Jun 17, 2024 Miscellaneous- Metadata updated.
- References updated.
|
Apr 12, 2023 Functional Update- 4.1.1 Ensure that the kubelet service file permissions are set to 600 or more restrictive
- 4.1.10 If the kubelet config.yaml configuration file is being used validate file ownership is set to root:root
- 4.1.2 Ensure that the kubelet service file ownership is set to root:root
- 4.1.3 If proxy kubeconfig file exists ensure permissions are set to 600 or more restrictive
- 4.1.4 If proxy kubeconfig file exists ensure ownership is set to root:root
- 4.1.5 Ensure that the --kubeconfig kubelet.conf file permissions are set to 600 or more restrictive
- 4.1.6 Ensure that the --kubeconfig kubelet.conf file ownership is set to root:root
- 4.1.7 Ensure that the certificate authorities file permissions are set to 600 or more restrictive
- 4.1.8 Ensure that the client certificate authorities file ownership is set to root:root
- 4.1.9 If the kubelet config.yaml configuration file is being used validate permissions set to 600 or more restrictive
- 4.2.1 Ensure that the --anonymous-auth argument is set to false
- 4.2.10 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - cert
- 4.2.10 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - key
- 4.2.11 Ensure that the --rotate-certificates argument is not set to false
- 4.2.12 Verify that the RotateKubeletServerCertificate argument is set to true
- 4.2.13 Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers
- 4.2.2 Ensure that the --authorization-mode argument is not set to AlwaysAllow
- 4.2.3 Ensure that the --client-ca-file argument is set as appropriate
- 4.2.4 Verify that the --read-only-port argument is set to 0
- 4.2.5 Ensure that the --streaming-connection-idle-timeout argument is not set to 0
- 4.2.6 Ensure that the --protect-kernel-defaults argument is set to true
- 4.2.7 Ensure that the --make-iptables-util-chains argument is set to true
- 4.2.8 Ensure that the --hostname-override argument is not set
- 5.1.3 Minimize wildcard use in Roles and ClusterRoles - clusterroles
- 5.1.3 Minimize wildcard use in Roles and ClusterRoles - roles
Miscellaneous- Metadata updated.
- Platform check updated.
Removed- CIS_Kubernetes_v1.23_v1.0.1_Level_1_Worker.audit from CIS Kubernetes v1.23 Benchmark v1.0.1
|
Mar 7, 2023 Miscellaneous- Metadata updated.
- References updated.
|
Jan 4, 2023 |
Dec 7, 2022 |