I0722 14:24:46.998460 2224621 util.go:543] Checking for oc
I0722 14:24:46.998632 2224621 util.go:572] Can't find oc command: exec: "oc": executable file not found in $PATH
I0722 14:24:50.031255 2224621 util.go:312] Error detecting RKE cluster: nodes is forbidden: User "system:serviceaccount:default:default" cannot list resource "nodes" in API group "" at the cluster scope
I0722 14:24:50.031315 2224621 kubernetes_version.go:36] Try to get version from Rest API
I0722 14:24:50.031399 2224621 kubernetes_version.go:161] Loading CA certificate
I0722 14:24:50.031442 2224621 kubernetes_version.go:115] getWebData srvURL: https://kubernetes.default.svc/version
I0722 14:24:50.038073 2224621 kubernetes_version.go:100] vd: {
  "major": "1",
  "minor": "30",
  "gitVersion": "v1.30.2",
  "gitCommit": "39683505b630ff2121012f3c5b16215a1449d5ed",
  "gitTreeState": "clean",
  "buildDate": "2024-06-11T20:21:00Z",
  "goVersion": "go1.22.4",
  "compiler": "gc",
  "platform": "linux/amd64"
}
I0722 14:24:50.039728 2224621 kubernetes_version.go:105] vrObj: &cmd.VersionResponse{Major:"1", Minor:"30", GitVersion:"v1.30.2", GitCommit:"39683505b630ff2121012f3c5b16215a1449d5ed", GitTreeState:"clean", BuildDate:"2024-06-11T20:21:00Z", GoVersion:"go1.22.4", Compiler:"gc", Platform:"linux/amd64"}
I0722 14:24:50.039814 2224621 util.go:318] Kubernetes REST API Reported version: &{1 30  v1.30.2}
I0722 14:24:50.039892 2224621 common.go:351] Kubernetes version: "" to Benchmark version: "cis-1.9"
I0722 14:24:50.039920 2224621 root.go:76] Running checks for benchmark cis-1.9
I0722 14:24:50.039933 2224621 common.go:366] Checking if the current node is running master components
I0722 14:24:50.040052 2224621 util.go:85] ps - proc: "kube-apiserver"
I0722 14:24:50.071009 2224621 util.go:92] ps - returning: "kube-apiserver --advertise-address=172.16.90.252 --allow-privileged=true --authorization-mode=Node,RBAC --client-ca-file=/etc/kubernetes/pki/ca.crt --enable-admission-plugins=NodeRestriction --enable-bootstrap-token-auth=true --etcd-cafile=/etc/kubernetes/pki/etcd/ca.crt --etcd-certfile=/etc/kubernetes/pki/apiserver-etcd-client.crt --etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key --etcd-servers=https://127.0.0.1:2379 --kubelet-client-certificate=/etc/kubernetes/pki/apiserver-kubelet-client.crt --kubelet-client-key=/etc/kubernetes/pki/apiserver-kubelet-client.key --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname --proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-client.crt --proxy-client-key-file=/etc/kubernetes/pki/front-proxy-client.key --requestheader-allowed-names=front-proxy-client --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt --requestheader-extra-headers-prefix=X-Remote-Extra- --requestheader-group-headers=X-Remote-Group --requestheader-username-headers=X-Remote-User --secure-port=6443 --service-account-issuer=https://kubernetes.default.svc.cluster.local --service-account-key-file=/etc/kubernetes/pki/sa.pub --service-account-signing-key-file=/etc/kubernetes/pki/sa.key --service-cluster-ip-range=10.96.0.0/12 --tls-min-version=VersionTLS12 --tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 --tls-cert-file=/etc/kubernetes/pki/apiserver.crt --tls-private-key-file=/etc/kubernetes/pki/apiserver.key\n"
I0722 14:24:50.071148 2224621 util.go:233] reFirstWord.Match(kube-apiserver --advertise-address=172.16.90.252 --allow-privileged=true --authorization-mode=Node,RBAC --client-ca-file=/etc/kubernetes/pki/ca.crt --enable-admission-plugins=NodeRestriction --enable-bootstrap-token-auth=true --etcd-cafile=/etc/kubernetes/pki/etcd/ca.crt --etcd-certfile=/etc/kubernetes/pki/apiserver-etcd-client.crt --etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key --etcd-servers=https://127.0.0.1:2379 --kubelet-client-certificate=/etc/kubernetes/pki/apiserver-kubelet-client.crt --kubelet-client-key=/etc/kubernetes/pki/apiserver-kubelet-client.key --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname --proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-client.crt --proxy-client-key-file=/etc/kubernetes/pki/front-proxy-client.key --requestheader-allowed-names=front-proxy-client --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt --requestheader-extra-headers-prefix=X-Remote-Extra- --requestheader-group-headers=X-Remote-Group --requestheader-username-headers=X-Remote-User --secure-port=6443 --service-account-issuer=https://kubernetes.default.svc.cluster.local --service-account-key-file=/etc/kubernetes/pki/sa.pub --service-account-signing-key-file=/etc/kubernetes/pki/sa.key --service-cluster-ip-range=10.96.0.0/12 --tls-min-version=VersionTLS12 --tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 --tls-cert-file=/etc/kubernetes/pki/apiserver.crt --tls-private-key-file=/etc/kubernetes/pki/apiserver.key)
I0722 14:24:50.071200 2224621 util.go:121] Component apiserver uses running binary kube-apiserver
I0722 14:24:50.071255 2224621 util.go:85] ps - proc: "kube-scheduler"
I0722 14:24:50.109465 2224621 util.go:92] ps - returning: "kube-scheduler --authentication-kubeconfig=/etc/kubernetes/scheduler.conf --authorization-kubeconfig=/etc/kubernetes/scheduler.conf --bind-address=127.0.0.1 --kubeconfig=/etc/kubernetes/scheduler.conf --leader-elect=true\n"
I0722 14:24:50.109536 2224621 util.go:233] reFirstWord.Match(kube-scheduler --authentication-kubeconfig=/etc/kubernetes/scheduler.conf --authorization-kubeconfig=/etc/kubernetes/scheduler.conf --bind-address=127.0.0.1 --kubeconfig=/etc/kubernetes/scheduler.conf --leader-elect=true)
I0722 14:24:50.109553 2224621 util.go:121] Component scheduler uses running binary kube-scheduler
I0722 14:24:50.109584 2224621 util.go:85] ps - proc: "kube-controller-manager"
