diff --git a/cfg/cis-1.3/master.yaml b/cfg/cis-1.3/master.yaml
index 45f64b48b465c1051dc0049e579267d9d23a8844..b17e5c330c41097afd9bb3b2c26a025a6f95f370 100644
--- a/cfg/cis-1.3/master.yaml
+++ b/cfg/cis-1.3/master.yaml
@@ -857,6 +857,26 @@ groups:
op: eq
value: "600"
set: true
+ - flag: "444"
+ compare:
+ op: eq
+ value: "444"
+ set: true
+ - flag: "440"
+ compare:
+ op: eq
+ value: "440"
+ set: true
+ - flag: "400"
+ compare:
+ op: eq
+ value: "400"
+ set: true
+ - flag: "000"
+ compare:
+ op: eq
+ value: "000"
+ set: true
remediation: |
Run the below command (based on the file location on your system) on the master node.
For example,
@@ -902,6 +922,26 @@ groups:
op: eq
value: "600"
set: true
+ - flag: "444"
+ compare:
+ op: eq
+ value: "444"
+ set: true
+ - flag: "440"
+ compare:
+ op: eq
+ value: "440"
+ set: true
+ - flag: "400"
+ compare:
+ op: eq
+ value: "400"
+ set: true
+ - flag: "000"
+ compare:
+ op: eq
+ value: "000"
+ set: true
remediation: |
Run the below command (based on the file location on your system) on the master node.
For example,
@@ -947,6 +987,26 @@ groups:
op: eq
value: "600"
set: true
+ - flag: "444"
+ compare:
+ op: eq
+ value: "444"
+ set: true
+ - flag: "440"
+ compare:
+ op: eq
+ value: "440"
+ set: true
+ - flag: "400"
+ compare:
+ op: eq
+ value: "400"
+ set: true
+ - flag: "000"
+ compare:
+ op: eq
+ value: "000"
+ set: true
remediation: |
Run the below command (based on the file location on your system) on the master node.
For example,
@@ -992,6 +1052,26 @@ groups:
op: eq
value: "600"
set: true
+ - flag: "444"
+ compare:
+ op: eq
+ value: "444"
+ set: true
+ - flag: "440"
+ compare:
+ op: eq
+ value: "440"
+ set: true
+ - flag: "400"
+ compare:
+ op: eq
+ value: "400"
+ set: true
+ - flag: "000"
+ compare:
+ op: eq
+ value: "000"
+ set: true
remediation: |
Run the below command (based on the file location on your system) on the master node.
For example,
@@ -1094,6 +1174,26 @@ groups:
op: eq
value: "600"
set: true
+ - flag: "444"
+ compare:
+ op: eq
+ value: "444"
+ set: true
+ - flag: "440"
+ compare:
+ op: eq
+ value: "440"
+ set: true
+ - flag: "400"
+ compare:
+ op: eq
+ value: "400"
+ set: true
+ - flag: "000"
+ compare:
+ op: eq
+ value: "000"
+ set: true
remediation: |
Run the below command (based on the file location on your system) on the master node.
