From d77eab2234cc72d8b8a8e6cde10e5517311f467d Mon Sep 17 00:00:00 2001
From: Simarpreet Singh <simar@linux.com>
Date: Fri, 18 Oct 2019 13:23:23 -0700
Subject: [PATCH] master.yaml: Add --audit-policy-file check for 1.1.37. (#440)

* master.yaml: Add --audit-policy-file check for 1.1.37.

Signed-off-by: Simarpreet Singh <simar@linux.com>

* fix-177: fix line endings

Signed-off-by: Simarpreet Singh <simar@linux.com>
---
 cfg/1.11/master.yaml | 19 ++++++++++++++++++-
 cfg/1.13/master.yaml | 19 ++++++++++++++++++-
 2 files changed, 36 insertions(+), 2 deletions(-)

diff --git a/cfg/1.11/master.yaml b/cfg/1.11/master.yaml
index b592295..02ebd47 100644
--- a/cfg/1.11/master.yaml
+++ b/cfg/1.11/master.yaml
@@ -613,7 +613,7 @@ groups:
       --admission-control-config-file=<path/to/configuration/file>
     scored: true
 
-  - id: 1.1.37
+  - id: 1.1.37a
     text: "Ensure that the AdvancedAuditing argument is not set to false (Scored)"
     audit: "ps -ef | grep $apiserverbin | grep -v grep"
     tests:
@@ -633,6 +633,23 @@ groups:
       --audit-policy-file=/etc/kubernetes/audit-policy.yaml
     scored: true
 
+  - id: 1.1.37b
+    text: "Ensure that the AdvancedAuditing argument is not set to false (Scored)"
+    audit: "ps -ef | grep $apiserverbin | grep -v grep"
+    tests:
+      test_items:
+      - flag: "--audit-policy-file"
+        compare:
+          op: eq
+          value: "/etc/kubernetes/audit-policy.yaml"
+        set: true
+    remediation: |
+      Follow the Kubernetes documentation and set the desired audit policy in the
+      /etc/kubernetes/audit-policy.yaml file. Then, edit the API server pod specification file $apiserverconf
+      and set the below parameters.
+      --audit-policy-file=/etc/kubernetes/audit-policy.yaml
+    scored: true
+
   - id: 1.1.38
     text: "Ensure that the --request-timeout argument is set as appropriate (Scored)"
     audit: "ps -ef | grep $apiserverbin | grep -v grep"
diff --git a/cfg/1.13/master.yaml b/cfg/1.13/master.yaml
index 3402aa8..57fc20d 100644
--- a/cfg/1.13/master.yaml
+++ b/cfg/1.13/master.yaml
@@ -618,7 +618,7 @@ groups:
       --admission-control-config-file=<path/to/configuration/file>
     scored: true
 
-  - id: 1.1.37
+  - id: 1.1.37a
     text: "Ensure that the AdvancedAuditing argument is not set to false (Scored)"
     audit: "ps -ef | grep $apiserverbin | grep -v grep"
     tests:
@@ -638,6 +638,23 @@ groups:
       --audit-policy-file=/etc/kubernetes/audit-policy.yaml
     scored: true
 
+  - id: 1.1.37b
+    text: "Ensure that the AdvancedAuditing argument is not set to false (Scored)"
+    audit: "ps -ef | grep $apiserverbin | grep -v grep"
+    tests:
+      test_items:
+      - flag: "--audit-policy-file"
+        compare:
+          op: eq
+          value: "/etc/kubernetes/audit-policy.yaml"
+        set: true
+    remediation: |
+      Follow the Kubernetes documentation and set the desired audit policy in the
+      /etc/kubernetes/audit-policy.yaml file. Then, edit the API server pod specification file $apiserverconf
+      and set the below parameters.
+      --audit-policy-file=/etc/kubernetes/audit-policy.yaml
+    scored: true
+
   - id: 1.1.38
     text: "Ensure that the --request-timeout argument is set as appropriate (Scored)"
     audit: "ps -ef | grep $apiserverbin | grep -v grep"
-- 
GitLab