Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Cloud Posture] EKS rule templates #3701

Merged
merged 12 commits into from
Jul 14, 2022
Merged

[Cloud Posture] EKS rule templates #3701

merged 12 commits into from
Jul 14, 2022

Conversation

oren-zohar
Copy link
Contributor

@oren-zohar oren-zohar commented Jul 13, 2022
edited
Loading

What does this PR do?

Adding EKS benchmark rule templates

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

Author's Checklist

Related issues

@oren-zohar oren-zohar added the enhancement New feature or request label Jul 13, 2022
@elasticmachine
Copy link

elasticmachine commented Jul 13, 2022
edited
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2022-07-14T15:14:20.956+0000

  • Duration: 16 min 3 sec

Test stats 🧪

Test Results
Failed 0
Passed 1
Skipped 0
Total 1

🤖 GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

@oren-zohar
Copy link
Contributor Author

/test

@oren-zohar oren-zohar marked this pull request as ready for review July 14, 2022 10:27
@oren-zohar oren-zohar requested a review from a team as a code owner July 14, 2022 10:27
kfirpeled
kfirpeled reviewed Jul 14, 2022
View reviewed changes
packages/cloud_security_posture/changelog.yml Outdated
@@ -1,4 +1,9 @@
# newer versions go on top
- version: "0.0.20"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit we haven't promoted version 0.0.19 consider added the changes to that version backlog

see example here

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@orouz's PR will add it, as seen in the description, I'm waiting for it to be merged

...es/cloud_security_posture/kibana/csp_rule_template/0434fc0b-4b72-5a73-8bee-8c8c40345165.json Outdated
"API Server"
],
"benchmark": {
"name": "CIS Kubernetes V1.23",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

missing benchmark id "cis_k8s" - maybe you are missing a merge from main?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@orouz PR will add it

packages/cloud_security_posture/manifest.yml Outdated
@@ -1,7 +1,7 @@
format_version: 1.0.0
name: cloud_security_posture
title: "CIS Kubernetes Benchmark"
version: 0.0.18
version: 0.0.20
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

consider using version 0.0.19 instead

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@orouz PR uses it already

@oren-zohar
reformat all json objects
ab481ac
@oren-zohar
Merge remote-tracking branch 'upstream/main' into eks-rule-templates
53c3f67 
# Conflicts:
#	packages/cloud_security_posture/changelog.yml
#	packages/cloud_security_posture/manifest.yml
@elasticmachine
Copy link

elasticmachine commented Jul 14, 2022
edited
Loading

🌐 Coverage report

Name Metrics % (covered/total) Diff
Packages 100.0% (0/0) 💚
Files 100.0% (0/0) 💚 3.049
Classes 100.0% (0/0) 💚 3.049
Methods 33.333% (1/3) 👎 -55.875
Lines 100.0% (0/0) 💚 9.794
Conditionals 100.0% (0/0) 💚

kfirpeled
kfirpeled reviewed Jul 14, 2022
View reviewed changes
Copy link
Contributor

@kfirpeled kfirpeled left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

missing version field

...es/cloud_security_posture/kibana/csp_rule_template/8c4d1ae0-5f42-5ad0-a95d-27824a774951.json
"impact": "Removal of the read-only port will require that any service which made use of it will need to be re-configured to use the main Kubelet API.\n",
"default_value": "See the Amazon EKS documentation for the default value.\n",
"references": "1. https://kubernetes.io/docs/admin/kubelet/\n",
"section": "Kubelet",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

missing version

...es/cloud_security_posture/kibana/csp_rule_template/98524674-3de3-5424-9afa-ca763edca62a.json
"default_value": "See the Amazon EKS documentation for the default value.\n",
"references": "1. https://kubernetes.io/docs/admin/kubelet/\n2. https://github.com/kubernetes/kubernetes/issues/22063\n3. https://kubernetes.io/docs/tasks/administer-cluster/reconfigure-kubelet/\n",
"section": "Kubelet",
"tags": [
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

missing version

...es/cloud_security_posture/kibana/csp_rule_template/c6bcde81-4ca4-5f6f-9ef0-1116b4a02f4c.json
"impact": "None\n",
"default_value": "See the Amazon EKS documentation for the default value.\n",
"references": "1. https://github.com/kubernetes/kubernetes/pull/45059\n2. https://kubernetes.io/docs/admin/kubelet-tls-bootstrapping/#kubelet-configuration\n",
"section": "Kubelet",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

missing version

...es/cloud_security_posture/kibana/csp_rule_template/d4eef2c6-599a-57d1-99dd-490d3745161d.json
"default_value": "See the Amazon EKS documentation for the default value.\n",
"references": "1. https://kubernetes.io/docs/admin/kubelet/ 2. https://github.com/kubernetes/kubernetes/blob/master/pkg/kubelet/apis/kubeletconfig/v1beta1/types.go 3. https://kubernetes.io/docs/tasks/administer-cluster/reconfigure-kubelet/\n",
"section": "Kubelet",
"tags": [
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

missing version

...es/cloud_security_posture/kibana/csp_rule_template/e9322670-79b9-5177-9fc0-388712f1df07.json
"default_value": "See the EKS documentation for the default value.\n",
"references": "1. https://kubernetes.io/docs/admin/kubelet/\n2. https://github.com/kubernetes/kubernetes/pull/18552\n",
"section": "Kubelet",
"tags": [
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

missing version

...es/cloud_security_posture/kibana/csp_rule_template/efb2ffa2-28a9-558e-aba3-f58243cb3bbb.json
"default_value": "See the Amazon EKS documentation for the default value.\n",
"references": "1. https://github.com/kubernetes/kubernetes/pull/41912\n2. https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet-tls-bootstrapping/#kubelet-configuration\n3. https://kubernetes.io/docs/imported/release/notes/\n4. https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/\n5. https://kubernetes.io/docs/tasks/administer-cluster/reconfigure-kubelet/\n",
"section": "Kubelet",
"tags": [
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

missing version

@oren-zohar
version
ffcfd0e
@oren-zohar
Merge remote-tracking branch 'oren-zohar/eks-rule-templates' into eks…
dbbccbd 
…-rule-templates

# Conflicts:
#	packages/cloud_security_posture/changelog.yml
kfirpeled
kfirpeled approved these changes Jul 14, 2022
View reviewed changes
Copy link
Contributor

@kfirpeled kfirpeled left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

works for me locally
however we still have the same formatting issues like we had before
https://github.com/elastic/security-team/issues/3672

@kfirpeled kfirpeled merged commit e4ddfbe into elastic:main Jul 14, 2022
@oren-zohar oren-zohar deleted the eks-rule-templates branch July 18, 2022 13:33
@kfirpeled kfirpeled added the Team:Cloud Security Label for the Cloud Security team [elastic/cloud-security-posture] label Jun 26, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kfirpeled kfirpeled kfirpeled approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request Team:Cloud Security Label for the Cloud Security team [elastic/cloud-security-posture]
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@oren-zohar @elasticmachine @kfirpeled