For example,
@@ -1138,6 +1238,26 @@ groups:
op: eq
value: "600"
set: true
+ - flag: "444"
+ compare:
+ op: eq
+ value: "444"
+ set: true
+ - flag: "440"
+ compare:
+ op: eq
+ value: "440"
+ set: true
+ - flag: "400"
+ compare:
+ op: eq
+ value: "400"
+ set: true
+ - flag: "000"
+ compare:
+ op: eq
+ value: "000"
+ set: true
remediation: |
Run the below command (based on the file location on your system) on the
master node. For example, chmod 644 /etc/kubernetes/scheduler.conf
@@ -1180,6 +1300,26 @@ groups:
op: eq
value: "600"
set: true
+ - flag: "444"
+ compare:
+ op: eq
+ value: "444"
+ set: true
+ - flag: "440"
+ compare:
+ op: eq
+ value: "440"
+ set: true
+ - flag: "400"
+ compare:
+ op: eq
+ value: "400"
+ set: true
+ - flag: "000"
+ compare:
+ op: eq
+ value: "000"
+ set: true
remediation: |
Run the below command (based on the file location on your system) on the
master node. For example, chmod 644 /etc/kubernetes/controller-manager.conf
diff --git a/cfg/cis-1.3/node.yaml b/cfg/cis-1.3/node.yaml
index 813e86fc817ed19f8861da7c4013981f39577d2f..492841683503fada55e66262865ff2d62c55fd62 100644
--- a/cfg/cis-1.3/node.yaml
+++ b/cfg/cis-1.3/node.yaml
@@ -362,20 +362,40 @@ groups:
tests:
test_items:
- flag: "644"
- set: true
compare:
op: eq
value: "644"
- - flag: "640"
set: true
+ - flag: "640"
compare:
op: eq
value: "640"
- - flag: "600"
set: true
+ - flag: "600"
compare:
op: eq
value: "600"
+ set: true
+ - flag: "444"
+ compare:
+ op: eq
+ value: "444"
+ set: true
+ - flag: "440"
+ compare:
+ op: eq
+ value: "440"
+ set: true
+ - flag: "400"
+ compare:
+ op: eq
+ value: "400"
+ set: true
+ - flag: "000"
+ compare:
+ op: eq
+ value: "000"
+ set: true
bin_op: or
remediation: |
Run the below command (based on the file location on your system) on the each worker
@@ -405,20 +425,40 @@ groups:
tests:
test_items:
- flag: "644"
- set: true
compare:
op: eq
value: "644"
- - flag: "640"
set: true
+ - flag: "640"
compare:
op: eq
value: "640"
- - flag: "600"
set: true
+ - flag: "600"
compare:
op: eq
value: "600"
+ set: true
+ - flag: "444"
+ compare:
+ op: eq
+ value: "444"
+ set: true
+ - flag: "440"
+ compare:
+ op: eq
+ value: "440"
+ set: true
+ - flag: "400"
+ compare:
+ op: eq
+ value: "400"
+ set: true
+ - flag: "000"
+ compare:
+ op: eq
+ value: "000"
+ set: true
bin_op: or
remediation: |
Run the below command (based on the file location on your system) on the each worker
@@ -445,20 +485,40 @@ groups:
tests:
test_items:
- flag: "644"
- set: true
compare:
op: eq
value: "644"
- - flag: "640"
set: true
+ - flag: "640"
compare:
op: eq
value: "640"
- - flag: "600"
set: true
+ - flag: "600"
compare:
op: eq
value: "600"
+ set: true
+ - flag: "444"
+ compare:
+ op: eq
+ value: "444"
+ set: true
+ - flag: "440"
+ compare:
+ op: eq
+ value: "440"
+ set: true
+ - flag: "400"
+ compare:
+ op: eq
+ value: "400"
+ set: true
+ - flag: "000"
+ compare:
+ op: eq
+ value: "000"
+ set: true
bin_op: or
remediation: |
Run the below command (based on the file location on your system) on the each worker
@@ -520,20 +580,40 @@ groups:
tests:
test_items:
- flag: "644"
- set: true
compare:
op: eq
value: "644"
- - flag: "640"
set: true
+ - flag: "640"
compare:
op: eq
value: "640"
- - flag: "600"
set: true
+ - flag: "600"
compare:
op: eq
value: "600"
+ set: true
+ - flag: "444"
+ compare:
+ op: eq
+ value: "444"
+ set: true
+ - flag: "440"
+ compare:
+ op: eq
+ value: "440"
+ set: true
+ - flag: "400"
+ compare:
+ op: eq
+ value: "400"
+ set: true
+ - flag: "000"
+ compare:
+ op: eq
+ value: "000"
+ set: true
bin_op: or
remediation: |
Run the following command (using the config file location identied in the Audit step)
diff --git a/cfg/cis-1.4/master.yaml b/cfg/cis-1.4/master.yaml
index c206623802ceae8e8f86e6a9f056108df1bbaa49..fff55a88207a311ead1642a3b677df0341a138eb 100644
--- a/cfg/cis-1.4/master.yaml
+++ b/cfg/cis-1.4/master.yaml
@@ -859,6 +859,26 @@ groups:
op: eq
value: "600"
set: true
+ - flag: "444"
+ compare:
+ op: eq
+ value: "444"
+ set: true
+ - flag: "440"
+ compare:
+ op: eq
+ value: "440"
+ set: true
+ - flag: "400"
+ compare:
+ op: eq
+ value: "400"
+ set: true
+ - flag: "000"
+ compare:
+ op: eq
+ value: "000"
+ set: true
remediation: |
Run the below command (based on the file location on your system) on the master node.
