From eefa0dfb61542cdfc003b8ef6ec15643af319357 Mon Sep 17 00:00:00 2001
From: Amir Jerbi <jerbia@gmail.com>
Date: Tue, 20 Jun 2017 13:29:58 +0300
Subject: [PATCH] Change check 1.15 Check is successful in case --kubelet-https
 is set to true OR missing

---
 cfg/master.yaml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/cfg/master.yaml b/cfg/master.yaml
index db7a5cd..dd0d07a 100644
--- a/cfg/master.yaml
+++ b/cfg/master.yaml
@@ -59,16 +59,19 @@ groups:
               the --insecure-allow-any-token argument from the KUBE_API_ARGS parameter."
       scored: true
 
-    - id: 1.1.5
+   - id: 1.1.5
       text: "Ensure that the --kubelet-https argument is set to true (Scored)"
       audit: "ps -ef | grep kube-apiserver | grep -v grep"
       tests: 
         test_items:
+        bin_flag: or
         - flag: "--kubelet-https"
           compare:
             op: eq
             value: true
           set: true
+        - flag: "--kubelet-https"
+          set: false
       remediation: "Edit the $kubeConfDir/apiserver file on the master node and remove 
               the --kubelet-https argument from the KUBE_API_ARGS parameter."
       scored: true
-- 
GitLab