Add k3s-cis-1.11 benchmark configuration #1977
Conversation
|
|
|
@jbenzel thanks for your contribution! it's really nice! |
afdesk
left a comment
afdesk
left a comment
There was a problem hiding this comment.
@jbenzel could you fix linter issue pls?
also It seems we need to update util.go here:
Line 558 in 76804bf
@LaibaBareera WDYT?
|
@LaibaBareera could you pls take a look too when you have time? |
|
@jbenzel thanks! |
LaibaBareera
left a comment
LaibaBareera
left a comment
There was a problem hiding this comment.
Thanks for your contribution.
| - id: 1.1.4 | ||
| text: Ensure that the controller manager pod specification file ownership is set to root:root (Automated) | ||
| type: skip | ||
| audit: /bin/sh -c 'if test -e $controllermanagerconf; then stat -c %U:%G $controllermanagerconf; fi' |
There was a problem hiding this comment.
@jbenzel, I noticed this check is marked as "skipped". Could you clarify why? Instead of skipping it, you could set the type to "manual".
| - flag: "is_compliant" | ||
| compare: | ||
| op: eq | ||
| value: "true" |
There was a problem hiding this comment.
If you set the type to "manual", you don’t need to include the test— it can be skipped automatically.
|
@jbenzel @benzeljd I have a quick question about the origin of your PR (being one of the maintainer of the k3s/rke2/rke official profiles) Was this created entirely independently, or was any of it adapted from existing code using the recent security-scan project k3s-cis-1.11 ? If it utilizes or is based on some prior work, please ensure a clear reference is added (e.g., in a comment or the PR description) to align with attribution requirements of its license. Thanks for your contribution ! |
6 participants
Summary
Adds CIS Kubernetes Benchmark v1.11 configuration for K3s clusters (versions 1.29-1.34).
Changes
cfg/k3s-cis-1.11/directory with complete benchmark configurationcfg/config.yamlwith k3s-cis-1.11 version and target mappings