For example,
@@ -904,6 +924,26 @@ groups:
op: eq
value: "600"
set: true
+ - flag: "444"
+ compare:
+ op: eq
+ value: "444"
+ set: true
+ - flag: "440"
+ compare:
+ op: eq
+ value: "440"
+ set: true
+ - flag: "400"
+ compare:
+ op: eq
+ value: "400"
+ set: true
+ - flag: "000"
+ compare:
+ op: eq
+ value: "000"
+ set: true
remediation: |
Run the below command (based on the file location on your system) on the master node.
For example,
@@ -949,6 +989,26 @@ groups:
op: eq
value: "600"
set: true
+ - flag: "444"
+ compare:
+ op: eq
+ value: "444"
+ set: true
+ - flag: "440"
+ compare:
+ op: eq
+ value: "440"
+ set: true
+ - flag: "400"
+ compare:
+ op: eq
+ value: "400"
+ set: true
+ - flag: "000"
+ compare:
+ op: eq
+ value: "000"
+ set: true
remediation: |
Run the below command (based on the file location on your system) on the master node.
For example,
@@ -994,6 +1054,26 @@ groups:
op: eq
value: "600"
set: true
+ - flag: "444"
+ compare:
+ op: eq
+ value: "444"
+ set: true
+ - flag: "440"
+ compare:
+ op: eq
+ value: "440"
+ set: true
+ - flag: "400"
+ compare:
+ op: eq
+ value: "400"
+ set: true
+ - flag: "000"
+ compare:
+ op: eq
+ value: "000"
+ set: true
remediation: |
Run the below command (based on the file location on your system) on the master node.
For example,
@@ -1096,6 +1176,26 @@ groups:
op: eq
value: "600"
set: true
+ - flag: "444"
+ compare:
+ op: eq
+ value: "444"
+ set: true
+ - flag: "440"
+ compare:
+ op: eq
+ value: "440"
+ set: true
+ - flag: "400"
+ compare:
+ op: eq
+ value: "400"
+ set: true
+ - flag: "000"
+ compare:
+ op: eq
+ value: "000"
+ set: true
remediation: |
Run the below command (based on the file location on your system) on the master node.
For example,
@@ -1140,6 +1240,26 @@ groups:
op: eq
value: "600"
set: true
+ - flag: "444"
+ compare:
+ op: eq
+ value: "444"
+ set: true
+ - flag: "440"
+ compare:
+ op: eq
+ value: "440"
+ set: true
+ - flag: "400"
+ compare:
+ op: eq
+ value: "400"
+ set: true
+ - flag: "000"
+ compare:
+ op: eq
+ value: "000"
+ set: true
remediation: |
Run the below command (based on the file location on your system) on the
master node. For example, chmod 644 /etc/kubernetes/scheduler.conf
@@ -1182,6 +1302,26 @@ groups:
op: eq
value: "600"
set: true
+ - flag: "444"
+ compare:
+ op: eq
+ value: "444"
+ set: true
+ - flag: "440"
+ compare:
+ op: eq
+ value: "440"
+ set: true
+ - flag: "400"
+ compare:
+ op: eq
+ value: "400"
+ set: true
+ - flag: "000"
+ compare:
+ op: eq
+ value: "000"
+ set: true
remediation: |
Run the below command (based on the file location on your system) on the
master node. For example, chmod 644 /etc/kubernetes/controller-manager.conf
@@ -1241,6 +1381,26 @@ groups:
op: eq
value: "600"
set: true
+ - flag: "444"
+ compare:
+ op: eq
+ value: "444"
+ set: true
+ - flag: "440"
+ compare:
+ op: eq
+ value: "440"
+ set: true
+ - flag: "400"
+ compare:
+ op: eq
+ value: "400"
+ set: true
+ - flag: "000"
+ compare:
+ op: eq
+ value: "000"
+ set: true
remediation: |
[Manual test]
Run the below command (based on the file location on your system) on the master node.
