Skip to content
Snippets Groups Projects
Unverified Commit 5ff32e55 authored by Huang Huang's avatar Huang Huang Committed by GitHub
Browse files

Check PodSecurityPolicy when test 1.2.13 of cis-1.5 (#651)

parent db109daf
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 6 additions and 0 deletions
cfg/cis-1.5/master.yaml
+ 6
0
View file @ 5ff32e55
...@@ -520,12 +520,18 @@ groups: ...@@ -520,12 +520,18 @@ groups:
text: "Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used (Not Scored)" text: "Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used (Not Scored)"
audit: "/bin/ps -ef | grep $apiserverbin | grep -v grep" audit: "/bin/ps -ef | grep $apiserverbin | grep -v grep"
tests: tests:
bin_op: or
test_items: test_items:
- flag: "--enable-admission-plugins" - flag: "--enable-admission-plugins"
compare: compare:
op: has op: has
value: "SecurityContextDeny" value: "SecurityContextDeny"
set: true set: true
- flag: "--enable-admission-plugins"
compare:
op: has
value: "PodSecurityPolicy"
set: true
remediation: | remediation: |
Edit the API server pod specification file $apiserverconf Edit the API server pod specification file $apiserverconf
on the master node and set the --enable-admission-plugins parameter to include on the master node and set the --enable-admission-plugins parameter to include
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment