search

turbot / steampipe-mod-kubernetes-compliance

Run individual controls or full compliance benchmarks for NSA CISA Kubernetes Hardening Guidance across all of your Kubernetes clusters using Powerpipe and Steampipe.
https://hub.powerpipe.io/mods/turbot/kubernetes_compliance
Apache License 2.0
32 stars 4 forks source link

Add pod template controls. Closes #66 #65

Closed Subhajit97 closed 1 year ago

Subhajit97 commented 1 year ago

Controls

  1. pod_template_container_privilege_escalation_disabled
  2. pod_template_container_with_added_capabilities
  3. pod_template_container_sys_admin_capability_disabled
  4. pod_template_container_admission_control_plugin_no_always_admit
  5. pod_template_container_admission_control_plugin_always_pull_images
  6. pod_template_container_argument_api_server_anonymous_auth_disabled
  7. pod_template_container_argument_audit_log_path_configured
  8. pod_template_container_argument_audit_log_maxage_greater_than_30
  9. pod_template_container_argument_audit_log_maxbackup_greater_than_10
  10. pod_template_container_argument_audit_log_maxsize_greater_than_100
  11. pod_template_container_argument_authorization_mode_node
  12. pod_template_container_argument_authorization_mode_no_always_allow
  13. pod_template_container_argument_authorization_mode_rbac
  14. pod_template_container_no_argument_basic_auth_file
  15. pod_template_container_encryption_providers_configured
  16. pod_template_container_argument_etcd_cafile_configured
  17. pod_template_container_argument_api_server_etcd_certfile_and_keyfile_configured
  18. pod_template_container_no_argument_insecure_bind_address
  19. pod_template_container_argument_insecure_port_0
  20. pod_template_container_argument_kubelet_client_certificate_and_key_configured
  21. pod_template_container_argument_kubelet_https_enabled
  22. pod_template_cpu_limit
  23. pod_template_cpu_request
  24. pod_template_container_security_context_exists
  25. pod_template_container_admission_capability_restricted
  26. pod_template_container_image_pull_policy_always
  27. pod_template_container_image_tag_specified
  28. pod_template_container_argument_kubelet_anonymous_auth_disabled
  29. pod_template_container_argument_event_qps_less_than_5
  30. pod_template_container_rotate_certificate_enabled
  31. pod_template_container_liveness_probe
  32. pod_template_memory_limit
  33. pod_template_memory_request
  34. pod_template_container_capabilities_drop_all
  35. pod_template_container_privilege_disabled
  36. pod_template_immutable_container_filesystem
  37. pod_template_container_readiness_probe
  38. pod_template_container_argument_namespace_lifecycle_enabled
  39. pod_template_container_argument_node_restriction_enabled
  40. pod_template_container_argument_service_account_lookup_enabled
  41. pod_template_container_token_auth_file_not_configured
  42. pod_template_container_kubelet_certificate_authority_configured
  43. pod_template_container_argument_etcd_auto_tls_disabled
  44. pod_template_container_argument_etcd_client_cert_auth_enabled
  45. pod_template_container_argument_kube_controller_manager_profiling_disabled
  46. pod_template_container_argument_kube_controller_manager_root_ca_file_configured
  47. pod_template_container_argument_kube_controller_manager_service_account_credentials_enabled
  48. pod_template_container_argument_kube_controller_manager_service_account_private_key_file_configured
  49. pod_template_container_argument_kubelet_authorization_mode_no_always_allow
  50. pod_template_container_no_argument_hostname_override_configured
  51. pod_template_container_argument_tls_cert_file_and_tls_private_key_file_configured
  52. pod_template_container_argument_make_iptables_util_chains_enabled
  53. pod_template_container_argument_protect_kernel_defaults_enabled
  54. pod_template_container_argument_kubelet_read_only_port_0
  55. pod_template_container_argument_bind_address_127_0_0_1
  56. pod_template_container_argument_kube_scheduler_profiling_disabled
  57. pod_template_container_argument_pod_security_policy_enabled
  58. pod_template_container_argument_kube_apiserver_profiling_disabled
  59. pod_template_container_argument_secure_port_not_0
  60. pod_template_container_argument_service_account_key_file_appropriate
  61. pod_template_container_argument_service_account_enabled
  62. pod_template_container_argument_kube_controller_manager_bind_address_127_0_0_1
  63. pod_template_container_kubelet_streaming_connection_idle_timeout_not_zero
  64. pod_template_container_kubernetes_dashboard_not_deployed
  65. pod_template_container_argument_etcd_peer_certfile_and_peer_keyfile_configured
  66. pod_template_container_argument_etcd_certfile_and_keyfile_configured
  67. pod_template_container_argument_api_server_tls_cert_file_and_tls_private_key_file_configured
  68. pod_template_container_argument_rotate_kubelet_server_certificate_enabled
  69. pod_template_container_strong_kubelet_cryptographic_ciphers
  70. pod_template_container_strong_kube_apiserver_cryptographic_ciphers
  71. pod_template_container_argument_security_context_deny_enabled
  72. pod_template_container_argument_kubelet_client_ca_file_configured
  73. pod_template_container_argument_kubelet_terminated_pod_gc_threshold_configured