diff --git a/cfg/cis-1.4/node.yaml b/cfg/cis-1.4/node.yaml
index f600a99e3fad84d2f0cce14ca27b89d79ef48bf2..ed7ac42531f005f047977c6a488a028dab7dd955 100644
--- a/cfg/cis-1.4/node.yaml
+++ b/cfg/cis-1.4/node.yaml
@@ -345,20 +345,40 @@ groups:
tests:
test_items:
- flag: "644"
- set: true
compare:
op: eq
value: "644"
- - flag: "640"
set: true
+ - flag: "640"
compare:
op: eq
value: "640"
- - flag: "600"
set: true
+ - flag: "600"
compare:
op: eq
value: "600"
+ set: true
+ - flag: "444"
+ compare:
+ op: eq
+ value: "444"
+ set: true
+ - flag: "440"
+ compare:
+ op: eq
+ value: "440"
+ set: true
+ - flag: "400"
+ compare:
+ op: eq
+ value: "400"
+ set: true
+ - flag: "000"
+ compare:
+ op: eq
+ value: "000"
+ set: true
bin_op: or
remediation: |
Run the below command (based on the file location on your system) on the each worker
@@ -388,20 +408,40 @@ groups:
tests:
test_items:
- flag: "644"
- set: true
compare:
op: eq
value: "644"
- - flag: "640"
set: true
+ - flag: "640"
compare:
op: eq
value: "640"
- - flag: "600"
set: true
+ - flag: "600"
compare:
op: eq
value: "600"
+ set: true
+ - flag: "444"
+ compare:
+ op: eq
+ value: "444"
+ set: true
+ - flag: "440"
+ compare:
+ op: eq
+ value: "440"
+ set: true
+ - flag: "400"
+ compare:
+ op: eq
+ value: "400"
+ set: true
+ - flag: "000"
+ compare:
+ op: eq
+ value: "000"
+ set: true
bin_op: or
remediation: |
Run the below command (based on the file location on your system) on the each worker
@@ -428,20 +468,40 @@ groups:
tests:
test_items:
- flag: "644"
- set: true
compare:
op: eq
value: "644"
- - flag: "640"
set: true
+ - flag: "640"
compare:
op: eq
value: "640"
- - flag: "600"
set: true
+ - flag: "600"
compare:
op: eq
value: "600"
+ set: true
+ - flag: "444"
+ compare:
+ op: eq
+ value: "444"
+ set: true
+ - flag: "440"
+ compare:
+ op: eq
+ value: "440"
+ set: true
+ - flag: "400"
+ compare:
+ op: eq
+ value: "400"
+ set: true
+ - flag: "000"
+ compare:
+ op: eq
+ value: "000"
+ set: true
bin_op: or
remediation: |
Run the below command (based on the file location on your system) on the each worker
@@ -521,20 +581,40 @@ groups:
tests:
test_items:
- flag: "644"
- set: true
compare:
op: eq
value: "644"
- - flag: "640"
set: true
+ - flag: "640"
compare:
op: eq
value: "640"
- - flag: "600"
set: true
+ - flag: "600"
compare:
op: eq
value: "600"
+ set: true
+ - flag: "444"
+ compare:
+ op: eq
+ value: "444"
+ set: true
+ - flag: "440"
+ compare:
+ op: eq
+ value: "440"
+ set: true
+ - flag: "400"
+ compare:
+ op: eq
+ value: "400"
+ set: true
+ - flag: "000"
+ compare:
+ op: eq
+ value: "000"
+ set: true
bin_op: or
remediation: |
Run the following command (using the config file location identied in the Audit step)
diff --git a/cfg/cis-1.5/master.yaml b/cfg/cis-1.5/master.yaml
index 7207685728f6eab821e5c6b56e694ad11a39eda4..28e31ab3a5e37b7282a3cdbc2dcfbf483a4b7d4b 100644
--- a/cfg/cis-1.5/master.yaml
+++ b/cfg/cis-1.5/master.yaml
@@ -29,6 +29,26 @@ groups:
op: eq
value: "600"
set: true
+ - flag: "444"
+ compare:
+ op: eq
+ value: "444"
+ set: true
+ - flag: "440"
+ compare:
+ op: eq
+ value: "440"
+ set: true
+ - flag: "400"
+ compare:
+ op: eq
+ value: "400"
+ set: true
+ - flag: "000"
+ compare:
+ op: eq
+ value: "000"
+ set: true
remediation: |
Run the below command (based on the file location on your system) on the
master node.
@@ -72,6 +92,26 @@ groups:
op: eq
value: "600"
set: true
+ - flag: "444"
+ compare:
+ op: eq
+ value: "444"
+ set: true
+ - flag: "440"
+ compare:
+ op: eq
+ value: "440"
+ set: true
+ - flag: "400"
+ compare:
+ op: eq
+ value: "400"
+ set: true
+ - flag: "000"
+ compare:
+ op: eq
+ value: "000"
+ set: true
remediation: |
Run the below command (based on the file location on your system) on the master node.
For example,
@@ -115,6 +155,26 @@ groups:
op: eq
value: "600"
set: true
+ - flag: "444"
+ compare:
+ op: eq
+ value: "444"
+ set: true
+ - flag: "440"
+ compare:
+ op: eq
+ value: "440"
+ set: true
+ - flag: "400"
+ compare:
+ op: eq
+ value: "400"
+ set: true
+ - flag: "000"
+ compare:
+ op: eq
+ value: "000"
+ set: true
remediation: |
Run the below command (based on the file location on your system) on the master node.
For example,
@@ -158,6 +218,26 @@ groups:
op: eq
value: "600"
set: true
+ - flag: "444"
+ compare:
+ op: eq
+ value: "444"
+ set: true
+ - flag: "440"
+ compare:
+ op: eq
+ value: "440"
+ set: true
+ - flag: "400"
+ compare:
+ op: eq
+ value: "400"
+ set: true
+ - flag: "000"
+ compare:
+ op: eq
+ value: "000"
+ set: true
remediation: |
Run the below command (based on the file location on your system) on the master node.
For example,
@@ -253,6 +333,26 @@ groups:
op: eq
value: "600"
set: true
+ - flag: "444"
+ compare:
+ op: eq
+ value: "444"
+ set: true
+ - flag: "440"
+ compare:
+ op: eq
+ value: "440"
+ set: true
+ - flag: "400"
+ compare:
+ op: eq
+ value: "400"
+ set: true
+ - flag: "000"
+ compare:
+ op: eq
+ value: "000"
+ set: true
remediation: |
Run the below command (based on the file location on your system) on the master node.
For example,
@@ -296,6 +396,26 @@ groups:
op: eq
value: "600"
set: true
+ - flag: "444"
+ compare:
+ op: eq
+ value: "444"
+ set: true
+ - flag: "440"
+ compare:
+ op: eq
+ value: "440"
+ set: true
+ - flag: "400"
+ compare:
+ op: eq
+ value: "400"
+ set: true
+ - flag: "000"
+ compare:
+ op: eq
+ value: "000"
+ set: true
remediation: |
Run the below command (based on the file location on your system) on the master node.
For example,
@@ -339,6 +459,26 @@ groups:
op: eq
value: "600"
set: true
+ - flag: "444"
+ compare:
+ op: eq
+ value: "444"
+ set: true
+ - flag: "440"
+ compare:
+ op: eq
+ value: "440"
+ set: true
+ - flag: "400"
+ compare:
+ op: eq
+ value: "400"
+ set: true
+ - flag: "000"
+ compare:
+ op: eq
+ value: "000"
+ set: true
remediation: |
Run the below command (based on the file location on your system) on the master node.
