kube-bench icon indicating copy to clipboard operation
kube-bench copied to clipboard

Published 20 hours ago verified publisher icon aquasecurity

KubeBench check fails in OCP having JSON communication method instead of YAML

Open anupamtamrakar opened this issue 3 years ago • 0 comments
trafficstars

Overview

KubeBench check fails in OCP having JSON communication method instead of YAML

How did you run kube-bench? Kubebench ran as kubernetes job, command - 'kube-bench'

What happened?

for node in $(oc get nodes -o jsonpath='{.items[*].metadata.name}') do oc debug node/${node} -- chroot /host grep -B4 -A1 anonymous: /etc/kubernetes/kubelet.conf done

This did not work because it greps for “anonymous:”, which only works for kubelet.conf in YAML, but not in JSON due to the “:” at the end. The kubelet.conf file (and other configuration files) are formatted in JSON on our clusters. So the issue is the usage of grep which does not cover JSON configuration files.

Environment

kube-bench- v0.6.6

anupamtamrakar avatar Jun 15 '22 12:06 anupamtamrakar