Skip to content

Add latest CIS benchmarks #1484

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 18 commits into
base: main
Choose a base branch
from
Open

Add latest CIS benchmarks #1484

wants to merge 18 commits into from

Conversation

@damejeras
Copy link

@damejeras damejeras commented Aug 9, 2023
edited
Loading

I copied latest AKS(1.0.0), EKS(1.2.0), GKE(1.2.0) config files and adjusted them to match latest published CIS benchmarks (AKS 1.3, EKS 1.3, GKE 1.4).

EKS changes:

  • 4.5 was removed (was previously empty), 4.6.* became 4.5.*
  • 3.2.6 was removed and everything shifted

GKE changes:

  • 3.2.6 was removed and everything shifted
  • previously 3.2.9, now is 3.2.9 and its about event record qps. 0 qps can ddos cluster, so 5 or higher is recommended.
  • 5.5.4 added “When creating New Clusters - ” prefix to rule name

AKS changes:

  • 3.2.6 was removed and everything shifted in 3.2.*

@CLAassistant
Copy link

CLAassistant commented Aug 9, 2023
edited
Loading

CLA assistant check
All committers have signed the CLA.

@chen-keinan
Copy link
Contributor

chen-keinan commented Nov 13, 2023

@damejeras lets wait for @mozillazg review

@chen-keinan
Copy link
Contributor

chen-keinan commented Nov 13, 2023

@damejeras please rebase your branch with upstream

@mozillazg
Copy link
Contributor

mozillazg commented Nov 13, 2023

I will complete the review before next Monday.

mozillazg
mozillazg suggested changes Nov 18, 2023
View reviewed changes
Copy link
Contributor

@mozillazg mozillazg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for your contribution! I've added some comments. Please check them when you get a chance. Thanks!

dependabot bot and others added 17 commits November 20, 2023 15:12
@dependabot @damejeras
build(deps): bump alpine from 3.18.2 to 3.18.3 (aquasecurity#1487)
941968c 
Bumps alpine from 3.18.2 to 3.18.3.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot @damejeras
build(deps): bump goreleaser/goreleaser-action from 4 to 5 (aquasecur…
44eb962 
…ity#1495)

Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 4 to 5.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases)
- [Commits](goreleaser/goreleaser-action@v4...v5)

---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot @damejeras
build(deps): bump golang from 1.20.6 to 1.21.1 (aquasecurity#1494)
fc4ef87 
Bumps golang from 1.20.6 to 1.21.1.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot @damejeras
build(deps): bump crazy-max/ghaction-docker-meta from 4 to 5 (aquasec…
2a570b0 
…urity#1499)

Bumps [crazy-max/ghaction-docker-meta](https://github.com/crazy-max/ghaction-docker-meta) from 4 to 5.
- [Release notes](https://github.com/crazy-max/ghaction-docker-meta/releases)
- [Upgrade guide](https://github.com/docker/metadata-action/blob/master/UPGRADE.md)
- [Commits](docker/metadata-action@v4...v5)

---
updated-dependencies:
- dependency-name: crazy-max/ghaction-docker-meta
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@AnaisUrlichs @damejeras
updates to the readme
54f5b97 
Signed-off-by: AnaisUrlichs <[email protected]>
@chen-keinan @damejeras
release: prepare v0.6.18-rc (aquasecurity#1508)
25dbe60 
Signed-off-by: chenk <[email protected]>
@chen-keinan @damejeras
release: prepare v0.6.18 (aquasecurity#1509)
96f1370 
Signed-off-by: chenk <[email protected]>
@dependabot @chen-keinan @damejeras
build(deps): bump docker/build-push-action from 4 to 5 (aquasecurity#…
8b29128 
…1498)

Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 4 to 5.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](docker/build-push-action@v4...v5)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: chenk <[email protected]>
@chen-keinan @damejeras
release: prepare-0.6.19 (aquasecurity#1511)
0c7e481 
Signed-off-by: chenk <[email protected]>
@dependabot @chen-keinan @damejeras
build(deps): bump docker/setup-qemu-action from 2 to 3 (aquasecurity#…
b1ffa15 
…1503)

Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 2 to 3.
- [Release notes](https://github.com/docker/setup-qemu-action/releases)
- [Commits](docker/setup-qemu-action@v2...v3)

---
updated-dependencies:
- dependency-name: docker/setup-qemu-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: chenk <[email protected]>
@dependabot @chen-keinan @damejeras
build(deps): bump github.com/golang/glog from 1.0.0 to 1.1.2 (aquasec…
66979f2 
…urity#1489)

Bumps [github.com/golang/glog](https://github.com/golang/glog) from 1.0.0 to 1.1.2.
- [Release notes](https://github.com/golang/glog/releases)
- [Commits](golang/glog@v1.0.0...v1.1.2)

---
updated-dependencies:
- dependency-name: github.com/golang/glog
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: chenk <[email protected]>
@dependabot @chen-keinan @damejeras
build(deps): bump golang from 1.21.1 to 1.21.3 (aquasecurity#1507)
623ec41 
Bumps golang from 1.21.1 to 1.21.3.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: chenk <[email protected]>
@dependabot @damejeras
build(deps): bump github.com/fatih/color from 1.14.1 to 1.16.0 (aquas…
5bb0178 
…ecurity#1520)

Bumps [github.com/fatih/color](https://github.com/fatih/color) from 1.14.1 to 1.16.0.
- [Release notes](https://github.com/fatih/color/releases)
- [Commits](fatih/color@v1.14.1...v1.16.0)

---
updated-dependencies:
- dependency-name: github.com/fatih/color
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@bschimke95 @damejeras
feat(cis-1.24-microk8s): Add support to CIS-1.24 for microk8s distro (a…
53bc122 
…quasecurity#1510)
@damejeras
Update new cis configurations
865ce7c
@damejeras
Update EKS 1.3 benchmark
d1c2c07
@damejeras
Merge branch 'official' into newcis
ddba985
@damejeras damejeras requested a review from mozillazg November 20, 2023 13:31
@mozillazg
Copy link
Contributor

mozillazg commented Nov 24, 2023

@damejeras LGTM. Would you please fix the linter error? Thanks!

@mozillazg
Copy link
Contributor

mozillazg commented Dec 3, 2023

@damejeras ping~

@stephaneetje
Copy link

stephaneetje commented Mar 14, 2024

Hello,
Any news on this ? I have to add since that PR, gke 1.5.0 got out.

@kahirokunn
Copy link

kahirokunn commented Apr 12, 2024

LGTM

@hanneshofmann hanneshofmann mentioned this pull request May 24, 2024
Closed
@afdesk
Copy link
Collaborator

afdesk commented Oct 15, 2024

@damejeras @mozillazg hi guys!
if this PR is still OK, I can take a look and fix linter errors.
wdyt?

@mozillazg
Copy link
Contributor

mozillazg commented Oct 15, 2024

@damejeras @mozillazg hi guys! if this PR is still OK, I can take a look and fix linter errors. wdyt?

@afdesk It's ok to continue.

@afdesk
Copy link
Collaborator

afdesk commented Oct 21, 2024

@damejeras it seems I have no permissions to fix it.
Could you update the PR?
thanks for your contribution!

@afdesk afdesk added this to the v0.11.0 milestone Jan 15, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mozillazg mozillazg Awaiting requested review from mozillazg

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

v0.11.0

Development

Successfully merging this pull request may close these issues.

9 participants

@damejeras @CLAassistant @chen-keinan @mozillazg @stephaneetje @kahirokunn @afdesk @AnaisUrlichs @bschimke95