For example,
diff --git a/cfg/cis-1.5/node.yaml b/cfg/cis-1.5/node.yaml
index e6cb34b7bed086ea0d59a0cf586490c200b59ccb..fc42b1f49bd47680f8705600931c29f529ebb6a7 100644
--- a/cfg/cis-1.5/node.yaml
+++ b/cfg/cis-1.5/node.yaml
@@ -14,20 +14,40 @@ groups:
tests:
test_items:
- flag: "644"
- set: true
compare:
op: eq
value: "644"
- - flag: "640"
set: true
+ - flag: "640"
compare:
op: eq
value: "640"
- - flag: "600"
set: true
+ - flag: "600"
compare:
op: eq
value: "600"
+ set: true
+ - flag: "444"
+ compare:
+ op: eq
+ value: "444"
+ set: true
+ - flag: "440"
+ compare:
+ op: eq
+ value: "440"
+ set: true
+ - flag: "400"
+ compare:
+ op: eq
+ value: "400"
+ set: true
+ - flag: "000"
+ compare:
+ op: eq
+ value: "000"
+ set: true
bin_op: or
remediation: |
Run the below command (based on the file location on your system) on the each worker node.
@@ -54,20 +74,40 @@ groups:
tests:
test_items:
- flag: "644"
- set: true
compare:
op: eq
value: "644"
- - flag: "640"
set: true
+ - flag: "640"
compare:
op: eq
value: "640"
- - flag: "600"
set: true
+ - flag: "600"
compare:
op: eq
value: "600"
+ set: true
+ - flag: "444"
+ compare:
+ op: eq
+ value: "444"
+ set: true
+ - flag: "440"
+ compare:
+ op: eq
+ value: "440"
+ set: true
+ - flag: "400"
+ compare:
+ op: eq
+ value: "400"
+ set: true
+ - flag: "000"
+ compare:
+ op: eq
+ value: "000"
+ set: true
bin_op: or
remediation: |
Run the below command (based on the file location on your system) on the each worker node.
@@ -93,20 +133,40 @@ groups:
tests:
test_items:
- flag: "644"
- set: true
compare:
op: eq
value: "644"
- - flag: "640"
set: true
+ - flag: "640"
compare:
op: eq
value: "640"
- - flag: "600"
set: true
+ - flag: "600"
compare:
op: eq
value: "600"
+ set: true
+ - flag: "444"
+ compare:
+ op: eq
+ value: "444"
+ set: true
+ - flag: "440"
+ compare:
+ op: eq
+ value: "440"
+ set: true
+ - flag: "400"
+ compare:
+ op: eq
+ value: "400"
+ set: true
+ - flag: "000"
+ compare:
+ op: eq
+ value: "000"
+ set: true
bin_op: or
remediation: |
Run the below command (based on the file location on your system) on the each worker node.
@@ -173,6 +233,26 @@ groups:
compare:
op: eq
value: "600"
+ - flag: "444"
+ compare:
+ op: eq
+ value: "444"
+ set: true
+ - flag: "440"
+ compare:
+ op: eq
+ value: "440"
+ set: true
+ - flag: "400"
+ compare:
+ op: eq
+ value: "400"
+ set: true
+ - flag: "000"
+ compare:
+ op: eq
+ value: "000"
+ set: true
bin_op: or
remediation: |
Run the following command (using the config file location identied in the Audit step)
diff --git a/cfg/rh-0.7/master.yaml b/cfg/rh-0.7/master.yaml
index 216968546c86563cbcf9fff7c8f6ace18af2cafe..d7c98e705450c36c8fc5f490aba3d62cc0f9f7fe 100644
--- a/cfg/rh-0.7/master.yaml
+++ b/cfg/rh-0.7/master.yaml
@@ -962,6 +962,26 @@ groups:
op: eq
value: "600"
set: true
+ - flag: "444"
+ compare:
+ op: eq
+ value: "444"
+ set: true
+ - flag: "440"
+ compare:
+ op: eq
+ value: "440"
+ set: true
+ - flag: "400"
+ compare:
+ op: eq
+ value: "400"
+ set: true
+ - flag: "000"
+ compare:
+ op: eq
+ value: "000"
+ set: true
remediation: |
Run the below command.
