-
Notifications
You must be signed in to change notification settings - Fork 2.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update the CIS Hardening Guide for 2.6x #35735
Comments
Initial PR to restructure Security section of docs - rancher/docs#3761 |
Related issue for updating CIS benchmarks to v1.20 - rancher/cis-operator#135. |
PR adding hardening guides for Rancher v2.6 - rancher/docs#3810 |
@anupama2501 I tagged you in the docs PR for review, please. |
Root causeThere is no up to date CIS hardening guide for Rancher v2.6. The latest CIS hardening guide is available only for Rancher 2.5. What was fixed?The CIS hardening guide for Rancher 2.5 was reviewed and small improvements were added to update it for Rancher 2.6. The updated hardening guide focus on CIS profile v1.6 for Kubernetes v1.18, v1.19, v1.20 and v1.21. What should be tested?
What areas could experience regressions?No regression is expected. |
@anupama2501 Besides the PDFs of the hardening and assessment pages that were regenerated, and the assessment page that is generated with a script which the input is the output of the CIS scan itself, the major change was only in the hardening page. It's a bit difficult to easily check in GitHub the diff between the 2.6 guide in macedogm/docs/blob/rancher/35735-hardening-docs-add-v2.6/content/rancher/v2.6/en/security/hardening-guides/1.6-hardening-2.6/_index.md and the 2.5 guide in macedogm/docs/blob/rancher/35735-hardening-docs-add-v2.6/content/rancher/v2.5/en/security/rancher-2.5/1.6-hardening-2.5/_index.md, so I'm attaching a diff that I generated from my docs PR branch. % git branch
master
* rancher/35735-hardening-docs-add-v2.6
% diff content/rancher/v2.6/en/security/hardening-guides/1.6-hardening-2.6/_index.md content/rancher/v2.5/en/security/rancher-2.5/1.6-hardening-2.5/_index.md | more > hardening-guides.txt Please let me know if this helps you or not. |
Verified on v2.6-head d0d20a7 Rke version 1.3.7
cluster-new.txt
|
Re opening as the CIS scans on local cluster have failed for the test Steps:
|
Since this is a known issue, closing this ticket and tracking them separately from security repo. |
We currently need to have an up-to-date hardening guide for the v2.6x line. Our Rancher 2.6 documentation (https://rancher.com/docs/rancher/v2.6/en/cis-scans/) will need updated.
For reference purposes, here is the Rancher 2.4 hardening guide: https://rancher.com/docs/rancher/v2.0-v2.4/en/security/rancher-2.4/hardening-2.4/
The text was updated successfully, but these errors were encountered: