Skip to content

Commit

Permalink
Add cis 1.7 and 1.24 assessments
Browse files Browse the repository at this point in the history
Signed-off-by: Derek Nola <[email protected]>
  • Loading branch information
dereknola committed May 15, 2024
1 parent 092598d commit f7484b4
Show file tree
Hide file tree
Showing 6 changed files with 3,464 additions and 12 deletions.
6 changes: 4 additions & 2 deletions docs/security/security.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,10 @@ First the hardening guide provides a list of security best practices to secure a

Second, is the self assessment to validate a hardened cluster. We currently have two different assessments available:

* [CIS 1.23 Benchmark Self-Assessment Guide](self-assessment-1.23.md), older version of the CIS benchmark
* [CIS 1.24 Benchmark Self-Assessment Guide](self-assessment-1.24.md), old version of CIS benchmark, for K3s v1.24

* [CIS 1.8 Benchmark Self-Assessment Guide](self-assessment-1.8.md), newer version of the CIS benchmark
* [CIS 1.7 Benchmark Self-Assessment Guide](self-assessment-1.7.md), for K3s version v1.25-v1.26

* [CIS 1.8 Benchmark Self-Assessment Guide](self-assessment-1.8.md), for K3s version v1.27-v1.29


11 changes: 3 additions & 8 deletions docs/security/self-assessment-1.23.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,17 +2,15 @@
title: CIS 1.23 Self Assessment Guide
---

### CIS Kubernetes Benchmark v1.23 - K3s with Kubernetes v1.22 to v1.24

#### Overview
## Overview

This document is a companion to the [K3s security hardening guide](hardening-guide.md). The hardening guide provides prescriptive guidance for hardening a production installation of K3s, and this benchmark guide is meant to help you evaluate the level of security of the hardened cluster against each control in the CIS Kubernetes Benchmark. It is to be used by K3s operators, security teams, auditors, and decision-makers.

This guide is specific to the **v1.22**, **v1.23** and **v1.24** release line of K3s and the **v1.23** release of the CIS Kubernetes Benchmark.
This guide is specific to the **v1.22-v1.23** release lines of K3s and the **v1.23** release of the CIS Kubernetes Benchmark.

For more information about each control, including detailed descriptions and remediations for failing tests, you can refer to the corresponding section of the CIS Kubernetes Benchmark v1.6. You can download the benchmark, after creating a free account, in [Center for Internet Security (CIS)](https://www.cisecurity.org/benchmark/kubernetes/).

#### Testing controls methodology
### Testing controls methodology

Each control in the CIS Kubernetes Benchmark was evaluated against a K3s cluster that was configured according to the accompanying hardening guide.

Expand All @@ -28,9 +26,6 @@ This guide makes the assumption that K3s is running as a Systemd unit. Your inst

> NOTE: Only `automated` tests (previously called `scored`) are covered in this guide.
### Controls

---

## 1.1 Control Plane Node Configuration Files
### 1.1.1 Ensure that the API server pod specification file permissions are set to 644 or more restrictive (Automated)
Expand Down
Loading

0 comments on commit f7484b4

Please sign in to comment.