I0722 14:24:50.140921 2224621 util.go:92] ps - returning: "/usr/bin/kube-controllers\nkube-controller-manager --authentication-kubeconfig=/etc/kubernetes/controller-manager.conf --authorization-kubeconfig=/etc/kubernetes/controller-manager.conf --bind-address=127.0.0.1 --client-ca-file=/etc/kubernetes/pki/ca.crt --cluster-name=kubernetes --cluster-signing-cert-file=/etc/kubernetes/pki/ca.crt --cluster-signing-key-file=/etc/kubernetes/pki/ca.key --controllers=*,bootstrapsigner,tokencleaner --kubeconfig=/etc/kubernetes/controller-manager.conf --leader-elect=true --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt --root-ca-file=/etc/kubernetes/pki/ca.crt --service-account-private-key-file=/etc/kubernetes/pki/sa.key --use-service-account-credentials=true --tls-min-version=VersionTLS11\n"
I0722 14:24:50.141028 2224621 util.go:233] reFirstWord.Match(/usr/bin/kube-controllers)
I0722 14:24:50.141048 2224621 util.go:233] reFirstWord.Match(kube-controller-manager --authentication-kubeconfig=/etc/kubernetes/controller-manager.conf --authorization-kubeconfig=/etc/kubernetes/controller-manager.conf --bind-address=127.0.0.1 --client-ca-file=/etc/kubernetes/pki/ca.crt --cluster-name=kubernetes --cluster-signing-cert-file=/etc/kubernetes/pki/ca.crt --cluster-signing-key-file=/etc/kubernetes/pki/ca.key --controllers=*,bootstrapsigner,tokencleaner --kubeconfig=/etc/kubernetes/controller-manager.conf --leader-elect=true --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt --root-ca-file=/etc/kubernetes/pki/ca.crt --service-account-private-key-file=/etc/kubernetes/pki/sa.key --use-service-account-credentials=true --tls-min-version=VersionTLS11)
I0722 14:24:50.141061 2224621 util.go:121] Component controllermanager uses running binary kube-controller-manager
I0722 14:24:50.141214 2224621 util.go:85] ps - proc: "etcd"
I0722 14:24:50.173521 2224621 util.go:92] ps - returning: "etcd --advertise-client-urls=https://172.16.90.252:2379 --cert-file=/etc/kubernetes/pki/etcd/server.crt --client-cert-auth=true --data-dir=/var/lib/etcd --experimental-initial-corrupt-check=true --experimental-watch-progress-notify-interval=5s --initial-advertise-peer-urls=https://172.16.90.252:2380 --initial-cluster=crawford=https://172.16.90.252:2380 --key-file=/etc/kubernetes/pki/etcd/server.key --listen-client-urls=https://127.0.0.1:2379,https://172.16.90.252:2379 --listen-metrics-urls=http://127.0.0.1:2381 --listen-peer-urls=https://172.16.90.252:2380 --name=crawford --peer-cert-file=/etc/kubernetes/pki/etcd/peer.crt --peer-client-cert-auth=true --peer-key-file=/etc/kubernetes/pki/etcd/peer.key --peer-trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt --snapshot-count=10000 --trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt\n"
I0722 14:24:50.173598 2224621 util.go:233] reFirstWord.Match(etcd --advertise-client-urls=https://172.16.90.252:2379 --cert-file=/etc/kubernetes/pki/etcd/server.crt --client-cert-auth=true --data-dir=/var/lib/etcd --experimental-initial-corrupt-check=true --experimental-watch-progress-notify-interval=5s --initial-advertise-peer-urls=https://172.16.90.252:2380 --initial-cluster=crawford=https://172.16.90.252:2380 --key-file=/etc/kubernetes/pki/etcd/server.key --listen-client-urls=https://127.0.0.1:2379,https://172.16.90.252:2379 --listen-metrics-urls=http://127.0.0.1:2381 --listen-peer-urls=https://172.16.90.252:2380 --name=crawford --peer-cert-file=/etc/kubernetes/pki/etcd/peer.crt --peer-client-cert-auth=true --peer-key-file=/etc/kubernetes/pki/etcd/peer.key --peer-trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt --snapshot-count=10000 --trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt)
I0722 14:24:50.173615 2224621 util.go:121] Component etcd uses running binary etcd
I0722 14:24:50.173656 2224621 util.go:85] ps - proc: "flanneld"
I0722 14:24:50.206400 2224621 util.go:89] [/bin/ps -C flanneld -o cmd --no-headers]: exit status 1
I0722 14:24:50.206456 2224621 util.go:92] ps - returning: ""
I0722 14:24:50.206492 2224621 util.go:233] reFirstWord.Match()
I0722 14:24:50.206502 2224621 util.go:263] executable 'flanneld' not running
I0722 14:24:50.206511 2224621 util.go:119] Component flanneld not running
I0722 14:24:50.206565 2224621 util.go:85] ps - proc: "hyperkube"
I0722 14:24:50.237971 2224621 util.go:89] [/bin/ps -C hyperkube -o cmd --no-headers]: exit status 1
I0722 14:24:50.238016 2224621 util.go:92] ps - returning: ""
I0722 14:24:50.238071 2224621 util.go:233] reFirstWord.Match()
I0722 14:24:50.238078 2224621 util.go:263] executable 'hyperkube kubelet' not running
I0722 14:24:50.238083 2224621 util.go:85] ps - proc: "kubelet"
I0722 14:24:50.276809 2224621 util.go:92] ps - returning: "/usr/bin/kubelet --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf --config=/var/lib/kubelet/config.yaml --container-runtime-endpoint=unix:///var/run/containerd/containerd.sock --pod-infra-container-image=registry.k8s.io/pause:3.9\n"
I0722 14:24:50.276893 2224621 util.go:233] reFirstWord.Match(/usr/bin/kubelet --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf --config=/var/lib/kubelet/config.yaml --container-runtime-endpoint=unix:///var/run/containerd/containerd.sock --pod-infra-container-image=registry.k8s.io/pause:3.9)
I0722 14:24:50.276926 2224621 util.go:121] Component kubelet uses running binary kubelet
I0722 14:24:50.276938 2224621 common.go:383] Node is running master components
I0722 14:24:50.276952 2224621 root.go:79] == Running master checks ==
I0722 14:24:50.276964 2224621 util.go:132] Looking for config specific CIS version "cis-1.9"
I0722 14:24:50.276974 2224621 util.go:136] Looking for file: cfg/cis-1.9/master.yaml
I0722 14:24:50.277143 2224621 common.go:274] Using config file: cfg/cis-1.9/config.yaml
