CIS Benchmark profile definitions Level flag implementation #1984
-
|
Is there any kind of "CIS Benchmark profile level" filter implemented in kube-bench ? In the CIS Benchmark document, some profile definitions "Levels" are described as quoted below (extract from CIS Benchmakr v1.12):
As an exemple, here are the extract of 4 tests from cthe v1.12 CIS benchmark to illustrate: A level 1 - Master node check:
A level 2 - Master node check:
A level 1 - Worker node check:
A level 2 - Worker Node check:
Is there any already existing option in kube-bench that already does this ? I would like to run kube-bench and have some kind of flag to behave like Thankx in advance for any reply. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
@zeithbyte Thanks for your interest in kube-bench — that’s a very good question, or rather, a feature request. However, it might make sense to introduce a similar option for filtering purposes by Let’s wait and see how the community reacts and what kind of demand there is for this feature. |
Beta Was this translation helpful? Give feedback.
-
|
Hi @afdesk and thanks for your reply. For professional reasons i had to filter check by levels. I made this "filter" job manually and output to a CSV file based on CIS-1.12 document. I can share it attached if it can help anyone having the same need as long as such a "--level" feature request doesn"t exist. |
Beta Was this translation helpful? Give feedback.
@zeithbyte Thanks for your interest in kube-bench — that’s a very good question, or rather, a feature request.
At the moment, it’s only possible to filter by checks using the
--skipor--checkoptions.However, it might make sense to introduce a similar option for filtering purposes by
level.Let’s wait and see how the community reacts and what kind of demand there is for this feature.