Remove leading backslash

rancher · Sep 18, 2023 · daeffe5 · daeffe5
1 parent de75d42
commit daeffe5
Showing 1 changed file with 27 additions and 27 deletions.
diff --git a/...ides/rke2-hardening-guide/rke2-self-assessment-guide-with-cis-v1.7-k8s-v1.25.md b/...ides/rke2-hardening-guide/rke2-self-assessment-guide-with-cis-v1.7-k8s-v1.25.md
@@ -257,7 +257,7 @@ root:root
 
 **Remediation:**
 Run the below command (based on the file location on your system) on the control plane node.
-For example, chmod 600 \<path/to/cni/files\>
+For example, chmod 600 <path/to/cni/files\>
 
 **Audit:**
 
@@ -285,7 +285,7 @@ permissions=600 permissions=644
 **Remediation:**
 Run the below command (based on the file location on your system) on the control plane node.
 For example,
-chown root:root \<path/to/cni/files\>
+chown root:root <path/to/cni/files\>
 
 **Audit:**
 
@@ -620,7 +620,7 @@ on the control plane node and set the below parameter.
 **Remediation:**
 Follow the documentation and configure alternate mechanisms for authentication. Then,
 edit the API server pod specification file /var/lib/rancher/rke2/agent/pod-manifests/kube-apiserver.yaml
-on the control plane node and remove the --token-auth-file=\<filename\> parameter.
+on the control plane node and remove the --token-auth-file=<filename\> parameter.
 
 **Audit:**
 
@@ -678,8 +678,8 @@ Follow the Kubernetes documentation and set up the TLS connection between the
 apiserver and kubelets. Then, edit API server pod specification file
 /var/lib/rancher/rke2/agent/pod-manifests/kube-apiserver.yaml on the control plane node and set the
 kubelet client certificate and key parameters as below.
---kubelet-client-certificate=\<path/to/client-certificate-file\>
---kubelet-client-key=\<path/to/client-key-file\>
+--kubelet-client-certificate=<path/to/client-certificate-file\>
+--kubelet-client-key=<path/to/client-key-file\>
 
 **Audit:**
 
@@ -709,7 +709,7 @@ Follow the Kubernetes documentation and setup the TLS connection between
 the apiserver and kubelets. Then, edit the API server pod specification file
 /var/lib/rancher/rke2/agent/pod-manifests/kube-apiserver.yaml on the control plane node and set the
 --kubelet-certificate-authority parameter to the path to the cert file for the certificate authority.
---kubelet-certificate-authority=\<ca-string\>
+--kubelet-certificate-authority=<ca-string\>
 
 **Audit:**
 
@@ -824,7 +824,7 @@ Follow the Kubernetes documentation and set the desired limits in a configuratio
 Then, edit the API server pod specification file /var/lib/rancher/rke2/agent/pod-manifests/kube-apiserver.yaml
 and set the below parameters.
 --enable-admission-plugins=...,EventRateLimit,...
---admission-control-config-file=\<path/to/configuration/file\>
+--admission-control-config-file=<path/to/configuration/file\>
 
 **Audit:**
 
@@ -1237,7 +1237,7 @@ root 2489 2419 8 Sep11 ? 01:41:54 kube-apiserver --admission-control-config-file
 Edit the API server pod specification file /var/lib/rancher/rke2/agent/pod-manifests/kube-apiserver.yaml
 on the control plane node and set the --service-account-key-file parameter
 to the public key file for service accounts. For example,
---service-account-key-file=\<filename\>
+--service-account-key-file=<filename\>
 
 **Audit:**
 
@@ -1266,8 +1266,8 @@ root 2489 2419 8 Sep11 ? 01:41:54 kube-apiserver --admission-control-config-file
 Follow the Kubernetes documentation and set up the TLS connection between the apiserver and etcd.
 Then, edit the API server pod specification file /var/lib/rancher/rke2/agent/pod-manifests/kube-apiserver.yaml
 on the control plane node and set the etcd certificate and key file parameters.
---etcd-certfile=\<path/to/client-certificate-file\>
---etcd-keyfile=\<path/to/client-key-file\>
+--etcd-certfile=<path/to/client-certificate-file\>
+--etcd-keyfile=<path/to/client-key-file\>
 
 **Audit:**
 
@@ -1296,8 +1296,8 @@ root 2489 2419 8 Sep11 ? 01:41:54 kube-apiserver --admission-control-config-file
 Follow the Kubernetes documentation and set up the TLS connection on the apiserver.
 Then, edit the API server pod specification file /var/lib/rancher/rke2/agent/pod-manifests/kube-apiserver.yaml
 on the control plane node and set the TLS certificate and private key file parameters.
---tls-cert-file=\<path/to/tls-certificate-file\>
---tls-private-key-file=\<path/to/tls-key-file\>
+--tls-cert-file=<path/to/tls-certificate-file\>
+--tls-private-key-file=<path/to/tls-key-file\>
 
 **Audit:**
 
@@ -1326,7 +1326,7 @@ root 2489 2419 8 Sep11 ? 01:41:54 kube-apiserver --admission-control-config-file
 Follow the Kubernetes documentation and set up the TLS connection on the apiserver.
 Then, edit the API server pod specification file /var/lib/rancher/rke2/agent/pod-manifests/kube-apiserver.yaml
 on the control plane node and set the client certificate authority file.
---client-ca-file=\<path/to/client-ca-file\>
+--client-ca-file=<path/to/client-ca-file\>
 