I0722 14:24:50.277219 2224621 common.go:78] Using test file: cfg/cis-1.9/master.yaml
I0722 14:24:50.277301 2224621 util.go:85] ps - proc: "kube-apiserver"
I0722 14:24:50.303349 2224621 util.go:92] ps - returning: "kube-apiserver --advertise-address=172.16.90.252 --allow-privileged=true --authorization-mode=Node,RBAC --client-ca-file=/etc/kubernetes/pki/ca.crt --enable-admission-plugins=NodeRestriction --enable-bootstrap-token-auth=true --etcd-cafile=/etc/kubernetes/pki/etcd/ca.crt --etcd-certfile=/etc/kubernetes/pki/apiserver-etcd-client.crt --etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key --etcd-servers=https://127.0.0.1:2379 --kubelet-client-certificate=/etc/kubernetes/pki/apiserver-kubelet-client.crt --kubelet-client-key=/etc/kubernetes/pki/apiserver-kubelet-client.key --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname --proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-client.crt --proxy-client-key-file=/etc/kubernetes/pki/front-proxy-client.key --requestheader-allowed-names=front-proxy-client --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt --requestheader-extra-headers-prefix=X-Remote-Extra- --requestheader-group-headers=X-Remote-Group --requestheader-username-headers=X-Remote-User --secure-port=6443 --service-account-issuer=https://kubernetes.default.svc.cluster.local --service-account-key-file=/etc/kubernetes/pki/sa.pub --service-account-signing-key-file=/etc/kubernetes/pki/sa.key --service-cluster-ip-range=10.96.0.0/12 --tls-min-version=VersionTLS12 --tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 --tls-cert-file=/etc/kubernetes/pki/apiserver.crt --tls-private-key-file=/etc/kubernetes/pki/apiserver.key\n"
I0722 14:24:50.303424 2224621 util.go:233] reFirstWord.Match(kube-apiserver --advertise-address=172.16.90.252 --allow-privileged=true --authorization-mode=Node,RBAC --client-ca-file=/etc/kubernetes/pki/ca.crt --enable-admission-plugins=NodeRestriction --enable-bootstrap-token-auth=true --etcd-cafile=/etc/kubernetes/pki/etcd/ca.crt --etcd-certfile=/etc/kubernetes/pki/apiserver-etcd-client.crt --etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key --etcd-servers=https://127.0.0.1:2379 --kubelet-client-certificate=/etc/kubernetes/pki/apiserver-kubelet-client.crt --kubelet-client-key=/etc/kubernetes/pki/apiserver-kubelet-client.key --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname --proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-client.crt --proxy-client-key-file=/etc/kubernetes/pki/front-proxy-client.key --requestheader-allowed-names=front-proxy-client --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt --requestheader-extra-headers-prefix=X-Remote-Extra- --requestheader-group-headers=X-Remote-Group --requestheader-username-headers=X-Remote-User --secure-port=6443 --service-account-issuer=https://kubernetes.default.svc.cluster.local --service-account-key-file=/etc/kubernetes/pki/sa.pub --service-account-signing-key-file=/etc/kubernetes/pki/sa.key --service-cluster-ip-range=10.96.0.0/12 --tls-min-version=VersionTLS12 --tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 --tls-cert-file=/etc/kubernetes/pki/apiserver.crt --tls-private-key-file=/etc/kubernetes/pki/apiserver.key)
I0722 14:24:50.303468 2224621 util.go:121] Component apiserver uses running binary kube-apiserver
I0722 14:24:50.303505 2224621 util.go:85] ps - proc: "kube-scheduler"
I0722 14:24:50.343746 2224621 util.go:92] ps - returning: "kube-scheduler --authentication-kubeconfig=/etc/kubernetes/scheduler.conf --authorization-kubeconfig=/etc/kubernetes/scheduler.conf --bind-address=127.0.0.1 --kubeconfig=/etc/kubernetes/scheduler.conf --leader-elect=true\n"
I0722 14:24:50.343816 2224621 util.go:233] reFirstWord.Match(kube-scheduler --authentication-kubeconfig=/etc/kubernetes/scheduler.conf --authorization-kubeconfig=/etc/kubernetes/scheduler.conf --bind-address=127.0.0.1 --kubeconfig=/etc/kubernetes/scheduler.conf --leader-elect=true)
I0722 14:24:50.343827 2224621 util.go:121] Component scheduler uses running binary kube-scheduler
I0722 14:24:50.343856 2224621 util.go:85] ps - proc: "kube-controller-manager"
I0722 14:24:50.374895 2224621 util.go:92] ps - returning: "/usr/bin/kube-controllers\nkube-controller-manager --authentication-kubeconfig=/etc/kubernetes/controller-manager.conf --authorization-kubeconfig=/etc/kubernetes/controller-manager.conf --bind-address=127.0.0.1 --client-ca-file=/etc/kubernetes/pki/ca.crt --cluster-name=kubernetes --cluster-signing-cert-file=/etc/kubernetes/pki/ca.crt --cluster-signing-key-file=/etc/kubernetes/pki/ca.key --controllers=*,bootstrapsigner,tokencleaner --kubeconfig=/etc/kubernetes/controller-manager.conf --leader-elect=true --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt --root-ca-file=/etc/kubernetes/pki/ca.crt --service-account-private-key-file=/etc/kubernetes/pki/sa.key --use-service-account-credentials=true --tls-min-version=VersionTLS11\n"
I0722 14:24:50.374943 2224621 util.go:233] reFirstWord.Match(/usr/bin/kube-controllers)
I0722 14:24:50.374955 2224621 util.go:233] reFirstWord.Match(kube-controller-manager --authentication-kubeconfig=/etc/kubernetes/controller-manager.conf --authorization-kubeconfig=/etc/kubernetes/controller-manager.conf --bind-address=127.0.0.1 --client-ca-file=/etc/kubernetes/pki/ca.crt --cluster-name=kubernetes --cluster-signing-cert-file=/etc/kubernetes/pki/ca.crt --cluster-signing-key-file=/etc/kubernetes/pki/ca.key --controllers=*,bootstrapsigner,tokencleaner --kubeconfig=/etc/kubernetes/controller-manager.conf --leader-elect=true --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt --root-ca-file=/etc/kubernetes/pki/ca.crt --service-account-private-key-file=/etc/kubernetes/pki/sa.key --use-service-account-credentials=true --tls-min-version=VersionTLS11)
