Skip to content

Commit

Permalink
automate check 3.2.1 Ensure that a minimal audit policy is created (#742
Browse files Browse the repository at this point in the history 
)

Co-authored-by: mengyzhou <mengyzhou@ebay.com>
  • Loading branch information
bjrara and mengyzhou committed Nov 2, 2020
1 parent aa2a6f0 commit 83b80a5
Show file tree
Hide file tree
Showing 4 changed files with 22 additions and 6 deletions.
6 changes: 5 additions & 1 deletion cfg/cis-1.5/controlplane.yaml
View file
Expand Up @@ -21,7 +21,11 @@ groups:
checks:
- id: 3.2.1
text: "Ensure that a minimal audit policy is created (Scored)"
type: "manual"
audit: "/bin/ps -ef | grep $apiserverbin | grep -v grep"
tests:
test_items:
- flag: "--audit-policy-file"
set: true
remediation: |
Create an audit policy file for your cluster.
scored: true
Expand Down
6 changes: 5 additions & 1 deletion cfg/cis-1.6/controlplane.yaml
View file
Expand Up @@ -21,7 +21,11 @@ groups:
checks:
- id: 3.2.1
text: "Ensure that a minimal audit policy is created (Manual)"
type: "manual"

This comment has been minimized.

Sign in to view

Copy link
@mayankkumarcs

mayankkumarcs Aug 13, 2021
edited

Is it Okay to remove the manual type as the testcase name says it is manual, because manual Testcase is being skipped as per the logic written in
https://github.com/aquasecurity/kube-bench/blob/c91a9434c0103dc5a4914b72096fb5bf9dac18e2/check/check.go

@bjrara and @MengYzhou
audit: "/bin/ps -ef | grep $apiserverbin | grep -v grep"
tests:
test_items:
- flag: "--audit-policy-file"
set: true
remediation: |
Create an audit policy file for your cluster.
scored: false
Expand Down
10 changes: 9 additions & 1 deletion cfg/config.yaml
View file
Expand Up @@ -186,7 +186,15 @@ etcd:
defaultconf: /etc/kubernetes/manifests/etcd.yaml

controlplane:
components: []
components:
- apiserver

apiserver:
bins:
- "kube-apiserver"
- "hyperkube apiserver"
- "hyperkube kube-apiserver"
- "apiserver"

policies:
components: []
Expand Down
6 changes: 3 additions & 3 deletions integration/testdata/cis-1.5/job.data
View file
Expand Up @@ -193,7 +193,7 @@ on the master node and set the below parameter.
[INFO] 3.1 Authentication and Authorization
[WARN] 3.1.1 Client certificate authentication should not be used for users (Not Scored)
[INFO] 3.2 Logging
[WARN] 3.2.1 Ensure that a minimal audit policy is created (Scored)
[FAIL] 3.2.1 Ensure that a minimal audit policy is created (Scored)
[WARN] 3.2.2 Ensure that the audit policy covers key security concerns (Not Scored)

== Remediations ==
Expand All @@ -208,8 +208,8 @@ minimum.

== Summary ==
0 checks PASS
0 checks FAIL
3 checks WARN
1 checks FAIL
2 checks WARN
0 checks INFO
[INFO] 4 Worker Node Security Configuration
[INFO] 4.1 Worker Node Configuration Files
Expand Down

0 comments on commit 83b80a5

Please sign in to comment.