cis_1_4_1.test_violation: PASS (1.932736ms)
data.cis_1_4_1.test_no_violation: PASS (4.041174ms)
data.cis_1_4_1.test_no_violation_02: PASS (1.711431ms)
data.cis_1_4_2.test_violation: PASS (2.289242ms)
data.cis_1_4_2.test_no_violation: PASS (1.773533ms)
data.cis_1_4_2.test_no_violation_02: PASS (655.112µs)
data.cis_2_1.test_violation: PASS (3.82577ms)
data.cis_2_1.test_violation_2: PASS (3.369861ms)
data.cis_2_1.test_violation_3: PASS (3.232059ms)
data.cis_2_1.test_no_violation: PASS (5.849506ms)
data.cis_2_1.test_no_violation#01: PASS (1.683331ms)
data.cis_2_2.test_violation: PASS (5.700004ms)
data.cis_2_2.test_no_violation: PASS (2.964454ms)
data.cis_2_2.test_no_violation_02: PASS (673.012µs)
data.cis_2_3.test_violation: PASS (2.047137ms)
data.cis_2_3.test_no_violation: PASS (1.716131ms)
data.cis_2_3.test_no_violation_02: PASS (686.813µs)
data.cis_2_4.test_violation: PASS (3.500264ms)
data.cis_2_4.test_violation_2: PASS (3.476463ms)
data.cis_2_4.test_violation_3: PASS (3.158258ms)
data.cis_2_4.test_no_violation: PASS (6.415917ms)
data.cis_2_4.test_no_violation#01: PASS (2.057437ms)
data.cis_2_5.test_violation: PASS (2.479445ms)
data.cis_2_5.test_no_violation: PASS (1.778733ms)
data.cis_2_5.test_no_violation_02: PASS (646.812µs)
data.cis_2_6.test_violation: PASS (2.037037ms)
data.cis_2_6.test_no_violation: PASS (1.707831ms)
data.cis_2_6.test_no_violation_02: PASS (655.312µs)
data.cis_2_7.test_violation: PASS (2.359443ms)
data.cis_2_7.test_no_violation: PASS (1.887634ms)
data.cis_2_7.test_no_violation_02: PASS (669.112µs)
data.cis_5_1_1.test_violation: PASS (790.014µs)
data.cis_5_1_1.test_violation_2: PASS (808.814µs)
data.cis_5_1_1.test_no_violation: PASS (694.213µs)
data.cis_5_1_1.test_no_violation_2: PASS (681.113µs)
data.cis_5_1_1.test_no_violation_3: PASS (666.712µs)
data.cis_5_1_1.test_no_violation_4: PASS (660.512µs)
data.cis_5_1_2.test_violation: PASS (2.998455ms)
data.cis_5_1_2.test_violation_2: PASS (3.233059ms)
data.cis_5_1_2.test_violation_3: PASS (1.746632ms)
data.cis_5_1_2.test_violation_4: PASS (1.247523ms)
data.cis_5_1_2.test_violation_5: PASS (1.197522ms)
data.cis_5_1_2.test_no_violation: PASS (809.015µs)
data.cis_5_1_2.test_no_violation_2: PASS (974.818µs)
data.cis_5_1_2.test_no_violation_3: PASS (1.029919ms)
data.cis_5_1_2.test_no_violation_4: PASS (1.10512ms)
data.cis_5_1_2.test_no_violation_5: PASS (1.10442ms)
data.cis_5_1_3.test_violation: PASS (828.416µs)
data.cis_5_1_3.test_violation#01: PASS (985.218µs)
data.cis_5_1_3.test_violation#02: PASS (976.418µs)
data.cis_5_1_3.test_violation#03: PASS (986.918µs)
data.cis_5_1_3.test_violation#04: PASS (949.817µs)
data.cis_5_1_3.test_violation#05: PASS (991.418µs)
data.cis_5_1_3.test_no_violation: PASS (726.113µs)
data.cis_5_1_3.test_no_violation_2: PASS (1.007819ms)
data.cis_5_1_5.test_violation: PASS (926.917µs)
data.cis_5_1_5.test_violation_2: PASS (893.116µs)
data.cis_5_1_5.test_no_violation: PASS (713.213µs)
data.cis_5_1_5.test_no_violation_2: PASS (723.313µs)
data.cis_5_1_5.test_violation_3: PASS (712.513µs)
data.cis_5_2_1.test_violation: PASS (936.617µs)
data.cis_5_2_1.test_no_violation: PASS (2.460044ms)