I0722 14:24:50.374967 2224621 util.go:121] Component controllermanager uses running binary kube-controller-manager
I0722 14:24:50.375021 2224621 util.go:85] ps - proc: "etcd"
I0722 14:24:50.410788 2224621 util.go:92] ps - returning: "etcd --advertise-client-urls=https://172.16.90.252:2379 --cert-file=/etc/kubernetes/pki/etcd/server.crt --client-cert-auth=true --data-dir=/var/lib/etcd --experimental-initial-corrupt-check=true --experimental-watch-progress-notify-interval=5s --initial-advertise-peer-urls=https://172.16.90.252:2380 --initial-cluster=crawford=https://172.16.90.252:2380 --key-file=/etc/kubernetes/pki/etcd/server.key --listen-client-urls=https://127.0.0.1:2379,https://172.16.90.252:2379 --listen-metrics-urls=http://127.0.0.1:2381 --listen-peer-urls=https://172.16.90.252:2380 --name=crawford --peer-cert-file=/etc/kubernetes/pki/etcd/peer.crt --peer-client-cert-auth=true --peer-key-file=/etc/kubernetes/pki/etcd/peer.key --peer-trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt --snapshot-count=10000 --trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt\n"
I0722 14:24:50.410850 2224621 util.go:233] reFirstWord.Match(etcd --advertise-client-urls=https://172.16.90.252:2379 --cert-file=/etc/kubernetes/pki/etcd/server.crt --client-cert-auth=true --data-dir=/var/lib/etcd --experimental-initial-corrupt-check=true --experimental-watch-progress-notify-interval=5s --initial-advertise-peer-urls=https://172.16.90.252:2380 --initial-cluster=crawford=https://172.16.90.252:2380 --key-file=/etc/kubernetes/pki/etcd/server.key --listen-client-urls=https://127.0.0.1:2379,https://172.16.90.252:2379 --listen-metrics-urls=http://127.0.0.1:2381 --listen-peer-urls=https://172.16.90.252:2380 --name=crawford --peer-cert-file=/etc/kubernetes/pki/etcd/peer.crt --peer-client-cert-auth=true --peer-key-file=/etc/kubernetes/pki/etcd/peer.key --peer-trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt --snapshot-count=10000 --trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt)
I0722 14:24:50.410861 2224621 util.go:121] Component etcd uses running binary etcd
I0722 14:24:50.410888 2224621 util.go:85] ps - proc: "flanneld"
I0722 14:24:50.454075 2224621 util.go:89] [/bin/ps -C flanneld -o cmd --no-headers]: exit status 1
I0722 14:24:50.454124 2224621 util.go:92] ps - returning: ""
I0722 14:24:50.454163 2224621 util.go:233] reFirstWord.Match()
I0722 14:24:50.454172 2224621 util.go:263] executable 'flanneld' not running
I0722 14:24:50.454176 2224621 util.go:119] Component flanneld not running
I0722 14:24:50.454208 2224621 util.go:85] ps - proc: "hyperkube"
I0722 14:24:50.479851 2224621 util.go:89] [/bin/ps -C hyperkube -o cmd --no-headers]: exit status 1
I0722 14:24:50.479892 2224621 util.go:92] ps - returning: ""
I0722 14:24:50.479922 2224621 util.go:233] reFirstWord.Match()
I0722 14:24:50.479927 2224621 util.go:263] executable 'hyperkube kubelet' not running
I0722 14:24:50.479932 2224621 util.go:85] ps - proc: "kubelet"
I0722 14:24:50.503846 2224621 util.go:92] ps - returning: "/usr/bin/kubelet --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf --config=/var/lib/kubelet/config.yaml --container-runtime-endpoint=unix:///var/run/containerd/containerd.sock --pod-infra-container-image=registry.k8s.io/pause:3.9\n"
I0722 14:24:50.503907 2224621 util.go:233] reFirstWord.Match(/usr/bin/kubelet --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf --config=/var/lib/kubelet/config.yaml --container-runtime-endpoint=unix:///var/run/containerd/containerd.sock --pod-infra-container-image=registry.k8s.io/pause:3.9)
I0722 14:24:50.503918 2224621 util.go:121] Component kubelet uses running binary kubelet
I0722 14:24:50.503956 2224621 util.go:206] Component apiserver uses config file '/etc/kubernetes/manifests/kube-apiserver.yaml'
I0722 14:24:50.503970 2224621 util.go:206] Component scheduler uses config file '/etc/kubernetes/manifests/kube-scheduler.yaml'
I0722 14:24:50.503990 2224621 util.go:206] Component controllermanager uses config file '/etc/kubernetes/manifests/kube-controller-manager.yaml'
I0722 14:24:50.504033 2224621 util.go:206] Component etcd uses config file '/etc/kubernetes/manifests/etcd.yaml'
I0722 14:24:50.504068 2224621 util.go:199] Using default config file name '/etc/sysconfig/flanneld' for component flanneld
I0722 14:24:50.504079 2224621 util.go:199] Using default config file name '/etc/kubernetes/config' for component kubernetes
I0722 14:24:50.504106 2224621 util.go:202] Missing config file for kubelet
I0722 14:24:50.504117 2224621 util.go:202] Missing service file for apiserver
I0722 14:24:50.504126 2224621 util.go:202] Missing service file for scheduler
I0722 14:24:50.504135 2224621 util.go:202] Missing service file for controllermanager
I0722 14:24:50.504142 2224621 util.go:202] Missing service file for etcd
I0722 14:24:50.504190 2224621 util.go:202] Missing service file for flanneld
I0722 14:24:50.504201 2224621 util.go:202] Missing service file for kubernetes
I0722 14:24:50.504233 2224621 util.go:202] Missing service file for kubelet
I0722 14:24:50.504248 2224621 util.go:202] Missing kubeconfig file for apiserver
I0722 14:24:50.504260 2224621 util.go:206] Component scheduler uses kubeconfig file '/etc/kubernetes/scheduler.conf'
I0722 14:24:50.504276 2224621 util.go:206] Component controllermanager uses kubeconfig file '/etc/kubernetes/controller-manager.conf'
I0722 14:24:50.504295 2224621 util.go:202] Missing kubeconfig file for etcd
I0722 14:24:50.504303 2224621 util.go:202] Missing kubeconfig file for flanneld
I0722 14:24:50.504314 2224621 util.go:202] Missing kubeconfig file for kubernetes
