diff --git a/package/cfg/cis-1.24/node.yaml b/package/cfg/cis-1.24/node.yaml index 6fc7bea2..2bb05816 100644 --- a/package/cfg/cis-1.24/node.yaml +++ b/package/cfg/cis-1.24/node.yaml @@ -45,8 +45,6 @@ groups: compare: op: bitmask value: "600" - - flag: "$proxykubeconfig" - set: false remediation: | Run the below command (based on the file location on your system) on the each worker node. For example, @@ -60,8 +58,6 @@ groups: bin_op: or test_items: - flag: root:root - - flag: "$proxykubeconfig" - set: false remediation: | Run the below command (based on the file location on your system) on the each worker node. For example, chown root:root $proxykubeconfig @@ -453,4 +449,4 @@ groups: Based on your system, restart the kubelet service. For example: systemctl daemon-reload systemctl restart kubelet.service - scored: false \ No newline at end of file + scored: false diff --git a/package/cfg/cis-1.7/node.yaml b/package/cfg/cis-1.7/node.yaml index 853bd32f..d09acdcc 100644 --- a/package/cfg/cis-1.7/node.yaml +++ b/package/cfg/cis-1.7/node.yaml @@ -45,8 +45,6 @@ groups: compare: op: bitmask value: "600" - - flag: "$proxykubeconfig" - set: false remediation: | Run the below command (based on the file location on your system) on the each worker node. For example, @@ -60,8 +58,6 @@ groups: bin_op: or test_items: - flag: root:root - - flag: "$proxykubeconfig" - set: false remediation: | Run the below command (based on the file location on your system) on the each worker node. For example, chown root:root $proxykubeconfig diff --git a/package/cfg/k3s-cis-1.24-hardened/node.yaml b/package/cfg/k3s-cis-1.24-hardened/node.yaml index ffd27861..6d0361b9 100644 --- a/package/cfg/k3s-cis-1.24-hardened/node.yaml +++ b/package/cfg/k3s-cis-1.24-hardened/node.yaml @@ -47,8 +47,6 @@ groups: compare: op: bitmask value: "600" - - flag: "$proxykubeconfig" - set: false remediation: | Run the below command (based on the file location on your system) on the each worker node. For example, @@ -62,8 +60,6 @@ groups: bin_op: or test_items: - flag: root:root - - flag: "$proxykubeconfig" - set: false remediation: | Run the below command (based on the file location on your system) on the each worker node. For example, chown root:root $proxykubeconfig @@ -461,4 +457,4 @@ groups: Based on your system, restart the kubelet service. For example: systemctl daemon-reload systemctl restart kubelet.service - scored: false \ No newline at end of file + scored: false diff --git a/package/cfg/k3s-cis-1.24-permissive/node.yaml b/package/cfg/k3s-cis-1.24-permissive/node.yaml index a3a2cea6..ed3bc392 100644 --- a/package/cfg/k3s-cis-1.24-permissive/node.yaml +++ b/package/cfg/k3s-cis-1.24-permissive/node.yaml @@ -47,8 +47,6 @@ groups: compare: op: bitmask value: "600" - - flag: "$proxykubeconfig" - set: false remediation: | Run the below command (based on the file location on your system) on the each worker node. For example, @@ -62,8 +60,6 @@ groups: bin_op: or test_items: - flag: root:root - - flag: "$proxykubeconfig" - set: false remediation: | Run the below command (based on the file location on your system) on the each worker node. For example, chown root:root $proxykubeconfig @@ -463,4 +459,4 @@ groups: Based on your system, restart the kubelet service. For example: systemctl daemon-reload systemctl restart kubelet.service - scored: false \ No newline at end of file + scored: false diff --git a/package/cfg/k3s-cis-1.7-hardened/node.yaml b/package/cfg/k3s-cis-1.7-hardened/node.yaml index 14986f17..5a123d75 100644 --- a/package/cfg/k3s-cis-1.7-hardened/node.yaml +++ b/package/cfg/k3s-cis-1.7-hardened/node.yaml @@ -49,8 +49,6 @@ groups: compare: op: bitmask value: "600" - - flag: "$proxykubeconfig" - set: false remediation: | Run the below command (based on the file location on your system) on