@@ -1039,6 +1059,26 @@ groups:
op: eq
value: "600"
set: true
+ - flag: "444"
+ compare:
+ op: eq
+ value: "444"
+ set: true
+ - flag: "440"
+ compare:
+ op: eq
+ value: "440"
+ set: true
+ - flag: "400"
+ compare:
+ op: eq
+ value: "400"
+ set: true
+ - flag: "000"
+ compare:
+ op: eq
+ value: "000"
+ set: true
remediation: |
Run the below command.
@@ -1082,6 +1122,26 @@ groups:
op: eq
value: "600"
set: true
+ - flag: "444"
+ compare:
+ op: eq
+ value: "444"
+ set: true
+ - flag: "440"
+ compare:
+ op: eq
+ value: "440"
+ set: true
+ - flag: "400"
+ compare:
+ op: eq
+ value: "400"
+ set: true
+ - flag: "000"
+ compare:
+ op: eq
+ value: "000"
+ set: true
remediation: |
Run the below command.
@@ -1125,6 +1185,26 @@ groups:
op: eq
value: "600"
set: true
+ - flag: "444"
+ compare:
+ op: eq
+ value: "444"
+ set: true
+ - flag: "440"
+ compare:
+ op: eq
+ value: "440"
+ set: true
+ - flag: "400"
+ compare:
+ op: eq
+ value: "400"
+ set: true
+ - flag: "000"
+ compare:
+ op: eq
+ value: "000"
+ set: true
remediation: |
Run the below command.
diff --git a/cfg/rh-0.7/node.yaml b/cfg/rh-0.7/node.yaml
index 9e0f0f4a176af375fec78d8ff0a417e025ab2389..23d116f158fe4146c9ef2d2b7d6e6cd9aa52e394 100644
--- a/cfg/rh-0.7/node.yaml
+++ b/cfg/rh-0.7/node.yaml
@@ -232,6 +232,26 @@ groups:
op: eq
value: "600"
set: true
+ - flag: "444"
+ compare:
+ op: eq
+ value: "444"
+ set: true
+ - flag: "440"
+ compare:
+ op: eq
+ value: "440"
+ set: true
+ - flag: "400"
+ compare:
+ op: eq
+ value: "400"
+ set: true
+ - flag: "000"
+ compare:
+ op: eq
+ value: "000"
+ set: true
remediation: |
Run the below command on each worker node.
chmod 644 /etc/origin/node/node.kubeconfig
@@ -273,6 +293,26 @@ groups:
op: eq
value: "600"
set: true
+ - flag: "444"
+ compare:
+ op: eq
+ value: "444"
+ set: true
+ - flag: "440"
+ compare:
+ op: eq
+ value: "440"
+ set: true
+ - flag: "400"
+ compare:
+ op: eq
+ value: "400"
+ set: true
+ - flag: "000"
+ compare:
+ op: eq
+ value: "000"
+ set: true
remediation: |
Run the below command on each worker node.
chmod 644 $nodesvc
@@ -314,6 +354,26 @@ groups:
op: eq
value: "600"
set: true
+ - flag: "444"
+ compare:
+ op: eq
+ value: "444"
+ set: true
+ - flag: "440"
+ compare:
+ op: eq
+ value: "440"
+ set: true
+ - flag: "400"
+ compare:
+ op: eq
+ value: "400"
+ set: true
+ - flag: "000"
+ compare:
+ op: eq
+ value: "000"
+ set: true
remediation: |
Run the below command on each worker node.
chmod 644 /etc/origin/node/node.kubeconfig
@@ -355,6 +415,26 @@ groups:
op: eq
value: "600"
set: true
+ - flag: "444"
+ compare:
+ op: eq
+ value: "444"
+ set: true
+ - flag: "440"
+ compare:
+ op: eq
+ value: "440"
+ set: true
+ - flag: "400"
+ compare:
+ op: eq
+ value: "400"
+ set: true
+ - flag: "000"
+ compare:
+ op: eq
+ value: "000"
+ set: true
remediation: |
Run the below command on each worker node.
chmod 644 /etc/origin/node/client-ca.crt