I0722 14:24:50.504325 2224621 util.go:202] Missing kubeconfig file for kubelet
I0722 14:24:50.504345 2224621 util.go:202] Missing ca file for apiserver
I0722 14:24:50.504355 2224621 util.go:202] Missing ca file for scheduler
I0722 14:24:50.504388 2224621 util.go:202] Missing ca file for controllermanager
I0722 14:24:50.504397 2224621 util.go:202] Missing ca file for etcd
I0722 14:24:50.504405 2224621 util.go:202] Missing ca file for flanneld
I0722 14:24:50.504412 2224621 util.go:202] Missing ca file for kubernetes
I0722 14:24:50.504421 2224621 util.go:202] Missing ca file for kubelet
I0722 14:24:50.504434 2224621 util.go:202] Missing datadir file for apiserver
I0722 14:24:50.504441 2224621 util.go:202] Missing datadir file for scheduler
I0722 14:24:50.504468 2224621 util.go:202] Missing datadir file for controllermanager
I0722 14:24:50.504540 2224621 util.go:199] Using default datadir file name '/var/lib/etcd/default.etcd' for component etcd
I0722 14:24:50.504572 2224621 util.go:202] Missing datadir file for flanneld
I0722 14:24:50.504597 2224621 util.go:202] Missing datadir file for kubernetes
I0722 14:24:50.504627 2224621 util.go:202] Missing datadir file for kubelet
I0722 14:24:50.504657 2224621 util.go:415] Substituting $apiserverbin with 'kube-apiserver'
I0722 14:24:50.504699 2224621 util.go:415] Substituting $schedulerbin with 'kube-scheduler'
I0722 14:24:50.504735 2224621 util.go:415] Substituting $controllermanagerbin with 'kube-controller-manager'
I0722 14:24:50.504766 2224621 util.go:415] Substituting $etcdbin with 'etcd'
I0722 14:24:50.504810 2224621 util.go:415] Substituting $flanneldbin with 'flanneld'
I0722 14:24:50.504835 2224621 util.go:415] Substituting $kubeletbin with 'kubelet'
I0722 14:24:50.504870 2224621 util.go:415] Substituting $schedulerconf with '/etc/kubernetes/manifests/kube-scheduler.yaml'
I0722 14:24:50.504917 2224621 util.go:415] Substituting $controllermanagerconf with '/etc/kubernetes/manifests/kube-controller-manager.yaml'
I0722 14:24:50.504944 2224621 util.go:415] Substituting $etcdconf with '/etc/kubernetes/manifests/etcd.yaml'
I0722 14:24:50.504966 2224621 util.go:415] Substituting $flanneldconf with '/etc/sysconfig/flanneld'
I0722 14:24:50.504975 2224621 util.go:415] Substituting $kubernetesconf with '/etc/kubernetes/config'
I0722 14:24:50.504979 2224621 util.go:415] Substituting $kubeletconf with 'kubelet'
I0722 14:24:50.504983 2224621 util.go:415] Substituting $apiserverconf with '/etc/kubernetes/manifests/kube-apiserver.yaml'
I0722 14:24:50.505009 2224621 util.go:415] Substituting $kubernetessvc with 'kubernetes'
I0722 14:24:50.505028 2224621 util.go:415] Substituting $kubeletsvc with 'kubelet'
I0722 14:24:50.505032 2224621 util.go:415] Substituting $apiserversvc with 'apiserver'
I0722 14:24:50.505036 2224621 util.go:415] Substituting $schedulersvc with 'scheduler'
I0722 14:24:50.505040 2224621 util.go:415] Substituting $controllermanagersvc with 'controllermanager'
I0722 14:24:50.505044 2224621 util.go:415] Substituting $etcdsvc with 'etcd'
I0722 14:24:50.505048 2224621 util.go:415] Substituting $flanneldsvc with 'flanneld'
I0722 14:24:50.505052 2224621 util.go:415] Substituting $kuberneteskubeconfig with 'kubernetes'
I0722 14:24:50.505057 2224621 util.go:415] Substituting $kubeletkubeconfig with 'kubelet'
I0722 14:24:50.505061 2224621 util.go:415] Substituting $apiserverkubeconfig with 'apiserver'
I0722 14:24:50.505065 2224621 util.go:415] Substituting $schedulerkubeconfig with '/etc/kubernetes/scheduler.conf'
I0722 14:24:50.505306 2224621 util.go:415] Substituting $controllermanagerkubeconfig with '/etc/kubernetes/controller-manager.conf'
I0722 14:24:50.505394 2224621 util.go:415] Substituting $etcdkubeconfig with 'etcd'
I0722 14:24:50.505401 2224621 util.go:415] Substituting $flanneldkubeconfig with 'flanneld'
I0722 14:24:50.505406 2224621 util.go:415] Substituting $apiservercafile with 'apiserver'
I0722 14:24:50.505410 2224621 util.go:415] Substituting $schedulercafile with 'scheduler'
I0722 14:24:50.505415 2224621 util.go:415] Substituting $controllermanagercafile with 'controllermanager'
I0722 14:24:50.505423 2224621 util.go:415] Substituting $etcdcafile with 'etcd'
I0722 14:24:50.505431 2224621 util.go:415] Substituting $flanneldcafile with 'flanneld'
I0722 14:24:50.505436 2224621 util.go:415] Substituting $kubernetescafile with 'kubernetes'
I0722 14:24:50.505440 2224621 util.go:415] Substituting $kubeletcafile with 'kubelet'
I0722 14:24:50.505444 2224621 util.go:415] Substituting $schedulerdatadir with 'scheduler'
I0722 14:24:50.505448 2224621 util.go:415] Substituting $controllermanagerdatadir with 'controllermanager'
I0722 14:24:50.505455 2224621 util.go:415] Substituting $etcddatadir with '/var/lib/etcd/default.etcd'
I0722 14:24:50.505479 2224621 util.go:415] Substituting $flannelddatadir with 'flanneld'
I0722 14:24:50.505484 2224621 util.go:415] Substituting $kubernetesdatadir with 'kubernetes'
I0722 14:24:50.505488 2224621 util.go:415] Substituting $kubeletdatadir with 'kubelet'
I0722 14:24:50.505492 2224621 util.go:415] Substituting $apiserverdatadir with 'apiserver'
I0722 14:24:50.507595 2224621 check.go:110] -----   Running check 1.1.13   -----
I0722 14:24:50.508304 2224621 check.go:309] Command: "for adminconf in /etc/kubernetes/{admin.conf,super-admin.conf}; do if test -e $adminconf; then stat -c \\\"permissions=%a %n\\\" $adminconf; fi; done"
I0722 14:24:50.508319 2224621 check.go:310] Output:
 ""
I0722 14:24:50.508324 2224621 check.go:231] Running 1 test_items
I0722 14:24:50.508331 2224621 test.go:247] Flag 'permissions' does not exist
I0722 14:24:50.508336 2224621 check.go:255] Used auditCommand