the each worker node. For example, @@ -64,8 +62,6 @@ groups: bin_op: or test_items: - flag: root:root - - flag: "$proxykubeconfig" - set: false remediation: | Run the below command (based on the file location on your system) on the each worker node. For example, chown root:root $proxykubeconfig diff --git a/package/cfg/k3s-cis-1.7-permissive/node.yaml b/package/cfg/k3s-cis-1.7-permissive/node.yaml index 512157ec..2c74576e 100644 --- a/package/cfg/k3s-cis-1.7-permissive/node.yaml +++ b/package/cfg/k3s-cis-1.7-permissive/node.yaml @@ -49,8 +49,6 @@ groups: compare: op: bitmask value: "600" - - flag: "$proxykubeconfig" - set: false remediation: | Run the below command (based on the file location on your system) on the each worker node. For example, @@ -64,8 +62,6 @@ groups: bin_op: or test_items: - flag: root:root - - flag: "$proxykubeconfig" - set: false remediation: | Run the below command (based on the file location on your system) on the each worker node. For example, chown root:root $proxykubeconfig diff --git a/package/cfg/rke-cis-1.24-hardened/node.yaml b/package/cfg/rke-cis-1.24-hardened/node.yaml index 138ac12a..9e9f5ae6 100644 --- a/package/cfg/rke-cis-1.24-hardened/node.yaml +++ b/package/cfg/rke-cis-1.24-hardened/node.yaml @@ -46,8 +46,6 @@ groups: compare: op: bitmask value: "644" - - flag: "$proxykubeconfig" - set: false remediation: | Run the below command (based on the file location on your system) on the each worker node. For example, @@ -61,8 +59,6 @@ groups: bin_op: or test_items: - flag: root:root - - flag: "$proxykubeconfig" - set: false remediation: | Run the below command (based on the file location on your system) on the each worker node. For example, chown root:root $proxykubeconfig @@ -474,4 +470,4 @@ groups: Based on your system, restart the kubelet service. For example: systemctl daemon-reload systemctl restart kubelet.service - scored: true \ No newline at end of file + scored: true diff --git a/package/cfg/rke-cis-1.24-permissive/node.yaml b/package/cfg/rke-cis-1.24-permissive/node.yaml index e97193cb..0c794077 100644 --- a/package/cfg/rke-cis-1.24-permissive/node.yaml +++ b/package/cfg/rke-cis-1.24-permissive/node.yaml @@ -47,8 +47,6 @@ groups: compare: op: bitmask value: "600" - - flag: "$proxykubeconfig" - set: false remediation: | Run the below command (based on the file location on your system) on the each worker node. For example, @@ -62,8 +60,6 @@ groups: bin_op: or test_items: - flag: root:root - - flag: "$proxykubeconfig" - set: false remediation: | Run the below command (based on the file location on your system) on the each worker node. For example, chown root:root $proxykubeconfig @@ -465,4 +461,4 @@ groups: Based on your system, restart the kubelet service. For example: systemctl daemon-reload systemctl restart kubelet.service - scored: true \ No newline at end of file + scored: true diff --git a/package/cfg/rke-cis-1.7-hardened/node.yaml b/package/cfg/rke-cis-1.7-hardened/node.yaml index 46ac857d..69f557af 100644 --- a/package/cfg/rke-cis-1.7-hardened/node.yaml +++ b/package/cfg/rke-cis-1.7-hardened/node.yaml @@ -51,8 +51,6 @@ groups: compare: op: bitmask value: "600" - - flag: "$proxykubeconfig" - set: false remediation: | Run the below command (based on the file location on your system) on the each worker node. For example, @@ -66,8 +64,6 @@ groups: bin_op: or test_items: - flag: root:root - - flag: "$proxykubeconfig" - set: false remediation: | Run the below command (based on the file location on your system) on the each worker node. For example, chown root:root $proxykubeconfig diff --git a/package/cfg/rke-cis-1.7-permissive/node.yaml b/package/cfg/rke-cis-1.7-permissive/node.yaml index 9736b544..42d4ddaa 100644 --- a/package/cfg/rke-cis-1.7-permissive/node.yaml +++ b/package/cfg/rke-cis-1.7-permissive/node.yaml @@ -51,8 +51,6 @@ groups: compare: op: bitmask value: "600" - - flag: "$proxykubeconfig" - set: false remediation: | Run the below command (based on the file location on your system) on the each worker node. For example, @@ -66,8 +64,6 @@ groups: bin_op: or test_items: - flag: root:root - - flag: "$proxykubeconfig" - set: false remediation: | Run the below command (based on the file location on your system) on the each worker node. For example, chown root:root $proxykubeconfig diff --git a/package/cfg/rke2-cis-1.24-hardened/node.yaml b/package/cfg/rke2-cis-1.24-hardened/node.yaml index 65b5a843..21b964ee 100644 --- a/package/cfg/rke2-cis-1.24-hardened/node.yaml +++ b/package/cfg/rke2-cis-1.24-hardened/node.yaml @@ -49,8 +49,6 @@ groups: compare: op: bitmask value: "600" - - flag: "$proxykubeconfig" - set: false remediation: | Run the below command (based on the file location on your system) on the each worker node. For example, @@ -64,8 +62,6 @@ groups: bin_op: or test_items: - flag: root:root - - flag: "$proxykubeconfig" - set: false remediation: | Run the below command (based on the file location on your system) on the each worker node. For example, chown root:root $proxykubeconfig @@ -472,4 +468,4 @@ groups: Based on your system, restart the kubelet service. For example: systemctl daemon-reload systemctl restart kubelet.service - scored: false \ No newline at end of file + scored: false diff --git a/package/cfg/rke2-cis-1.24-permissive/node.yaml b/package/cfg/rke2-cis-1.24-permissive/node.yaml index 5991c754..36957c4e 100644 --- a/package/cfg/rke2-cis-1.24-permissive/node.yaml +++ b/package/cfg/rke2-cis-1.24-permissive/node.yaml @@ -48,8 +48,6 @@ groups: compare: op: bitmask value: "600" - - flag: "$proxykubeconfig" - set: false remediation: | Run the below command (based on the file location on your system) on the each worker node. For example, @@ -63,8 +61,6 @@ groups: bin_op: or test_items: - flag: root:root - - flag: "$proxykubeconfig" - set: false remediation: | Run the below command (based on the file location on your system) on the each worker node. For example, chown root:root $proxykubeconfig @@ -470,4 +466,4 @@ groups: Based on your system, restart the kubelet service. For example: systemctl daemon-reload systemctl restart kubelet.service - scored: false \ No newline at end of file + scored: false diff --git a/package/cfg/rke2-cis-1.7-hardened/node.yaml b/package/cfg/rke2-cis-1.7-hardened/node.yaml index 6176aee7..3b0909fe 100644 --- a/package/cfg/rke2-cis-1.7-hardened/node.yaml +++ b/package/cfg/rke2-cis-1.7-hardened/node.yaml @@ -49,8 +49,6 @@ groups: compare: op: bitmask value: "600" - - flag: "$proxykubeconfig" - set: false remediation: | Run the below command (based on the file location on your system) on the each worker node. For example, @@ -64,8 +62,6 @@ groups: bin_op: or test_items: - flag: root:root - - flag: "$proxykubeconfig" - set: false remediation: | Run the below command (based on the file location on your system) on the each worker node. For example, chown root:root $proxykubeconfig diff --git a/package/cfg/rke2-cis-1.7-permissive/node.yaml b/package/cfg/rke2-cis-1.7-permissive/node.yaml index 6176aee7..3b0909fe 100644 --- a/package/cfg/rke2-cis-1.7-permissive/node.yaml +++ b/package/cfg/rke2-cis-1.7-permissive/node.yaml @@ -49,8 +49,6 @@ groups: compare: op: bitmask value: "600" - - flag: "$proxykubeconfig" - set: false remediation: | Run the below command (based on the file location on your system) on the each worker node. For example, @@ -64,8 +62,6 @@ groups: bin_op: or test_items: - flag: root:root - - flag: "$proxykubeconfig" - set: false remediation: | Run the below command (based on the file location on your system) on the each worker node. For example, chown root:root $proxykubeconfig