Skip to content

Commit

Permalink
Remove flag:proxykubeconfig from test_items in node.yaml for 4.1.3 an…
Browse files Browse the repository at this point in the history
…d 4.1.4 (cis-1.24 & cis-1.7)
  • Loading branch information
andypitcher committed Aug 29, 2023
1 parent 011ad94 commit 70227bd
Show file tree
Hide file tree
Showing 14 changed files with 7 additions and 63 deletions.
6 changes: 1 addition & 5 deletions package/cfg/cis-1.24/node.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -45,8 +45,6 @@ groups:
compare:
op: bitmask
value: "600"
- flag: "$proxykubeconfig"
set: false
remediation: |
Run the below command (based on the file location on your system) on the each worker node.
For example,
Expand All @@ -60,8 +58,6 @@ groups:
bin_op: or
test_items:
- flag: root:root
- flag: "$proxykubeconfig"
set: false
remediation: |
Run the below command (based on the file location on your system) on the each worker node.
For example, chown root:root $proxykubeconfig
Expand Down Expand Up @@ -453,4 +449,4 @@ groups:
Based on your system, restart the kubelet service. For example:
systemctl daemon-reload
systemctl restart kubelet.service
scored: false
scored: false
4 changes: 0 additions & 4 deletions package/cfg/cis-1.7/node.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -45,8 +45,6 @@ groups:
compare:
op: bitmask
value: "600"
- flag: "$proxykubeconfig"
set: false
remediation: |
Run the below command (based on the file location on your system) on the each worker node.
For example,
Expand All @@ -60,8 +58,6 @@ groups:
bin_op: or
test_items:
- flag: root:root
- flag: "$proxykubeconfig"
set: false
remediation: |
Run the below command (based on the file location on your system) on the each worker node.
For example, chown root:root $proxykubeconfig
Expand Down
6 changes: 1 addition & 5 deletions package/cfg/k3s-cis-1.24-hardened/node.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -47,8 +47,6 @@ groups:
compare:
op: bitmask
value: "600"
- flag: "$proxykubeconfig"
set: false
remediation: |
Run the below command (based on the file location on your system) on the each worker node.
For example,
Expand All @@ -62,8 +60,6 @@ groups:
bin_op: or
test_items:
- flag: root:root
- flag: "$proxykubeconfig"
set: false
remediation: |
Run the below command (based on the file location on your system) on the each worker node.
For example, chown root:root $proxykubeconfig
Expand Down Expand Up @@ -461,4 +457,4 @@ groups:
Based on your system, restart the kubelet service. For example:
systemctl daemon-reload
systemctl restart kubelet.service
scored: false
scored: false
6 changes: 1 addition & 5 deletions package/cfg/k3s-cis-1.24-permissive/node.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -47,8 +47,6 @@ groups:
compare:
op: bitmask
value: "600"
- flag: "$proxykubeconfig"
set: false
remediation: |
Run the below command (based on the file location on your system) on the each worker node.
For example,
Expand All @@ -62,8 +60,6 @@ groups:
bin_op: or
test_items:
- flag: root:root
- flag: "$proxykubeconfig"
set: false
remediation: |
Run the below command (based on the file location on your system) on the each worker node.
For example, chown root:root $proxykubeconfig
Expand Down Expand Up @@ -463,4 +459,4 @@ groups:
Based on your system, restart the kubelet service. For example:
systemctl daemon-reload
systemctl restart kubelet.service
scored: false
scored: false
4 changes: 0 additions & 4 deletions package/cfg/k3s-cis-1.7-hardened/node.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -49,8 +49,6 @@ groups:
compare:
op: bitmask
value: "600"
- flag: "$proxykubeconfig"
set: false
remediation: |
Run the below command (based on the file location on your system) on the each worker node.
For example,
Expand All @@ -64,8 +62,6 @@ groups:
bin_op: or
test_items:
- flag: root:root
- flag: "$proxykubeconfig"
set: false
remediation: |
Run the below command (based on the file location on your system) on the each worker node.
For example, chown root:root $proxykubeconfig
Expand Down
4 changes: 0 additions & 4 deletions package/cfg/k3s-cis-1.7-permissive/node.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -49,8 +49,6 @@ groups:
compare:
op: bitmask
value: "600"
- flag: "$proxykubeconfig"
set: false
remediation: |
Run the below command (based on the file location on your system) on the each worker node.
For example,
Expand All @@ -64,8 +62,6 @@ groups:
bin_op: or
test_items:
- flag: root:root
- flag: "$proxykubeconfig"
set: false
remediation: |
Run the below command (based on the file location on your system) on the each worker node.
For example, chown root:root $proxykubeconfig
Expand Down
6 changes: 1 addition & 5 deletions package/cfg/rke-cis-1.24-hardened/node.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -46,8 +46,6 @@ groups:
compare:
op: bitmask
value: "644"
- flag: "$proxykubeconfig"
set: false
remediation: |
Run the below command (based on the file location on your system) on the each worker node.
For example,
Expand All @@ -61,8 +59,6 @@ groups:
bin_op: or
test_items:
- flag: root:root
- flag: "$proxykubeconfig"
set: false
remediation: |
Run the below command (based on the file location on your system) on the each worker node.