I0722 14:24:50.508355 2224621 check.go:287] Returning from execute on tests: finalOutput &check.testOutput{testResult:false, flagFound:false, actualResult:"", ExpectedResult:"'permissions' is present"}
I0722 14:24:50.508366 2224621 check.go:184] Command: "" TestResult: false State: "FAIL" 
I0722 14:24:50.508408 2224621 root.go:89] == Running control plane checks ==
I0722 14:24:50.508462 2224621 util.go:132] Looking for config specific CIS version "cis-1.9"
I0722 14:24:50.508497 2224621 util.go:136] Looking for file: cfg/cis-1.9/controlplane.yaml
I0722 14:24:50.508568 2224621 common.go:274] Using config file: cfg/cis-1.9/config.yaml
I0722 14:24:50.508651 2224621 common.go:78] Using test file: cfg/cis-1.9/controlplane.yaml
I0722 14:24:50.508691 2224621 util.go:85] ps - proc: "kube-apiserver"
I0722 14:24:50.532984 2224621 util.go:92] ps - returning: "kube-apiserver --advertise-address=172.16.90.252 --allow-privileged=true --authorization-mode=Node,RBAC --client-ca-file=/etc/kubernetes/pki/ca.crt --enable-admission-plugins=NodeRestriction --enable-bootstrap-token-auth=true --etcd-cafile=/etc/kubernetes/pki/etcd/ca.crt --etcd-certfile=/etc/kubernetes/pki/apiserver-etcd-client.crt --etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key --etcd-servers=https://127.0.0.1:2379 --kubelet-client-certificate=/etc/kubernetes/pki/apiserver-kubelet-client.crt --kubelet-client-key=/etc/kubernetes/pki/apiserver-kubelet-client.key --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname --proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-client.crt --proxy-client-key-file=/etc/kubernetes/pki/front-proxy-client.key --requestheader-allowed-names=front-proxy-client --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt --requestheader-extra-headers-prefix=X-Remote-Extra- --requestheader-group-headers=X-Remote-Group --requestheader-username-headers=X-Remote-User --secure-port=6443 --service-account-issuer=https://kubernetes.default.svc.cluster.local --service-account-key-file=/etc/kubernetes/pki/sa.pub --service-account-signing-key-file=/etc/kubernetes/pki/sa.key --service-cluster-ip-range=10.96.0.0/12 --tls-min-version=VersionTLS12 --tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 --tls-cert-file=/etc/kubernetes/pki/apiserver.crt --tls-private-key-file=/etc/kubernetes/pki/apiserver.key\n"
I0722 14:24:50.533076 2224621 util.go:233] reFirstWord.Match(kube-apiserver --advertise-address=172.16.90.252 --allow-privileged=true --authorization-mode=Node,RBAC --client-ca-file=/etc/kubernetes/pki/ca.crt --enable-admission-plugins=NodeRestriction --enable-bootstrap-token-auth=true --etcd-cafile=/etc/kubernetes/pki/etcd/ca.crt --etcd-certfile=/etc/kubernetes/pki/apiserver-etcd-client.crt --etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key --etcd-servers=https://127.0.0.1:2379 --kubelet-client-certificate=/etc/kubernetes/pki/apiserver-kubelet-client.crt --kubelet-client-key=/etc/kubernetes/pki/apiserver-kubelet-client.key --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname --proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-client.crt --proxy-client-key-file=/etc/kubernetes/pki/front-proxy-client.key --requestheader-allowed-names=front-proxy-client --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt --requestheader-extra-headers-prefix=X-Remote-Extra- --requestheader-group-headers=X-Remote-Group --requestheader-username-headers=X-Remote-User --secure-port=6443 --service-account-issuer=https://kubernetes.default.svc.cluster.local --service-account-key-file=/etc/kubernetes/pki/sa.pub --service-account-signing-key-file=/etc/kubernetes/pki/sa.key --service-cluster-ip-range=10.96.0.0/12 --tls-min-version=VersionTLS12 --tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 --tls-cert-file=/etc/kubernetes/pki/apiserver.crt --tls-private-key-file=/etc/kubernetes/pki/apiserver.key)
I0722 14:24:50.533090 2224621 util.go:121] Component apiserver uses running binary kube-apiserver
I0722 14:24:50.533120 2224621 util.go:202] Missing config file for apiserver
I0722 14:24:50.533132 2224621 util.go:202] Missing service file for apiserver
I0722 14:24:50.533143 2224621 util.go:202] Missing kubeconfig file for apiserver
I0722 14:24:50.533153 2224621 util.go:202] Missing ca file for apiserver
I0722 14:24:50.533161 2224621 util.go:202] Missing datadir file for apiserver
I0722 14:24:50.533169 2224621 util.go:415] Substituting $apiserverbin with 'kube-apiserver'
I0722 14:24:50.533177 2224621 util.go:415] Substituting $apiserverconf with 'apiserver'
I0722 14:24:50.533180 2224621 util.go:415] Substituting $apiserversvc with 'apiserver'
I0722 14:24:50.533184 2224621 util.go:415] Substituting $apiserverkubeconfig with 'apiserver'
I0722 14:24:50.533187 2224621 util.go:415] Substituting $apiservercafile with 'apiserver'
I0722 14:24:50.533189 2224621 util.go:415] Substituting $apiserverdatadir with 'apiserver'
I0722 14:24:50.533437 2224621 common.go:366] Checking if the current node is running etcd components
I0722 14:24:50.533481 2224621 util.go:85] ps - proc: "etcd"
I0722 14:24:50.559200 2224621 util.go:92] ps - returning: "etcd --advertise-client-urls=https://172.16.90.252:2379 --cert-file=/etc/kubernetes/pki/etcd/server.crt --client-cert-auth=true --data-dir=/var/lib/etcd --experimental-initial-corrupt-check=true --experimental-watch-progress-notify-interval=5s --initial-advertise-peer-urls=https://172.16.90.252:2380 --initial-cluster=crawford=https://172.16.90.252:2380 --key-file=/etc/kubernetes/pki/etcd/server.key --listen-client-urls=https://127.0.0.1:2379,https://172.16.90.252:2379 --listen-metrics-urls=http://127.0.0.1:2381 --listen-peer-urls=https://172.16.90.252:2380 --name=crawford --peer-cert-file=/etc/kubernetes/pki/etcd/peer.crt --peer-client-cert-auth=true --peer-key-file=/etc/kubernetes/pki/etcd/peer.key --peer-trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt --snapshot-count=10000 --trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt\n"
