Andy Pitcher
Andy Pitcher
The documentation update for the related checks will be handled in https://github.com/rancher/rancher/issues/45318. I'm Closing this issues.
@dereknola is this issue still to be considered given our recent work ?
@dereknola closing since the above issue has been merged.
> I tried to make cis 4.1.7 test case pass for rke hardened cluster, currently it passes for controlplane and worker nodes but fails for etcd node, and here are...
Hey @afdesk RKE1 will be [EOL](https://www.suse.com/support/kb/doc/?id=000021513) in end of July 2025. The last version for RKE1 is and will be `RKE-CIS-1.8`, as we chose to pursue CIS only for RKE2...
Looks good to me at a first glance, would be good to test this change further to confirm the following elements: **1. Ensure User Request Scope is Maintained** The user...
@elvinasp - For 1.2.19, you're looking to K3s 1.23 CIS, and insecure-port has been removed since k8s [1.20](https://github.com/kubernetes/kubeadm/issues/2156) which was long deprecated, so this is normal. - Same for [1.2.26](https://workbench.cisecurity.org/sections/31360/recommendations/92331),...
@nguyenthanhvu240 that's a good point - Actually it looks like 5.6 has been absent for as long as the `5 - Policies` recommendations have been around CIS Kubernetes benchmarks. Here...
I suggest we close this issue @afdesk , as it's something that originates from CIS Workbench. Here is the discussion related: https://workbench.cisecurity.org/community/43/discussions/11042
@shenghongfu thanks for bringing this up. Here are some answers: 1. 1.1.7 This check should be skipped as per our [Skipped and Not Applicable tests](https://ranchermanager.docs.rancher.com/integrations-in-rancher/cis-scans/skipped-and-not-applicable-tests) In rancher/security-scan/cfg you can see...