-
Notifications
You must be signed in to change notification settings - Fork 78
/
inspec.yml
executable file
·88 lines (88 loc) · 2.8 KB
/
inspec.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
---
name: cis-kubernetes-benchmark
title: CIS Kubernetes Benchmark Profile
maintainer: Kristian Vlaardingerbroek
copyright: Schuberg Philis B.V.
copyright_email: [email protected]
license: Apache-2.0
summary: An InSpec Compliance profile for the CIS Kubernetes Benchmark
version: 1.0.4
inspec_version: '>= 4.6.3'
supports:
- platform-family: unix
attributes:
- name: cis_level
required: false
description: 'CIS profile level to audit'
value: 2
type: numeric
- name: apiserver
required: false
description: 'The name of the apiserver process'
type: string
value: kube-apiserver
- name: apiserver-manifest
require: false
description: 'The path of the apiserver manifest'
type: string
value: '/etc/kubernetes/manifests/kube-apiserver.yaml'
- name: controller_manager
required: false
description: 'The name of the controller manager process'
type: string
value: kube-controller-manager
- name: controller_manager-conf
require: false
description: 'The path of the controller-manager.conf file'
type: string
value: '/etc/kubernetes/controller-manager.conf'
- name: controller_manager-manifest
require: false
description: 'The path of the controller manager manifest'
type: string
value: '/etc/kubernetes/manifests/kube-controller-manager.yaml'
- name: scheduler
required: false
description: 'The name of the kube scheduler proces'
type: string
value: kube-scheduler
- name: scheduler-conf
require: false
description: 'The path of the scheduler.conf file'
type: string
value: '/etc/kubernetes/scheduler.conf'
- name: scheduler-manifest
require: false
description: 'The path of the kube scheduler manifest'
type: string
value: '/etc/kubernetes/manifests/kube-scheduler.yaml'
- name: kubelet
required: false
description: 'The name of the kubelet process'
type: string
value: kubelet
- name: kubelet-conf
require: false
description: 'The path of the kubelet.conf file'
type: string
value: '/etc/kubernetes/kubelet.conf'
- name: etcd
required: false
description: 'The name of the etcd process'
type: string
value: /usr/bin/etcd
- name: etcd-manifest
require: false
description: 'The path of the etcd manifest'
type: string
value: '/etc/kubernetes/manifests/etcd.yaml'
- name: admin-conf
require: false
description: 'The path of the admin.conf file'
type: string
value: '/etc/kubernetes/admin.conf'
- name: kubernetes-pki
require: false
description: 'The path of the Kubernetes PKI directory'
type: string
value: '/etc/kubernetes/pki'