search

raspbernetes / k8s-security-policies

This repository offers a comprehensive library of security policies designed to enhance the security of Kubernetes cluster configurations. The policies are developed in accordance with the CIS Kubernetes benchmark.
https://raspbernetes.github.io/
Apache License 2.0
176 stars 24 forks source link

add policies 1.3.1 - 1.3.6 #14

Closed hsy3418 closed 4 years ago

hsy3418 commented 4 years ago

Signed-off-by: hsy3418@gmail.com

Description

Add policies 1.3.1-1.3.6

Type Of Change

To help us figure out who should review this PR, please put an X in all the areas that this PR affects.

Issue Ref (Optional)

Which issue(s) this PR fixes (optional, using fixes #(, fixes #, ...) format, will close the issue(s) when the PR gets merged): Fixes #

Notes

Add special notes for your reviewer here.

github-actions[bot] commented 4 years ago

OPA Test Results

data.cis_1_2_1.test_violation: PASS (2.213902ms)
data.cis_1_2_1.test_violation_2: PASS (1.847801ms)
data.cis_1_2_1.test_no_violation: PASS (1.659702ms)
data.cis_1_2_1.test_no_violation_2: PASS (703.701µs)
data.cis_1_2_10.test_violation: PASS (3.988703ms)
data.cis_1_2_10.test_no_violation: PASS (3.843504ms)
data.cis_1_2_10.test_no_violation_02: PASS (692.5µs)
data.cis_1_2_11.test_violation: PASS (2.128102ms)
data.cis_1_2_11.test_no_violation: PASS (1.864702ms)
data.cis_1_2_11.test_no_violation_2: PASS (1.295801ms)
data.cis_1_2_11.test_no_violation_3: PASS (577.501µs)
data.cis_1_2_12.test_violation: PASS (2.012701ms)
data.cis_1_2_12.test_no_violation: PASS (2.707503ms)
data.cis_1_2_12.test_no_violation_02: PASS (943.301µs)
data.cis_1_2_13.test_violation: PASS (4.579304ms)
data.cis_1_2_13.test_no_violation_02: PASS (4.116103ms)
data.cis_1_2_13.test_no_violation: PASS (568.401µs)
data.cis_1_2_14.test_violation: PASS (2.123102ms)
data.cis_1_2_14.test_no_violation: PASS (1.765201ms)
data.cis_1_2_14.test_no_violation_02: PASS (666.601µs)
data.cis_1_2_15.test_violation: PASS (2.060402ms)
data.cis_1_2_15.test_no_violation: PASS (1.598301ms)
data.cis_1_2_15.test_no_violation_02: PASS (650.401µs)
data.cis_1_2_16.test_violation: PASS (2.244302ms)
data.cis_1_2_16.test_no_violation: PASS (3.266403ms)
data.cis_1_2_16.test_no_violation_02: PASS (1.342601ms)
data.cis_1_2_17.test_violation: PASS (2.787303ms)
data.cis_1_2_17.test_no_violation: PASS (1.681801ms)
data.cis_1_2_17.test_no_violation_02: PASS (599.501µs)
data.cis_1_2_18.test_violation: PASS (1.554401ms)
data.cis_1_2_18.test_no_violation: PASS (1.005101ms)
data.cis_1_2_18.test_no_violation_02: PASS (641.401µs)
data.cis_1_2_19.test_violation: PASS (2.571702ms)
data.cis_1_2_19.test_no_violation: PASS (1.558701ms)
data.cis_1_2_19.test_no_violation_02: PASS (582.101µs)
data.cis_1_2_2.test_violation: PASS (1.792402ms)
data.cis_1_2_2.test_no_violation: PASS (1.120301ms)
data.cis_1_2_2.test_no_violation_02: PASS (1.642101ms)
data.cis_1_2_3.test_violation: PASS (4.610404ms)
data.cis_1_2_3.test_no_violation: PASS (1.926602ms)
