Andy Pitcher

Hi, This issue can be partially resolved, here is the code to retrieve IP router alert: ``` #Check router alert (HL has to be above 5 and ip.opts == '\x94\x04\x00\x00')...

As discussed internally, one of the suggestion would be to create a new dedicated section (eg. `Rancher features hardening` as proposed by @alexandreLamarre) within [Rancher Security Guides](https://ranchermanager.docs.rancher.com/reference-guides/rancher-security). This section will...

@lizrice happy to help there, we keep on publishing our CIS profiles in [rancher/security-scan/cfg/ ](https://github.com/rancher/security-scan/tree/master/package/cfg) to server the `Rancher CIS Benchmark Chart` and recently published directly into kube-bench's cfgs.

@SeryioGonzalez not sure which version of CIS you were referring to, but in general check `4.1.7 Ensure that the certificate authorities file permissions are set to 6XX or more restrictive...

Related issue: - https://github.com/rancher/rancher/issues/45318 This one can be closed.

Hi, Sorry for the late reply, the project code is a bit everywhere, I will update the repo with the missing information. For now, you can have a look to...

Hi RajaMuz, Thanks for your interest, You don't have to use Linux, however since this script is not too generic, you want to make sure you are using a directory...

RajaMuz, The script has been developed on a Linux 64bit with python V2. Depending on the size of your dataset, I would recommend to test the script with one device...

### Test case 1: auto-tls and peer-auto-tls set to false ``` [root@k3s-standalone]# cat /etc/rancher/k3s/config.yaml.d/50-rancher.yaml | tail -5 "etcd-arg": [ "auto-tls=true", "peer-auto-tls=true" ] } ``` **Results:** ``` [root@k3s-standalone]# ./kube-bench run --targets...

- [x] K3s - https://docs.k3s.io/security/self-assessment-1.8 - [x] RKE2 - https://docs.rke2.io/security/cis_self_assessment18 - [ ] RKE1 - In progress