mirror of
https://github.com/aquasecurity/kube-bench.git
synced 2026-02-14 10:00:14 +00:00
f1807bb192
- Update master to 1.2.29 and purge CBC ciphers: https://workbench.cisecurity.org/tickets/24968 - Remove TLS_RSA_WITH_AES_256_GCM_SHA384 & TLS_RSA_WITH_AES_128_GCM_SHA256 (CBC support) for node 4.2.12: https://workbench.cisecurity.org/tickets/24968 - Remove node check 4.2.15: https://workbench.cisecurity.org/tickets/24915 - Remove policy 5.2.9 "Minimize the admission of containers with added capabilities" (Manual): https://workbench.cisecurity.org/benchmarks/21709/tickets/25337 - Update "Minimize the admission of containers with capabilities assigned" policies to remove PodSecurityPolicy (PSP) references Signed-off-by: Andy Pitcher <andy.pitcher@suse.com>
8.1 KiB
8.1 KiB
CIS Kubernetes Benchmark support
kube-bench runs industry standard benchmark tests for Kubernetes. Most of our supported benchmarks are defined in either of the following:
Other benchmarks are defined by hardening guides.
| Source | Kubernetes Benchmark | kube-bench config | Kubernetes versions |
|---|---|---|---|
| CIS | 1.5.1 | cis-1.5 | 1.15 |
| CIS | 1.6.0 | cis-1.6 | 1.16-1.18 |
| CIS | 1.20 | cis-1.20 | 1.19-1.21 |
| CIS | 1.23 | cis-1.23 | 1.22-1.23 |
| CIS | 1.24 | cis-1.24 | 1.24 |
| CIS | 1.7 | cis-1.7 | 1.25 |
| CIS | 1.8 | cis-1.8 | 1.26 |
| CIS | 1.9 | cis-1.9 | 1.27 |
| CIS | 1.10 | cis-1.10 | 1.28 |
| CIS | 1.11 | cis-1.11 | 1.29-1.31 |
| CIS | 1.12 | cis-1.12 | 1.32-1.34 |
| CIS | GKE 1.0.0 | gke-1.0 | GKE |
| CIS | GKE 1.2.0 | gke-1.2.0 | GKE |
| CIS | GKE 1.6.0 | gke-1.6.0 | GKE |
| CIS | EKS 1.0.1 | eks-1.0.1 | EKS |
| CIS | EKS 1.1.0 | eks-1.1.0 | EKS |
| CIS | EKS 1.2.0 | eks-1.2.0 | EKS |
| CIS | EKS 1.5.0 | eks-1.5.0 | EKS |
| CIS | ACK 1.0.0 | ack-1.0 | ACK |
| CIS | AKS 1.0.0 | aks-1.0 | AKS |
| CIS | AKS 1.7.0 | aks-1.7 | AKS |
| RHEL | Red Hat OpenShift hardening guide | rh-0.7 | OCP 3.10-3.11 |
| CIS | OCP4 1.1.0 | rh-1.0 | OCP 4.1- |
| CIS | 1.6.0-k3s | cis-1.6-k3s | k3s v1.16-v1.24 |
| DISA | Kubernetes Ver 1, Rel 6 | eks-stig-kubernetes-v1r6 | EKS |
| CIS | TKGI 1.2.53 | tkgi-1.2.53 | vmware |
| CIS | 1.7.0-rke | rke-cis-1.7 | rke v1.25-v1.27 |
| CIS | 1.7.0-rke2 | rke2-cis-1.6 | rke2 v1.25-v1.27 |
| CIS | 1.7.0-k3s | k3s-cis-1.7 | k3s v1.25-v1.27 |