Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[csp task] 1.1 Master Node Configuration Files #3

Closed
oren-zohar opened this issue Nov 9, 2021 · 0 comments · Fixed by #1, #2, #5 or #7
Closed

[csp task] 1.1 Master Node Configuration Files #3

oren-zohar opened this issue Nov 9, 2021 · 0 comments · Fixed by #1, #2, #5 or #7
Labels
Team: csp

Comments

@oren-zohar
Copy link
Collaborator

oren-zohar commented Nov 9, 2021
edited
Loading

Rule Description Type Status PR
1.1.1 Ensure that the API server pod specification file permissions are set to 644 or more restrictive Automated Done #1
1.1.2 Ensure that the API server pod specification file ownership is set to root:root Automated Done #1
1.1.3 Ensure that the controller manager pod specification file permissions are set to 644 or more restrictive Automated Done #2
1.1.4 Ensure that the controller manager pod specification file ownership is set to root:root Automated Done #5
1.1.5 Ensure that the scheduler pod specification file permissions are set to 644 or more restrictive Automated Done #2
1.1.6 Ensure that the scheduler pod specification file ownership is set to root:root Automated Done #5
1.1.7 Ensure that the etcd pod specification file permissions are set to 644 or more restrictive Automated Done #2
1.1.8 Ensure that the etcd pod specification file ownership is set to root:root Automated Done #5
1.1.9 Ensure that the Container Network Interface file permissions are set to 644 or more restrictive Manual TBD
1.1.10 Ensure that the Container Network Interface file ownership is set to root:root Manual TBD
1.1.11 Ensure that the etcd data directory permissions are set to 700 or more restrictive Automated Done #7
1.1.12 Ensure that the etcd data directory ownership is set to etcd:etcd Automated Done #7
1.1.13 Ensure that the admin.conf file permissions are set to 644 or more restrictive Automated Done #2
1.1.14 Ensure that the admin.conf file ownership is set to root:root Automated Done #5
1.1.15 Ensure that the scheduler.conf file permissions are set to 644 or more restrictive Automated Done #2
1.1.16 Ensure that the scheduler.conf file ownership is set to root:root Automated Done #5
1.1.17 Ensure that the controller-manager.conf file permissions are set to 644 or more restrictive Automated Done #2
1.1.18 Ensure that the controller-manager.conf file ownership is set to root:root Automated Done #5
1.1.19 Ensure that the Kubernetes PKI directory and file ownership is set to root:root Automated Done #7
1.1.20 Ensure that the Kubernetes PKI certificate file permissions are set to 644 or more restrictive Manual TBD
1.1.21 Ensure that the Kubernetes PKI key file permissions are set to 600 Manual TBD
This was linked to pull requests Nov 11, 2021
general changes #1
Merged
[new rule] Master Node Configuration File permissions rules #2
Merged
[new rule] File ownerships #5
Merged
@kfirpeled kfirpeled changed the title 1.1 Master Node Configuration Files [csp task] 1.1 Master Node Configuration Files Nov 11, 2021
@oren-zohar oren-zohar reopened this Nov 15, 2021
@kfirpeled kfirpeled linked a pull request Nov 22, 2021 that will close this issue
[New Rule] Api server first automated rule (1.2.2) #11
Merged
@kfirpeled kfirpeled removed a link to a pull request Nov 22, 2021
[New Rule] Api server first automated rule (1.2.2) #11
Merged
@kfirpeled kfirpeled linked a pull request Nov 22, 2021 that will close this issue
[New Rules] Folder rules (1.1.11, 1.1.12, 1.1.19) #7
Merged
jeniawhite added a commit to jeniawhite/csp-security-policies that referenced this issue Aug 9, 2022
@eyalkraft @jeniawhite
@ofiriro3 @uri-weisman @kfirpeled
Generate templates - initial commit (elastic#120)
a0a3b8b 
* Add files via upload

* Update worker.js

* Merge pull request elastic#1 from ofiriro3/editing-readme

Adding information to readme.md

* Merge pull request elastic#2 from ofiriro3/editing-readme

Indentation + path for csp

* Update README.md

Adding a bit of information regarding the manual process of rules

* Merge pull request elastic#3 from jeniawhite/add-json-gen

add json rule generator

* Add an option to generate report for missing rules (elastic#4)

* Rule template schema changes - introducing `metadata` field

* temp solution for merge

* Initial commit

* move to subfolder

* revert temp

* mv .gitattributes

Co-authored-by: Evgeniy Belyi <jeniawhite92@gmail.com>
Co-authored-by: ofiriro3 <ofiriro3@Gmail.com>
Co-authored-by: Uri Weisman <68195305+uri-weisman@users.noreply.github.com>
Co-authored-by: Kfir Peled <61654899+kfirpeled@users.noreply.github.com>
orestisfl pushed a commit that referenced this issue Oct 11, 2023
@eyalkraft @jeniawhite
@ofiriro3 @uri-weisman @kfirpeled @orestisfl
[Security Policies] Generate templates - initial commit (#120)
783a8de 
* Add files via upload

* Update worker.js

* Merge pull request #1 from ofiriro3/editing-readme

Adding information to readme.md

* Merge pull request #2 from ofiriro3/editing-readme

Indentation + path for csp

* Update README.md

Adding a bit of information regarding the manual process of rules

* Merge pull request #3 from jeniawhite/add-json-gen

add json rule generator

* Add an option to generate report for missing rules (#4)

* Rule template schema changes - introducing `metadata` field

* temp solution for merge

* Initial commit

* move to subfolder

* revert temp

* mv .gitattributes

Co-authored-by: Evgeniy Belyi <jeniawhite92@gmail.com>
Co-authored-by: ofiriro3 <ofiriro3@Gmail.com>
Co-authored-by: Uri Weisman <68195305+uri-weisman@users.noreply.github.com>
Co-authored-by: Kfir Peled <61654899+kfirpeled@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Team: csp
Projects
None yet
Milestone
No milestone
2 participants
@kfirpeled @oren-zohar