kube-bench Modify `1.2.3 Ensure that the DenyServiceExternalIPs is set` in CIS-1.7/1.8

Modify `1.2.3 Ensure that the DenyServiceExternalIPs is set` in CIS-1.7/1.8

Open andypitcher opened this issue 1 year ago • 0 comments

Parent: https://github.com/aquasecurity/kube-bench/issues/1606

Context: In CIS-1.7 and CIS-1.8 (master 1.2.3 Ensure that the DenyServiceExternalIPs is set) the operand is wrong and makes the check to WARN even if --enable-admission-plugins=DenyServiceExternalIPs is properly set.

This PR makes the following change to master 1.2.3 check for CIS-1.7 and CIS-1.8:

op changed from have to has and removed bin_op: or
remediation description changed to only include --enable-admission-plugins

Apr 30 '24 23:04 andypitcher

kube-bench kube-bench copied to clipboard

Modify `1.2.3 Ensure that the DenyServiceExternalIPs is set` in CIS-1.7/1.8

kube-bench
kube-bench copied to clipboard