Skip to content

Commit

Permalink
fix: /etc/kubernetes/super-admin.conf file perms for cis benchmark (#…
Browse files Browse the repository at this point in the history
  • Loading branch information
emosbaugh authored Sep 24, 2024
1 parent 1688e10 commit f7475b0
Show file tree
Hide file tree
Showing 3 changed files with 12 additions and 0 deletions.
10 changes: 10 additions & 0 deletions scripts/common/kubernetes.sh
Original file line number Diff line number Diff line change
Expand Up @@ -240,6 +240,16 @@ function kubernetes_cis_chmod_kubelet_config_file() {
fi
}

# kubernetes_cis_super_admin_credentials_file_permissions fixes the following CIS benchmark test:
# [FAIL] 1.1.13 Ensure that the default administrative credential file permissions are set to 600 (Automated)
# [FAIL] 1.1.14 Ensure that the default administrative credential file ownership is set to root:root (Automated)
function kubernetes_cis_super_admin_credentials_file_permissions() {
if [ -f /etc/kubernetes/super-admin.conf ]; then
chmod 600 /etc/kubernetes/super-admin.conf
chown root:root /etc/kubernetes/super-admin.conf
fi
}

kubernetes_host_commands_ok() {
local k8sVersion=$1

Expand Down
1 change: 1 addition & 0 deletions scripts/install.sh
Original file line number Diff line number Diff line change
Expand Up @@ -341,6 +341,7 @@ function init() {
kubectl -n kurl apply -f "$DIR/manifests/troubleshoot.yaml"

kubernetes_cis_chmod_kubelet_config_file
kubernetes_cis_super_admin_credentials_file_permissions
}

function kubeadm_post_init() {
Expand Down
1 change: 1 addition & 0 deletions scripts/join.sh
Original file line number Diff line number Diff line change
Expand Up @@ -131,6 +131,7 @@ function join() {
fi

kubernetes_cis_chmod_kubelet_config_file
kubernetes_cis_super_admin_credentials_file_permissions
}

outro() {
Expand Down

0 comments on commit f7475b0

Please sign in to comment.