I0722 14:24:50.559272 2224621 util.go:233] reFirstWord.Match(etcd --advertise-client-urls=https://172.16.90.252:2379 --cert-file=/etc/kubernetes/pki/etcd/server.crt --client-cert-auth=true --data-dir=/var/lib/etcd --experimental-initial-corrupt-check=true --experimental-watch-progress-notify-interval=5s --initial-advertise-peer-urls=https://172.16.90.252:2380 --initial-cluster=crawford=https://172.16.90.252:2380 --key-file=/etc/kubernetes/pki/etcd/server.key --listen-client-urls=https://127.0.0.1:2379,https://172.16.90.252:2379 --listen-metrics-urls=http://127.0.0.1:2381 --listen-peer-urls=https://172.16.90.252:2380 --name=crawford --peer-cert-file=/etc/kubernetes/pki/etcd/peer.crt --peer-client-cert-auth=true --peer-key-file=/etc/kubernetes/pki/etcd/peer.key --peer-trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt --snapshot-count=10000 --trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt)
I0722 14:24:50.559297 2224621 util.go:121] Component etcd uses running binary etcd
I0722 14:24:50.559303 2224621 common.go:383] Node is running etcd components
I0722 14:24:50.559311 2224621 root.go:103] == Running etcd checks ==
I0722 14:24:50.559318 2224621 util.go:132] Looking for config specific CIS version "cis-1.9"
I0722 14:24:50.559324 2224621 util.go:136] Looking for file: cfg/cis-1.9/etcd.yaml
I0722 14:24:50.559427 2224621 common.go:274] Using config file: cfg/cis-1.9/config.yaml
I0722 14:24:50.559488 2224621 common.go:78] Using test file: cfg/cis-1.9/etcd.yaml
I0722 14:24:50.559548 2224621 util.go:85] ps - proc: "etcd"
I0722 14:24:50.587556 2224621 util.go:92] ps - returning: "etcd --advertise-client-urls=https://172.16.90.252:2379 --cert-file=/etc/kubernetes/pki/etcd/server.crt --client-cert-auth=true --data-dir=/var/lib/etcd --experimental-initial-corrupt-check=true --experimental-watch-progress-notify-interval=5s --initial-advertise-peer-urls=https://172.16.90.252:2380 --initial-cluster=crawford=https://172.16.90.252:2380 --key-file=/etc/kubernetes/pki/etcd/server.key --listen-client-urls=https://127.0.0.1:2379,https://172.16.90.252:2379 --listen-metrics-urls=http://127.0.0.1:2381 --listen-peer-urls=https://172.16.90.252:2380 --name=crawford --peer-cert-file=/etc/kubernetes/pki/etcd/peer.crt --peer-client-cert-auth=true --peer-key-file=/etc/kubernetes/pki/etcd/peer.key --peer-trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt --snapshot-count=10000 --trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt\n"
I0722 14:24:50.587656 2224621 util.go:233] reFirstWord.Match(etcd --advertise-client-urls=https://172.16.90.252:2379 --cert-file=/etc/kubernetes/pki/etcd/server.crt --client-cert-auth=true --data-dir=/var/lib/etcd --experimental-initial-corrupt-check=true --experimental-watch-progress-notify-interval=5s --initial-advertise-peer-urls=https://172.16.90.252:2380 --initial-cluster=crawford=https://172.16.90.252:2380 --key-file=/etc/kubernetes/pki/etcd/server.key --listen-client-urls=https://127.0.0.1:2379,https://172.16.90.252:2379 --listen-metrics-urls=http://127.0.0.1:2381 --listen-peer-urls=https://172.16.90.252:2380 --name=crawford --peer-cert-file=/etc/kubernetes/pki/etcd/peer.crt --peer-client-cert-auth=true --peer-key-file=/etc/kubernetes/pki/etcd/peer.key --peer-trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt --snapshot-count=10000 --trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt)
I0722 14:24:50.587687 2224621 util.go:121] Component etcd uses running binary etcd
I0722 14:24:50.587754 2224621 util.go:206] Component etcd uses config file '/etc/kubernetes/manifests/etcd.yaml'
I0722 14:24:50.587806 2224621 util.go:202] Missing service file for etcd
I0722 14:24:50.587834 2224621 util.go:202] Missing kubeconfig file for etcd
I0722 14:24:50.587888 2224621 util.go:202] Missing ca file for etcd
I0722 14:24:50.587952 2224621 util.go:199] Using default datadir file name '/var/lib/etcd/default.etcd' for component etcd
I0722 14:24:50.587965 2224621 util.go:415] Substituting $etcdbin with 'etcd'
I0722 14:24:50.587975 2224621 util.go:415] Substituting $etcdconf with '/etc/kubernetes/manifests/etcd.yaml'
I0722 14:24:50.587983 2224621 util.go:415] Substituting $etcdsvc with 'etcd'
I0722 14:24:50.587987 2224621 util.go:415] Substituting $etcdkubeconfig with 'etcd'
I0722 14:24:50.587992 2224621 util.go:415] Substituting $etcdcafile with 'etcd'
I0722 14:24:50.587997 2224621 util.go:415] Substituting $etcddatadir with '/var/lib/etcd/default.etcd'
I0722 14:24:50.588521 2224621 root.go:109] == Running node checks ==
I0722 14:24:50.588541 2224621 util.go:132] Looking for config specific CIS version "cis-1.9"
I0722 14:24:50.588550 2224621 util.go:136] Looking for file: cfg/cis-1.9/node.yaml
I0722 14:24:50.588730 2224621 common.go:274] Using config file: cfg/cis-1.9/config.yaml
I0722 14:24:50.588795 2224621 common.go:78] Using test file: cfg/cis-1.9/node.yaml
I0722 14:24:50.588846 2224621 util.go:85] ps - proc: "hyperkube"
I0722 14:24:50.625168 2224621 util.go:89] [/bin/ps -C hyperkube -o cmd --no-headers]: exit status 1
I0722 14:24:50.625212 2224621 util.go:92] ps - returning: ""
I0722 14:24:50.625235 2224621 util.go:233] reFirstWord.Match()
I0722 14:24:50.625240 2224621 util.go:263] executable 'hyperkube kubelet' not running
I0722 14:24:50.625245 2224621 util.go:85] ps - proc: "kubelet"
I0722 14:24:50.649112 2224621 util.go:92] ps - returning: "/usr/bin/kubelet --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf --config=/var/lib/kubelet/config.yaml --container-runtime-endpoint=unix:///var/run/containerd/containerd.sock --pod-infra-container-image=registry.k8s.io/pause:3.9\n"
