-
Notifications
You must be signed in to change notification settings - Fork 16
/
data.yaml
40 lines (37 loc) · 1.49 KB
/
data.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
metadata:
id: 555cf8d5-f963-5574-a856-e06614cf9341
name: Ensure that the --authorization-mode argument includes RBAC
profile_applicability: '* Level 1 - Master Node'
description: Turn on Role Based Access Control.
rationale: |-
Role Based Access Control (RBAC) allows fine-grained control over the operations that different entities can perform on different objects in the cluster.
It is recommended to use the RBAC authorization mode.
audit: |-
Run the following command on the Control Plane node:
```
ps -ef | grep kube-apiserver
```
Verify that the `--authorization-mode` argument exists and is set to a value to include `RBAC`.
remediation: |-
Edit the API server pod specification file `/etc/kubernetes/manifests/kube-apiserver.yaml` on the Control Plane node and set the `--authorization-mode` parameter to a value that includes `RBAC`, for example:
```
--authorization-mode=Node,RBAC
```
impact: |-
When RBAC is enabled you will need to ensure that appropriate RBAC settings (including Roles, RoleBindings and ClusterRoleBindings) are configured to allow appropriate access.
default_value: |
By default, `RBAC` authorization is not enabled.
references: 1. https://kubernetes.io/docs/reference/access-authn-authz/rbac/
section: API Server
version: '1.0'
tags:
- CIS
- Kubernetes
- CIS 1.2.9
- API Server
benchmark:
name: CIS Kubernetes V1.23
version: v1.0.1
id: cis_k8s
rule_number: 1.2.9
posture_type: kspm