data.cis_5_2_2.test_violation: PASS (2.419844ms)
data.cis_5_2_2.test_no_violation: PASS (955.317µs)
data.cis_5_2_3.test_violation: PASS (1.14242ms)
data.cis_5_2_3.test_no_violation: PASS (1.857134ms)
data.cis_5_2_4.test_violation: PASS (848.315µs)
data.cis_5_2_4.test_no_violation: PASS (621.511µs)
data.cis_5_2_5.test_violation: PASS (921.017µs)
data.cis_5_2_5.test_no_violation: PASS (824.815µs)
data.cis_5_4_1.test_violation: PASS (1.06802ms)
data.cis_5_4_1.test_no_violation: PASS (953.017µs)
data.cis_1_5_1.test_violation: PASS (2.483145ms)
data.cis_1_5_1.test_no_violation: PASS (1.721331ms)
data.cis_1_5_1.test_no_violation_02: PASS (692.012µs)
data.containers_resources_limits_cpu.test_violation: PASS (1.010518ms)
data.containers_resources_limits_cpu.test_no_violation: PASS (834.115µs)
data.containers_resources_limits_memory.test_violation: PASS (983.818µs)
data.containers_resources_limits_memory.test_no_violation: PASS (844.115µs)
data.containers_securitycontext_capabilities_add_index_sys_admim.test_violation: PASS (1.291223ms)
data.containers_securitycontext_capabilities_add_index_sys_admim.test_no_violation: PASS (929.317µs)
data.containers_securitycontext_capabilities_drop_index_all.test_violation: PASS (1.043319ms)
data.containers_securitycontext_capabilities_drop_index_all.test_no_violation: PASS (1.151621ms)
data.containers_securitycontext_privileged_true.test_violation: PASS (1.036519ms)
data.containers_securitycontext_privileged_true.test_no_violation: PASS (842.015µs)
data.containers_securitycontext_readonlyrootfilesystem_true.test_violation: PASS (1.008019ms)
data.containers_securitycontext_readonlyrootfilesystem_true.test_no_violation: PASS (1.070619ms)
data.containers_securitycontext_runasnonroot_true.test_violation: PASS (3.626566ms)
data.containers_securitycontext_runasnonroot_true.test_no_violation: PASS (3.353661ms)
data.maicontainers_securitycontext_runasuser.test_violation: PASS (7.031828ms)
data.maicontainers_securitycontext_runasuser.test_no_violation: PASS (1.13572ms)
data.spec_hostaliases.test_violation: PASS (1.516027ms)
data.spec_hostaliases.test_no_violation: PASS (618.012µs)
data.spec_hostipc.test_violation: PASS (734.313µs)
data.spec_hostipc.test_no_violation: PASS (601.011µs)
data.spec_hostnetwork.test_violation: PASS (1.14312ms)
data.spec_hostnetwork.test_no_violation: PASS (664.512µs)
data.spec_hostpid.test_violation: PASS (739.113µs)
data.spec_hostpid.test_no_violation: PASS (601.411µs)
data.spec_volumes_hostpath_path_var_run_docker_sock.test_violation: PASS (907.216µs)
data.spec_volumes_hostpath_path_var_run_docker_sock.test_no_violation: PASS (861.515µs)
data.containers_image_tag.test_violation_1: PASS (1.071619ms)
data.containers_image_tag.test_violation_2: PASS (1.121621ms)
data.containers_image_tag.test_no_violation: PASS (849.815µs)
data.containers_securitycontext_allowprivilegedeescalation_true.test_violation: PASS (1.035618ms)
data.containers_securitycontext_allowprivilegedeescalation_true.test_no_violation: PASS (884.416µs)
--------------------------------------------------------------------------------
PASS: 176/176