Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: rke2 cis spec support #148

Merged
merged 3 commits into from
Jun 20, 2024
Merged

feat: rke2 cis spec support #148

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
f13fa71
feat: rke2 cis spec support
chen-keinan Jun 13, 2024
924ddef
feat: rke2 cis spec support
chen-keinan Jun 13, 2024
4d6bc9b
feat: add compliance additional fields
chen-keinan Jun 17, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions commands/kubernetes/adminConfFileOwnership.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,3 +6,4 @@
audit: stat -c %U:%G /etc/kubernetes/admin.conf
platforms:
- k8s
- rke2
1 change: 1 addition & 0 deletions commands/kubernetes/adminConfFilePermissions.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,3 +6,4 @@
audit: stat -c %a /etc/kubernetes/admin.conf
platforms:
- k8s
- rke2
1 change: 1 addition & 0 deletions commands/kubernetes/certificateAuthoritiesFileOwnership.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,3 +8,4 @@
/dev/null
platforms:
- k8s
- rke2
1 change: 1 addition & 0 deletions commands/kubernetes/certificateAuthoritiesFilePermissions.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,3 +8,4 @@
/dev/null
platforms:
- k8s
- rke2
2 changes: 2 additions & 0 deletions commands/kubernetes/containerNetworkInterfaceFileOwnership.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,3 +6,5 @@
audit: stat -c %U:%G /*/cni/*
platforms:
- k8s
- rke2

1 change: 1 addition & 0 deletions commands/kubernetes/containerNetworkInterfaceFilePermissions.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,3 +6,4 @@
audit: stat -c %a /*/cni/*
platforms:
- k8s
- rke2
1 change: 1 addition & 0 deletions commands/kubernetes/controllerManagerConfFileOwnership.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,3 +6,4 @@
audit: stat -c %U:%G $controllermanager.kubeconfig
platforms:
- k8s
- rke2
1 change: 1 addition & 0 deletions commands/kubernetes/controllerManagerConfFilePermissions.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,3 +6,4 @@
audit: stat -c %a $controllermanager.kubeconfig
platforms:
- k8s
- rke2
8 changes: 8 additions & 0 deletions commands/kubernetes/etcdDataDirectoryOwnershipRancher.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
---
- id: CMD-0046
key: etcdDataDirectoryOwnership
title: Etcd data directory Ownership
nodeType: master
audit: stat -c %U:%G /node/var/lib/etcd
platforms:
- rke2
8 changes: 8 additions & 0 deletions commands/kubernetes/etcdDataDirectoryPermissionsRancher.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
---
- id: CMD-0047
key: etcdDataDirectoryPermissions
title: Etcd data directory permissions
nodeType: master
audit: stat -c %a /node/var/lib/etcd
platforms:
- rke2
1 change: 1 addition & 0 deletions commands/kubernetes/kubeAPIServerSpecFileOwnership.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,3 +6,4 @@
audit: stat -c %U:%G $apiserver.confs
platforms:
- k8s
- rke2
1 change: 1 addition & 0 deletions commands/kubernetes/kubeAPIServerSpecFilePermission.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,4 +6,5 @@
audit: stat -c %a $apiserver.confs
platforms:
- k8s
- rke2