For example, chown root:root $proxykubeconfig
Expand Down Expand Up @@ -474,4 +470,4 @@ groups:
Based on your system, restart the kubelet service. For example:
systemctl daemon-reload
systemctl restart kubelet.service
scored: true
scored: true
6 changes: 1 addition & 5 deletions package/cfg/rke-cis-1.24-permissive/node.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -47,8 +47,6 @@ groups:
compare:
op: bitmask
value: "600"
- flag: "$proxykubeconfig"
set: false
remediation: |
Run the below command (based on the file location on your system) on the each worker node.
For example,
Expand All @@ -62,8 +60,6 @@ groups:
bin_op: or
test_items:
- flag: root:root
- flag: "$proxykubeconfig"
set: false
remediation: |
Run the below command (based on the file location on your system) on the each worker node.
For example, chown root:root $proxykubeconfig
Expand Down Expand Up @@ -465,4 +461,4 @@ groups:
Based on your system, restart the kubelet service. For example:
systemctl daemon-reload
systemctl restart kubelet.service
scored: true
scored: true
4 changes: 0 additions & 4 deletions package/cfg/rke-cis-1.7-hardened/node.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -51,8 +51,6 @@ groups:
compare:
op: bitmask
value: "600"
- flag: "$proxykubeconfig"
set: false
remediation: |
Run the below command (based on the file location on your system) on the each worker node.
For example,
Expand All @@ -66,8 +64,6 @@ groups:
bin_op: or
test_items:
- flag: root:root
- flag: "$proxykubeconfig"
set: false
remediation: |
Run the below command (based on the file location on your system) on the each worker node.
For example, chown root:root $proxykubeconfig
Expand Down
4 changes: 0 additions & 4 deletions package/cfg/rke-cis-1.7-permissive/node.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -51,8 +51,6 @@ groups:
compare:
op: bitmask
value: "600"
- flag: "$proxykubeconfig"
set: false
remediation: |
Run the below command (based on the file location on your system) on the each worker node.
For example,
Expand All @@ -66,8 +64,6 @@ groups:
bin_op: or
test_items:
- flag: root:root
- flag: "$proxykubeconfig"
set: false
remediation: |
Run the below command (based on the file location on your system) on the each worker node.
For example, chown root:root $proxykubeconfig
Expand Down
6 changes: 1 addition & 5 deletions package/cfg/rke2-cis-1.24-hardened/node.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -49,8 +49,6 @@ groups:
compare:
op: bitmask
value: "600"
- flag: "$proxykubeconfig"
set: false
remediation: |
Run the below command (based on the file location on your system) on the each worker node.
For example,
Expand All @@ -64,8 +62,6 @@ groups:
bin_op: or
test_items:
- flag: root:root
- flag: "$proxykubeconfig"
set: false
remediation: |
Run the below command (based on the file location on your system) on the each worker node.
For example, chown root:root $proxykubeconfig
Expand Down Expand Up @@ -472,4 +468,4 @@ groups:
Based on your system, restart the kubelet service. For example:
systemctl daemon-reload
systemctl restart kubelet.service
scored: false
scored: false
6 changes: 1 addition & 5 deletions package/cfg/rke2-cis-1.24-permissive/node.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -48,8 +48,6 @@ groups:
compare:
op: bitmask
value: "600"
- flag: "$proxykubeconfig"
set: false
remediation: |
Run the below command (based on the file location on your system) on the each worker node.
For example,
Expand All @@ -63,8 +61,6 @@ groups:
bin_op: or
test_items:
- flag: root:root
- flag: "$proxykubeconfig"
set: false
remediation: |
Run the below command (based on the file location on your system) on the each worker node.
For example, chown root:root $proxykubeconfig
Expand Down Expand Up @@ -470,4 +466,4 @@ groups:
Based on your system, restart the kubelet service. For example:
systemctl daemon-reload
systemctl restart kubelet.service
scored: false
scored: false
4 changes: 0 additions & 4 deletions package/cfg/rke2-cis-1.7-hardened/node.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -49,8 +49,6 @@ groups:
compare:
op: bitmask
value: "600"
- flag: "$proxykubeconfig"
set: false
remediation: |
Run the below command (based on the file location on your system) on the each worker node.
For example,
Expand All @@ -64,8 +62,6 @@ groups:
bin_op: or
test_items:
- flag: root:root
- flag: "$proxykubeconfig"
set: false
remediation: |
Run the below command (based on the file location on your system) on the each worker node.
For example, chown root:root $proxykubeconfig
Expand Down
4 changes: 0 additions & 4 deletions package/cfg/rke2-cis-1.7-permissive/node.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -49,8 +49,6 @@ groups:
compare:
op: bitmask
value: "600"
- flag: "$proxykubeconfig"
set: false
remediation: |
Run the below command (based on the file location on your system) on the each worker node.
For example,
Expand All @@ -64,8 +62,6 @@ groups:
bin_op: or
test_items:
- flag: root:root
- flag: "$proxykubeconfig"
set: false
remediation: |
Run the below command (based on the file location on your system) on the each worker node.
For example, chown root:root $proxykubeconfig
Expand Down

0 comments on commit 70227bd

Please sign in to comment.