Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[New Rules] etcd rules 2.x #18

Merged
merged 5 commits into from
Dec 1, 2021
Merged

[New Rules] etcd rules 2.x #18

merged 5 commits into from
Dec 1, 2021

Conversation

oren-zohar
Copy link
Collaborator

new rules:

  • 2.1
  • 2.2
  • 2.3
  • 2.4
  • 2.5
  • 2.6

@oren-zohar oren-zohar requested a review from kfirpeled November 21, 2021 13:06
@kfirpeled kfirpeled linked an issue Nov 22, 2021 that may be closed by this pull request
compliance/cis_k8s/rules/cis_2_1/rule.rego Show resolved Hide resolved
compliance/cis_k8s/rules/cis_2_3/rule.rego Outdated Show resolved Hide resolved

test_pass {
test.assert_pass(finding) with input as rule_input("etcd", "")
test.assert_pass(finding) with input as rule_input("etcd", "-peer-auto-tls=false")
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

missing dash -peer-auto-tls=false

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

and i think that would fail here, right?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Verify that if the --peer-auto-tls argument exists, it is not set to true.

# Conflicts:
#	compliance/cis_k8s/test_data.rego
#	compliance/lib/common.rego
#	compliance/lib/data_adapter.rego
@oren-zohar oren-zohar requested a review from kfirpeled November 30, 2021 14:18
# Conflicts:
#	compliance/lib/common.rego
#	compliance/lib/data_adapter.rego
@oren-zohar oren-zohar merged commit f4cdc5e into main Dec 1, 2021
@oren-zohar oren-zohar deleted the etcd-rules branch December 1, 2021 16:16
orestisfl pushed a commit that referenced this pull request Oct 11, 2023

Unverified

This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
orestisfl pushed a commit to orestisfl/csp-security-policies that referenced this pull request Oct 12, 2023

Unverified

This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
elastic#18


---NOTE---
This is an imported commit, it was initially committed to the
csp-security-policies repo which was then merged into cloudbeat. See:
elastic/cloudbeat#1405
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[csp task] 2.x Scheduler rules
2 participants