Check PodSecurityPolicy when test 1.2.13 of cis-1.5 (#651)

aquasecurity · Aug 3, 2020 · 5ff32e5 · 5ff32e5
1 parent db109da
commit 5ff32e5
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/cfg/cis-1.5/master.yaml b/cfg/cis-1.5/master.yaml
@@ -520,12 +520,18 @@ groups:
         text: "Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used (Not Scored)"
         audit: "/bin/ps -ef | grep $apiserverbin | grep -v grep"
         tests:
+          bin_op: or
           test_items:
             - flag: "--enable-admission-plugins"
               compare:
                 op: has
                 value: "SecurityContextDeny"
               set: true
+            - flag: "--enable-admission-plugins"
+              compare:
+                op: has
+                value: "PodSecurityPolicy"
+              set: true
         remediation: |
           Edit the API server pod specification file $apiserverconf
           on the master node and set the --enable-admission-plugins parameter to include