mirror of
https://github.com/aquasecurity/kube-bench.git
synced 2026-02-14 10:00:14 +00:00
e3becc9f19
First yamls and Update info - Modify yaml versions from 1.10 to 1.11 - Adapt configmap to cover cis-1.11 - Adapt docs and cmd files - Fix version_mapping in global configMap and common_test.go: Kuberversion for cis-1.11 - doc: improve version mapping in platforms Adapt master.yaml - modify: 1.1.20 https://workbench.cisecurity.org/benchmarks/19519/tickets/24017 permissions changed from 600 to 644 - create: 1.2.30 Ensure that the --service-account-extend-token-expiration parameter is set to false (Automated) Adapt node.yaml - Add: 4.2.14 Ensure that the --seccomp-default parameter is set to true (Manual) - Add: 4.2.15 Ensure that the --IPAddressDeny is set to any (Manual) - this check is to be removed in CIS-1.1.12, I suggest we discard it. - Modify: 4.1.7 Ensure that the certificate authorities file permissions are set to 644 or more restrictive (Manual) - (changed from 600 to 644) https://workbench.cisecurity.org/community/43/discussions/11786 - Modify: 4.2.4 Verify that if defined, readOnlyPort is set to 0 (Manual) - Added "if defined" Adapt policies.yaml - Modify: 5.1.1 to 5.1.6 from (Automated) to (Manual) - Modify: section titled "General Policies" was renumbered from 5.7 in v1.10 to 5.6