data.cis_1_2_3.test_no_violation_02: PASS (573.4µs)
data.cis_1_2_4.test_violation: PASS (1.793503ms)
data.cis_1_2_4.test_no_violation: PASS (1.263501ms)
data.cis_1_2_4.test_no_violation_02: PASS (1.566902ms)
data.cis_1_2_4.test_no_violation_03: PASS (1.086302ms)
data.cis_1_2_5.test_violation: PASS (2.190602ms)
data.cis_1_2_5.test_violation_02: PASS (1.583502ms)
data.cis_1_2_5.test_violation_03: PASS (1.600702ms)
data.cis_1_2_5.test_no_violation: PASS (1.251602ms)
data.cis_1_2_5.test_no_violation_02: PASS (586.201µs)
data.cis_1_2_6.test_violation: PASS (3.739704ms)
data.cis_1_2_6.test_no_violation: PASS (2.722004ms)
data.cis_1_2_6.test_no_violation_02: PASS (644.701µs)
data.cis_1_2_7.test_violation: PASS (2.156303ms)
data.cis_1_2_7.test_no_violation: PASS (1.336101ms)
data.cis_1_2_7.test_no_violation_02: PASS (526.601µs)
data.cis_1_2_8.test_violation: PASS (1.702802ms)
data.cis_1_2_8.test_no_violation: PASS (1.514902ms)
data.cis_1_2_8.test_no_violatio_02: PASS (1.450302ms)
data.cis_1_2_8.test_no_violation_03: PASS (598.101µs)
data.cis_1_2_9.test_violation: PASS (1.818002ms)
data.cis_1_2_9.test_no_violation: PASS (1.579102ms)
data.cis_1_2_9.test_no_violatio_02: PASS (4.074805ms)
data.cis_1_2_9.test_no_violation_03: PASS (1.401102ms)
data.cis_1_3_1.test_violation: PASS (1.943203ms)
data.cis_1_3_1.test_violation_02: PASS (1.763702ms)
data.cis_1_3_1.test_no_violation: PASS (1.499702ms)
data.cis_1_3_1.test_no_violation_02: PASS (516µs)
data.cis_1_3_2.test_violation: PASS (1.718002ms)
data.cis_1_3_2.test_no_violation: PASS (1.486702ms)
data.cis_1_3_2.test_no_violation_02: PASS (590.001µs)
data.cis_1_3_3.test_violation: PASS (2.009803ms)
data.cis_1_3_3.test_violation_02: PASS (1.686602ms)
data.cis_1_3_3.test_no_violation: PASS (1.540002ms)
data.cis_1_3_3.test_no_violation_02: PASS (1.328901ms)
data.cis_1_3_4.test_violation: PASS (3.712405ms)
data.cis_1_3_4.test_no_violation: PASS (1.621902ms)
data.cis_1_3_4.test_no_violation_02: PASS (673.901µs)
data.cis_1_3_5.test_violation: PASS (1.439902ms)
data.cis_1_3_5.test_no_violation: PASS (1.317502ms)
data.cis_1_3_5.test_no_violation_02: PASS (603.9µs)
data.cis_1_3_6.test_violation: PASS (2.354903ms)
data.cis_1_3_6.test_violation_02: PASS (1.959103ms)
data.cis_1_3_6.test_violation_03: PASS (1.631902ms)
data.cis_1_3_6.test_no_violation: PASS (2.029802ms)
data.cis_1_3_6.test_no_violation_02: PASS (529.701µs)
data.cis_1_3_7.test_violation: PASS (1.841802ms)
data.cis_1_3_7.test_no_violation: PASS (3.257704ms)
data.cis_1_3_7.test_no_violation_02: PASS (1.863203ms)
data.cis_1_4_1.test_violation: PASS (3.941905ms)
data.cis_1_4_1.test_no_violation: PASS (1.552202ms)
data.cis_1_4_1.test_no_violation_02: PASS (603.901µs)
data.cis_1_4_2.test_violation: PASS (1.999802ms)
data.cis_1_4_2.test_no_violation: PASS (1.699102ms)
data.cis_1_4_2.test_no_violation_02: PASS (694.2µs)
data.cis_2_1.test_violation: PASS (3.352605ms)
data.cis_2_1.test_violation_2: PASS (2.955803ms)
data.cis_2_1.test_violation_3: PASS (3.336904ms)
data.cis_2_1.test_no_violation: PASS (4.193406ms)
