Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add latest CIS benchmarks #1484

Open
wants to merge 18 commits into
base: main
Choose a base branch
from
Open

Add latest CIS benchmarks #1484

wants to merge 18 commits into from

Conversation

damejeras
Copy link

@damejeras damejeras commented Aug 9, 2023

I copied latest AKS(1.0.0), EKS(1.2.0), GKE(1.2.0) config files and adjusted them to match latest published CIS benchmarks (AKS 1.3, EKS 1.3, GKE 1.4).

EKS changes:

  • 4.5 was removed (was previously empty), 4.6.* became 4.5.*
  • 3.2.6 was removed and everything shifted

GKE changes:

  • 3.2.6 was removed and everything shifted
  • previously 3.2.9, now is 3.2.9 and its about event record qps. 0 qps can ddos cluster, so 5 or higher is recommended.
  • 5.5.4 added “When creating New Clusters - ” prefix to rule name

AKS changes:

  • 3.2.6 was removed and everything shifted in 3.2.*

@CLAassistant
Copy link

CLAassistant commented Aug 9, 2023

CLA assistant check
All committers have signed the CLA.

@chen-keinan
Copy link
Contributor

@damejeras lets wait for @mozillazg review

@chen-keinan
Copy link
Contributor

@damejeras please rebase your branch with upstream

@mozillazg
Copy link
Collaborator

I will complete the review before next Monday.

Copy link
Collaborator

@mozillazg mozillazg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for your contribution! I've added some comments. Please check them when you get a chance. Thanks!

cfg/aks-1.3/policies.yaml Outdated Show resolved Hide resolved
cfg/aks-1.3/policies.yaml Outdated Show resolved Hide resolved
cfg/eks-1.3.0/node.yaml Outdated Show resolved Hide resolved
cfg/eks-1.3.0/node.yaml Outdated Show resolved Hide resolved
cfg/eks-1.3.0/policies.yaml Outdated Show resolved Hide resolved
cfg/gke-1.4.0/managedservices.yaml Outdated Show resolved Hide resolved
cfg/gke-1.4.0/managedservices.yaml Outdated Show resolved Hide resolved
cfg/gke-1.4.0/managedservices.yaml Outdated Show resolved Hide resolved
cfg/gke-1.4.0/managedservices.yaml Outdated Show resolved Hide resolved
cfg/gke-1.4.0/managedservices.yaml Outdated Show resolved Hide resolved
dependabot bot and others added 17 commits November 20, 2023 15:12
Bumps alpine from 3.18.2 to 3.18.3.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…ity#1495)

Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 4 to 5.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases)
- [Commits](goreleaser/goreleaser-action@v4...v5)

---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps golang from 1.20.6 to 1.21.1.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…urity#1499)

Bumps [crazy-max/ghaction-docker-meta](https://github.com/crazy-max/ghaction-docker-meta) from 4 to 5.
- [Release notes](https://github.com/crazy-max/ghaction-docker-meta/releases)
- [Upgrade guide](https://github.com/docker/metadata-action/blob/master/UPGRADE.md)
- [Commits](docker/metadata-action@v4...v5)

---
updated-dependencies:
- dependency-name: crazy-max/ghaction-docker-meta
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: AnaisUrlichs <urlichsanais@gmail.com>
Signed-off-by: chenk <hen.keinan@gmail.com>
Signed-off-by: chenk <hen.keinan@gmail.com>
…1498)

Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 4 to 5.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](docker/build-push-action@v4...v5)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: chenk <hen.keinan@gmail.com>
Signed-off-by: chenk <hen.keinan@gmail.com>
…1503)

Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 2 to 3.
- [Release notes](https://github.com/docker/setup-qemu-action/releases)
- [Commits](docker/setup-qemu-action@v2...v3)

---
updated-dependencies:
- dependency-name: docker/setup-qemu-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: chenk <hen.keinan@gmail.com>
…urity#1489)

Bumps [github.com/golang/glog](https://github.com/golang/glog) from 1.0.0 to 1.1.2.
- [Release notes](https://github.com/golang/glog/releases)
- [Commits](golang/glog@v1.0.0...v1.1.2)

---
updated-dependencies:
- dependency-name: github.com/golang/glog
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: chenk <hen.keinan@gmail.com>
Bumps golang from 1.21.1 to 1.21.3.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: chenk <hen.keinan@gmail.com>
…ecurity#1520)

Bumps [github.com/fatih/color](https://github.com/fatih/color) from 1.14.1 to 1.16.0.
- [Release notes](https://github.com/fatih/color/releases)
- [Commits](fatih/color@v1.14.1...v1.16.0)

---
updated-dependencies:
- dependency-name: github.com/fatih/color
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@mozillazg
Copy link
Collaborator

@damejeras LGTM. Would you please fix the linter error? Thanks!

@mozillazg
Copy link
Collaborator

@damejeras ping~

@stephaneetje
Copy link

Hello,
Any news on this ? I have to add since that PR, gke 1.5.0 got out.

@kahirokunn
Copy link

LGTM

@afdesk
Copy link
Collaborator

afdesk commented Oct 15, 2024

@damejeras @mozillazg hi guys!
if this PR is still OK, I can take a look and fix linter errors.
wdyt?

@mozillazg
Copy link
Collaborator

@damejeras @mozillazg hi guys! if this PR is still OK, I can take a look and fix linter errors. wdyt?

@afdesk It's ok to continue.

@afdesk
Copy link
Collaborator

afdesk commented Oct 21, 2024

@damejeras it seems I have no permissions to fix it.
Could you update the PR?
thanks for your contribution!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

9 participants