1 change: 1 addition & 0 deletions commands/kubernetes/kubeControllerManagerSpecFileOwnership.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,3 +6,4 @@
audit: stat -c %U:%G $controllermanager.confs
platforms:
- k8s
- rke2
1 change: 1 addition & 0 deletions commands/kubernetes/kubeControllerManagerSpecFilePermission.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,3 +6,4 @@
audit: stat -c %a $controllermanager.confs
platforms:
- k8s
- rke2
1 change: 1 addition & 0 deletions commands/kubernetes/kubeEtcdSpecFileOwnership.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,3 +6,4 @@
audit: stat -c %U:%G $etcd.confs
platforms:
- k8s
- rke2
1 change: 1 addition & 0 deletions commands/kubernetes/kubeEtcdSpecFilePermission.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,3 +6,4 @@
audit: stat -c %a $etcd.confs
platforms:
- k8s
- rke2
9 changes: 9 additions & 0 deletions commands/kubernetes/kubePKIDirectoryFileOwnershipRancher.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
---
- id: CMD-0048
key: kubePKIDirectoryFileOwnership
title: Kubernetes PKI directory and file ownership
nodeType: master
audit: stat -c %U:%G $(ls -R /node/etc/kubernetes/ssl | awk
'/:$/&&f{s=$0;f=0}/:$/&&!f{sub(/:$/,"");s=$0;f=1;next}NF&&f{print s"/"$0 }')
platforms:
- rke2
10 changes: 10 additions & 0 deletions commands/kubernetes/kubePKIKeyFilePermissionsRancher.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
---
- id: CMD-0050
key: kubePKIKeyFilePermissions
title: Kubernetes PKI certificate file permissions
nodeType: master
audit: stat -c %a $(ls -aR /node/etc/kubernetes/ssl | awk
'/:$/&&f{s=$0;f=0}/:$/&&!f{sub(/:$/,"");s=$0;f=1;next}NF&&f{print s"/"$0}' |
grep \.key$)
platforms:
- rke
1 change: 1 addition & 0 deletions commands/kubernetes/kubeSchedulerSpecFileOwnership.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,3 +6,4 @@
audit: stat -c %U:%G $scheduler.confs
platforms:
- k8s
- rke2
1 change: 1 addition & 0 deletions commands/kubernetes/kubeSchedulerSpecFilePermission.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,3 +6,4 @@
audit: stat -c %a $scheduler.confs
platforms:
- k8s
- rke2
1 change: 1 addition & 0 deletions commands/kubernetes/kubeconfigFileExistsOwnership.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,3 +8,4 @@
2>/dev/null` || echo $output
platforms:
- k8s
- rke2
1 change: 1 addition & 0 deletions commands/kubernetes/kubeconfigFileExistsPermissions.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,3 +8,4 @@
2>/dev/null` || echo $output
platforms:
- k8s
- rke2
1 change: 1 addition & 0 deletions commands/kubernetes/kubeletAnonymousAuthArgumentSet.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,3 +8,4 @@
platforms:
- k8s
- eks
- rke2
1 change: 1 addition & 0 deletions commands/kubernetes/kubeletAuthorizationModeArgumentSet.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,3 +7,4 @@
--authorization-mode=[^"]\S*' | awk -F "=" '{print $2}' |awk 'FNR <= 1'
platforms:
- k8s
- rke2
1 change: 1 addition & 0 deletions commands/kubernetes/kubeletClientCaFileArgumentSet.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,3 +8,4 @@
platforms:
- k8s
- eks
- rke2
1 change: 1 addition & 0 deletions commands/kubernetes/kubeletConfFileOwnership.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,3 +6,4 @@
audit: stat -c %U:%G $kubelet.kubeconfig
platforms:
- k8s
- rke2
1 change: 1 addition & 0 deletions commands/kubernetes/kubeletConfFilePermissions.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,3 +6,4 @@
audit: stat -c %a $kubelet.kubeconfig
platforms:
- k8s
- rke2
1 change: 1 addition & 0 deletions commands/kubernetes/kubeletConfigYamlConfigurationFileOwnership.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,3 +7,4 @@
platforms:
- k8s
- eks
- rke2