data.cis_2_1.test_no_violation#01: PASS (2.216902ms)
data.cis_2_2.test_violation: PASS (3.576404ms)
data.cis_2_2.test_no_violation: PASS (1.828203ms)
data.cis_2_2.test_no_violation_02: PASS (640.2µs)
data.cis_2_3.test_violation: PASS (2.165403ms)
data.cis_2_3.test_no_violation: PASS (1.734702ms)
data.cis_2_3.test_no_violation_02: PASS (654.801µs)
data.cis_2_4.test_violation: PASS (3.446704ms)
data.cis_2_4.test_violation_2: PASS (4.302006ms)
data.cis_2_4.test_violation_3: PASS (3.235504ms)
data.cis_2_4.test_no_violation: PASS (2.560203ms)
data.cis_2_4.test_no_violation#01: PASS (756.101µs)
data.cis_2_5.test_violation: PASS (4.553906ms)
data.cis_2_5.test_no_violation: PASS (4.137405ms)
data.cis_2_5.test_no_violation_02: PASS (718.801µs)
data.cis_2_6.test_violation: PASS (1.848602ms)
data.cis_2_6.test_no_violation: PASS (1.597602ms)
data.cis_2_6.test_no_violation_02: PASS (571.401µs)
data.cis_2_7.test_violation: PASS (2.034002ms)
data.cis_2_7.test_no_violation: PASS (1.441302ms)
data.cis_2_7.test_no_violation_02: PASS (662.901µs)
data.cis_5_1_1.test_violation: PASS (800.501µs)
data.cis_5_1_1.test_violation_2: PASS (859.701µs)
data.cis_5_1_1.test_no_violation: PASS (1.580702ms)
data.cis_5_1_1.test_no_violation_2: PASS (839.301µs)
data.cis_5_1_1.test_no_violation_3: PASS (660.301µs)
data.cis_5_1_1.test_no_violation_4: PASS (608.501µs)
data.cis_5_1_2.test_violation: PASS (1.143401ms)
data.cis_5_1_2.test_violation_2: PASS (1.478002ms)
data.cis_5_1_2.test_violation_3: PASS (1.179101ms)
data.cis_5_1_2.test_violation_4: PASS (1.074401ms)
data.cis_5_1_2.test_violation_5: PASS (1.143301ms)
data.cis_5_1_2.test_no_violation: PASS (791.401µs)
data.cis_5_1_2.test_no_violation_2: PASS (2.541104ms)
data.cis_5_1_2.test_no_violation_3: PASS (2.162302ms)
data.cis_5_1_2.test_no_violation_4: PASS (2.565803ms)
data.cis_5_1_2.test_no_violation_5: PASS (1.634902ms)
data.cis_5_1_3.test_violation: PASS (1.202502ms)
data.cis_5_1_3.test_violation#01: PASS (963.002µs)
data.cis_5_1_3.test_violation#02: PASS (930.101µs)
data.cis_5_1_3.test_violation#03: PASS (1.043501ms)
data.cis_5_1_3.test_violation#04: PASS (1.069501ms)
data.cis_5_1_3.test_violation#05: PASS (1.046502ms)
data.cis_5_1_3.test_no_violation: PASS (769.401µs)
data.cis_5_1_3.test_no_violation_2: PASS (737.801µs)
data.cis_5_1_5.test_violation: PASS (958.001µs)
data.cis_5_1_5.test_violation_2: PASS (928.601µs)
data.cis_5_1_5.test_no_violation: PASS (726.401µs)
data.cis_5_1_5.test_no_violation_2: PASS (716.901µs)
data.cis_5_1_5.test_violation_3: PASS (719.601µs)
data.cis_5_1_6.test_violation: PASS (1.230701ms)
data.cis_5_1_6.test_violation_2: PASS (1.115202ms)
data.cis_5_1_6.test_no_violation: PASS (920.601µs)
data.cis_5_1_6.test_no_violation_2: PASS (1.041201ms)
data.cis_5_1_6.test_violation_3: PASS (925.101µs)
data.cis_5_2_1.test_violation: PASS (919.801µs)
data.cis_5_2_1.test_no_violation: PASS (782.201µs)
data.cis_5_2_2.test_violation: PASS (754.301µs)
data.cis_5_2_2.test_no_violation: PASS (646.401µs)