I0722 14:24:50.649200 2224621 util.go:233] reFirstWord.Match(/usr/bin/kubelet --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf --config=/var/lib/kubelet/config.yaml --container-runtime-endpoint=unix:///var/run/containerd/containerd.sock --pod-infra-container-image=registry.k8s.io/pause:3.9)
I0722 14:24:50.649210 2224621 util.go:121] Component kubelet uses running binary kubelet
I0722 14:24:50.649238 2224621 util.go:85] ps - proc: "kube-proxy"
I0722 14:24:50.675044 2224621 util.go:92] ps - returning: "/usr/local/bin/kube-proxy --config=/var/lib/kube-proxy/config.conf --hostname-override=crawford\n"
I0722 14:24:50.675107 2224621 util.go:233] reFirstWord.Match(/usr/local/bin/kube-proxy --config=/var/lib/kube-proxy/config.conf --hostname-override=crawford)
I0722 14:24:50.675118 2224621 util.go:121] Component proxy uses running binary kube-proxy
I0722 14:24:50.675179 2224621 util.go:206] Component kubelet uses config file '/var/lib/kubelet/config.yaml'
I0722 14:24:50.675215 2224621 util.go:199] Using default config file name '/etc/kubernetes/addons/kube-proxy-daemonset.yaml' for component proxy
I0722 14:24:50.675249 2224621 util.go:199] Using default config file name '/etc/kubernetes/config' for component kubernetes
I0722 14:24:50.675274 2224621 util.go:206] Component kubelet uses service file '/lib/systemd/system/kubelet.service'
I0722 14:24:50.675316 2224621 util.go:202] Missing service file for proxy
I0722 14:24:50.675341 2224621 util.go:202] Missing service file for kubernetes
I0722 14:24:50.675386 2224621 util.go:206] Component kubelet uses kubeconfig file '/etc/kubernetes/kubelet.conf'
I0722 14:24:50.675411 2224621 util.go:199] Using default kubeconfig file name '/etc/kubernetes/proxy.conf' for component proxy
I0722 14:24:50.675436 2224621 util.go:202] Missing kubeconfig file for kubernetes
I0722 14:24:50.675453 2224621 util.go:206] Component kubelet uses ca file '/etc/kubernetes/pki/ca.crt'
I0722 14:24:50.675484 2224621 util.go:202] Missing ca file for proxy
I0722 14:24:50.675494 2224621 util.go:202] Missing ca file for kubernetes
I0722 14:24:50.675530 2224621 util.go:202] Missing datadir file for kubelet
I0722 14:24:50.675540 2224621 util.go:202] Missing datadir file for proxy
I0722 14:24:50.675547 2224621 util.go:202] Missing datadir file for kubernetes
I0722 14:24:50.675556 2224621 util.go:415] Substituting $proxybin with 'kube-proxy'
I0722 14:24:50.675566 2224621 util.go:415] Substituting $kubeletbin with 'kubelet'
I0722 14:24:50.675574 2224621 util.go:415] Substituting $kubeletconf with '/var/lib/kubelet/config.yaml'
I0722 14:24:50.675595 2224621 util.go:415] Substituting $proxyconf with '/etc/kubernetes/addons/kube-proxy-daemonset.yaml'
I0722 14:24:50.675601 2224621 util.go:415] Substituting $kubernetesconf with '/etc/kubernetes/config'
I0722 14:24:50.675605 2224621 util.go:415] Substituting $kubeletsvc with '/lib/systemd/system/kubelet.service'
I0722 14:24:50.675612 2224621 util.go:415] Substituting $proxysvc with 'proxy'
I0722 14:24:50.675616 2224621 util.go:415] Substituting $kubernetessvc with 'kubernetes'
I0722 14:24:50.675619 2224621 util.go:415] Substituting $proxykubeconfig with '/etc/kubernetes/proxy.conf'
I0722 14:24:50.675626 2224621 util.go:415] Substituting $kuberneteskubeconfig with 'kubernetes'
I0722 14:24:50.675630 2224621 util.go:415] Substituting $kubeletkubeconfig with '/etc/kubernetes/kubelet.conf'
I0722 14:24:50.675637 2224621 util.go:415] Substituting $kubeletcafile with '/etc/kubernetes/pki/ca.crt'
I0722 14:24:50.675664 2224621 util.go:415] Substituting $proxycafile with 'proxy'
I0722 14:24:50.675669 2224621 util.go:415] Substituting $kubernetescafile with 'kubernetes'
I0722 14:24:50.675673 2224621 util.go:415] Substituting $kubeletdatadir with 'kubelet'
I0722 14:24:50.675676 2224621 util.go:415] Substituting $proxydatadir with 'proxy'
I0722 14:24:50.675679 2224621 util.go:415] Substituting $kubernetesdatadir with 'kubernetes'
I0722 14:24:50.676446 2224621 root.go:119] == Running policies checks ==
I0722 14:24:50.676478 2224621 util.go:132] Looking for config specific CIS version "cis-1.9"
I0722 14:24:50.676486 2224621 util.go:136] Looking for file: cfg/cis-1.9/policies.yaml
I0722 14:24:50.676559 2224621 common.go:274] Using config file: cfg/cis-1.9/config.yaml
I0722 14:24:50.676928 2224621 common.go:78] Using test file: cfg/cis-1.9/policies.yaml
[INFO] 1 Control Plane Security Configuration
[INFO] 1.1 Control Plane Node Configuration Files
[FAIL] 1.1.13 Ensure that the default administrative credential file permissions are set to 600 (Automated)

== Remediations master ==
1.1.13 Run the below command (based on the file location on your system) on the control plane node.
For example, chmod 600 /etc/kubernetes/admin.conf
On Kubernetes 1.29+ the super-admin.conf file should also be modified, if present.
For example, chmod 600 /etc/kubernetes/super-admin.conf


== Summary master ==
0 checks PASS
1 checks FAIL
0 checks WARN
0 checks INFO

[INFO] 2 Etcd Node Configuration

== Summary etcd ==
0 checks PASS
0 checks FAIL
0 checks WARN
0 checks INFO

[INFO] 3 Control Plane Configuration

== Summary controlplane ==
0 checks PASS
0 checks FAIL
0 checks WARN
0 checks INFO

[INFO] 4 Worker Node Security Configuration

== Summary node ==
0 checks PASS
0 checks FAIL
0 checks WARN
0 checks INFO

[INFO] 5 Kubernetes Policies
I0722 14:24:50.678347 2224621 root.go:135] == Skipping managed services checks ==

== Summary policies ==
0 checks PASS
0 checks FAIL
0 checks WARN
0 checks INFO

== Summary total ==
0 checks PASS
1 checks FAIL
0 checks WARN
0 checks INFO