1 change: 1 addition & 0 deletions commands/kubernetes/kubeletConfigYamlConfigurationFilePermission.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,3 +7,4 @@
platforms:
- k8s
- eks
- rke2
1 change: 1 addition & 0 deletions commands/kubernetes/kubeletEventQpsArgumentSet.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,3 +7,4 @@
--event-qps=[^"]\S*' | awk -F "=" '{print $2}' |awk 'FNR <= 1'
platforms:
- k8s
- rke2
1 change: 1 addition & 0 deletions commands/kubernetes/kubeletHostnameOverrideArgumentSet.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,3 +7,4 @@
--hostname-override=[^"]\S*' | awk -F "=" '{print $2}' |awk 'FNR <= 1'
platforms:
- k8s
- rke2
1 change: 1 addition & 0 deletions commands/kubernetes/kubeletMakeIptablesUtilChainsArgumentSet.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,3 +9,4 @@
platforms:
- k8s
- eks
- rke2
1 change: 1 addition & 0 deletions commands/kubernetes/kubeletOnlyUseStrongCryptographic.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,3 +7,4 @@
'TLSCipherSuites=[^"]\S*' | awk -F "=" '{print $2}' |awk 'FNR <= 1'
platforms:
- k8s
- rke2
1 change: 1 addition & 0 deletions commands/kubernetes/kubeletProtectKernelDefaultsArgumentSet.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,3 +8,4 @@
1'
platforms:
- k8s
- rke2
1 change: 1 addition & 0 deletions commands/kubernetes/kubeletReadOnlyPortArgumentSet.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,3 +8,4 @@
platforms:
- k8s
- eks
- rke2
1 change: 1 addition & 0 deletions commands/kubernetes/kubeletRotateCertificatesArgumentSet.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,3 +8,4 @@
platforms:
- k8s
- eks
- rke2
1 change: 1 addition & 0 deletions commands/kubernetes/kubeletRotateKubeletServerCertificateArgumentSet.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,3 +9,4 @@
platforms:
- k8s
- eks
- rke2
1 change: 1 addition & 0 deletions commands/kubernetes/kubeletServiceFileOwnership.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,3 +7,4 @@
platforms:
- k8s
- eks
- rke2
1 change: 1 addition & 0 deletions commands/kubernetes/kubeletServiceFilePermissions.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,3 +6,4 @@
audit: stat -c %a $kubelet.svc
platforms:
- k8s
- rke2
1 change: 1 addition & 0 deletions commands/kubernetes/kubeletStreamingConnectionIdleTimeoutArgumentSet.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,3 +9,4 @@
platforms:
- k8s
- eks
- rke2
1 change: 1 addition & 0 deletions commands/kubernetes/kubeletTlsCertFileTlsArgumentSet.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,3 +7,4 @@
--tls-cert-file=[^"]\S*' | awk -F "=" '{print $2}' |awk 'FNR <= 1'
platforms:
- k8s
- rke2
1 change: 1 addition & 0 deletions commands/kubernetes/kubeletTlsPrivateKeyFileArgumentSet.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,3 +7,4 @@
--tls-private-key-file=[^"]\S*' | awk -F "=" '{print $2}' |awk 'FNR <= 1'
platforms:
- k8s
- rke2
10 changes: 10 additions & 0 deletions commands/kubernetes/kubernetesPKICertificateFilePermissionsRancher.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
---
- id: CMD-0049
key: kubernetesPKICertificateFilePermissions
title: Kubernetes PKI certificate file permissions
nodeType: master
audit: stat -c %a $(ls -aR /node/etc/kubernetes/ssl |
awk'/:$/&&f{s=$0;f=0}/:$/&&!f{sub(/:$/,"");s=$0;f=1;next}NF&&f{print
s"/"$0}' | grep \.crt$)
platforms:
- rke2
1 change: 1 addition & 0 deletions commands/kubernetes/schedulerConfFileOwnership.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,3 +6,4 @@
audit: stat -c %U:%G $scheduler.kubeconfig
platforms:
- k8s
- rke2
1 change: 1 addition & 0 deletions commands/kubernetes/schedulerConfFilePermissions.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,3 +6,4 @@
audit: stat -c %a $scheduler.kubeconfig
platforms:
- k8s
- rke2
Loading
Loading