data.cis_5_2_3.test_violation: PASS (777.901µs)
data.cis_5_2_3.test_no_violation: PASS (687.501µs)
data.cis_5_2_4.test_violation: PASS (853.701µs)
data.cis_5_2_4.test_no_violation: PASS (662.801µs)
data.cis_5_2_5.test_violation: PASS (1.190101ms)
data.cis_5_2_5.test_no_violation: PASS (793.301µs)
data.cis_5_4_1.test_violation: PASS (2.025003ms)
data.cis_5_4_1.test_no_violation: PASS (2.837203ms)
data.cis_1_5_1.test_violation: PASS (5.565107ms)
data.cis_1_5_1.test_no_violation: PASS (1.778402ms)
data.cis_1_5_1.test_no_violation_02: PASS (699.001µs)
data.containers_resources_limits_cpu.test_violation: PASS (1.007201ms)
data.containers_resources_limits_cpu.test_no_violation: PASS (722.801µs)
data.containers_resources_limits_memory.test_violation: PASS (793.501µs)
data.containers_resources_limits_memory.test_no_violation: PASS (752.201µs)
data.containers_securitycontext_capabilities_add_index_sys_admim.test_violation: PASS (1.048201ms)
data.containers_securitycontext_capabilities_add_index_sys_admim.test_no_violation: PASS (1.070802ms)
data.containers_securitycontext_capabilities_drop_index_all.test_violation: PASS (1.286101ms)
data.containers_securitycontext_capabilities_drop_index_all.test_no_violation: PASS (1.225902ms)
data.containers_securitycontext_privileged_true.test_violation: PASS (928.501µs)
data.containers_securitycontext_privileged_true.test_no_violation: PASS (763.401µs)
data.containers_securitycontext_readonlyrootfilesystem_true.test_violation: PASS (933.901µs)
data.containers_securitycontext_readonlyrootfilesystem_true.test_no_violation: PASS (793.901µs)
data.containers_securitycontext_runasnonroot_true.test_violation: PASS (1.026801ms)
data.containers_securitycontext_runasnonroot_true.test_no_violation: PASS (831.501µs)
data.maicontainers_securitycontext_runasuser.test_violation: PASS (927.901µs)
data.maicontainers_securitycontext_runasuser.test_no_violation: PASS (1.019801ms)
data.spec_hostaliases.test_violation: PASS (983.201µs)
data.spec_hostaliases.test_no_violation: PASS (764.401µs)
data.spec_hostipc.test_violation: PASS (681.601µs)
data.spec_hostipc.test_no_violation: PASS (574.401µs)
data.spec_hostnetwork.test_violation: PASS (756.801µs)
data.spec_hostnetwork.test_no_violation: PASS (696.9µs)
data.spec_hostpid.test_violation: PASS (826.901µs)
data.spec_hostpid.test_no_violation: PASS (614.401µs)
data.spec_volumes_hostpath_path_var_run_docker_sock.test_violation: PASS (788.101µs)
data.spec_volumes_hostpath_path_var_run_docker_sock.test_no_violation: PASS (722.101µs)
data.containers_image_tag.test_violation_1: PASS (2.372103ms)
data.containers_image_tag.test_violation_2: PASS (3.352504ms)
data.containers_image_tag.test_no_violation: PASS (1.100402ms)
data.containers_securitycontext_allowprivilegedeescalation_true.test_violation: PASS (1.363202ms)
data.containers_securitycontext_allowprivilegedeescalation_true.test_no_violation: PASS (842.401µs)
--------------------------------------------------------------------------------
PASS: 200/200