 **Audit:**
 
@@ -1355,7 +1355,7 @@ root 2489 2419 8 Sep11 ? 01:41:54 kube-apiserver --admission-control-config-file
 Follow the Kubernetes documentation and set up the TLS connection between the apiserver and etcd.
 Then, edit the API server pod specification file /var/lib/rancher/rke2/agent/pod-manifests/kube-apiserver.yaml
 on the control plane node and set the etcd certificate authority file parameter.
---etcd-cafile=\<path/to/ca-file\>
+--etcd-cafile=<path/to/ca-file\>
 
 **Audit:**
 
@@ -1384,7 +1384,7 @@ root 2489 2419 8 Sep11 ? 01:41:54 kube-apiserver --admission-control-config-file
 Follow the Kubernetes documentation and configure a EncryptionConfig file.
 Then, edit the API server pod specification file /var/lib/rancher/rke2/agent/pod-manifests/kube-apiserver.yaml
 on the control plane node and set the --encryption-provider-config parameter to the path of that file.
-For example, --encryption-provider-config=\</path/to/EncryptionConfig/File\>
+For example, --encryption-provider-config=</path/to/EncryptionConfig/File\>
 
 **Audit:**
 
@@ -1537,7 +1537,7 @@ root 2652 2539 2 Sep11 ? 00:24:53 kube-controller-manager --flex-volume-plugin-d
 Edit the Controller Manager pod specification file /var/lib/rancher/rke2/agent/pod-manifests/kube-controller-manager.yaml
 on the control plane node and set the --service-account-private-key-file parameter
 to the private key file for service accounts.
---service-account-private-key-file=\<filename\>
+--service-account-private-key-file=<filename\>
 
 **Audit:**
 
@@ -1565,7 +1565,7 @@ root 2652 2539 2 Sep11 ? 00:24:53 kube-controller-manager --flex-volume-plugin-d
 **Remediation:**
 Edit the Controller Manager pod specification file /var/lib/rancher/rke2/agent/pod-manifests/kube-controller-manager.yaml
 on the control plane node and set the --root-ca-file parameter to the certificate bundle file`.
---root-ca-file=\<path/to/file\>
+--root-ca-file=<path/to/file\>
 
 **Audit:**
 
@@ -1688,8 +1688,8 @@ root 2645 2538 0 Sep11 ? 00:05:26 kube-scheduler --permit-port-sharing=true --au
 Follow the etcd service documentation and configure TLS encryption.
 Then, edit the etcd pod specification file /etc/kubernetes/manifests/etcd.yaml
 on the master node and set the below parameters.
---cert-file=\</path/to/ca-file\>
---key-file=\</path/to/key-file\>
+--cert-file=</path/to/ca-file\>
+--key-file=</path/to/key-file\>
 Not Applicable.
 
 ### 2.2 Ensure that the --client-cert-auth argument is set to true (Automated)
@@ -1741,8 +1741,8 @@ Follow the etcd service documentation and configure peer TLS encryption as appro
 for your etcd cluster.
 Then, edit the etcd pod specification file /var/lib/rancher/rke2/agent/pod-manifests/etcd.yaml on the
 master node and set the below parameters.
---peer-client-file=\</path/to/peer-cert-file\>
---peer-key-file=\</path/to/peer-key-file\>
+--peer-client-file=</path/to/peer-cert-file\>
+--peer-key-file=</path/to/peer-key-file\>
 Not Applicable.
 
 ### 2.5 Ensure that the --peer-client-cert-auth argument is set to true (Automated)
@@ -1795,7 +1795,7 @@ Follow the etcd documentation and create a dedicated certificate authority setup
 etcd service.
 Then, edit the etcd pod specification file /var/lib/rancher/rke2/agent/pod-manifests/etcd.yaml on the
 master node and set the below parameter.
---trusted-ca-file=\</path/to/ca-file\>
+--trusted-ca-file=</path/to/ca-file\>
 
 **Audit:**
 
@@ -2032,7 +2032,7 @@ root:root
 
 **Remediation:**
 Run the following command to modify the file permissions of the
---client-ca-file chmod 600 \<filename\>
+--client-ca-file chmod 600 <filename\>
 
 **Audit Script:** `check_cafile_permissions.sh`
 
@@ -2071,7 +2071,7 @@ permissions=600
 
 **Remediation:**
 Run the following command to modify the ownership of the --client-ca-file.
-chown root:root \<filename\>
+chown root:root <filename\>
 
 **Audit Script:** `check_cafile_ownership.sh`
 
@@ -2248,7 +2248,7 @@ the location of the client CA file.
 If using command line arguments, edit the kubelet service file
 /etc/systemd/system/kubelet.service.d/10-kubeadm.conf on each worker node and
 set the below parameter in KUBELET_AUTHZ_ARGS variable.
---client-ca-file=\<path/to/client-ca-file\>
+--client-ca-file=<path/to/client-ca-file\>
 Based on your system, restart the kubelet service. For example,
 systemctl daemon-reload
 systemctl restart kubelet.service
@@ -2459,8 +2459,8 @@ to the location of the corresponding private key file.
 If using command line arguments, edit the kubelet service file
 /etc/systemd/system/kubelet.service.d/10-kubeadm.conf on each worker node and
 set the below parameters in KUBELET_CERTIFICATE_ARGS variable.
---tls-cert-file=\<path/to/tls-certificate-file\>
---tls-private-key-file=\<path/to/tls-key-file\>
+--tls-cert-file=<path/to/tls-certificate-file\>
+--tls-private-key-file=<path/to/tls-key-file\>
 Based on your system, restart the kubelet service. For example,
 systemctl daemon-reload
 systemctl restart kubelet.service