Benjamin Schimke bschimke95
bschimke95
/ gist:f36af8ab50c4254bca43ac15d1c7e390
Last active
February 2, 2026 16:26
kube-bench ck8s-etcd audit
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ubuntu@noble:~/kube-bench$ sudo -E kube-bench --version ck8s-cis-1.24 --config-dir ../kube-bench/cfg/ --config ../kube-bench/cfg/config.yaml -- | |
| [INFO] 1 Control Plane Security Configuration | |
| [INFO] 1.1 Control Plane Node Configuration Files | |
| [PASS] 1.1.1 Ensure that the API server configuration file permissions are set to 600 (Automated) | |
| [PASS] 1.1.2 Ensure that the API server configuration file ownership is set to root:root (Automated) | |
| [PASS] 1.1.3 Ensure that the controller manager configuration file permissions are set to 600 (Automated) | |
| [PASS] 1.1.4 Ensure that the controller manager configuration file ownership is set to root:root (Automated) | |
| [PASS] 1.1.5 Ensure that the scheduler configuration file permissions are set to 600 (Automated) | |
| [PASS] 1.1.6 Ensure that the scheduler configuration file ownership is set to root:root (Automated) | |
| [PASS] 1.1.7 Ensure that the etcd pod specification file permissions are set to 644 or more restrictive (Automated) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Configure cluster CIDR | |
| IPv4_CLUSTER_CIDR="10.1.0.0/16" | |
| IPv6_CLUSTER_CIDR="" | |
| # Require cgroup2 to be mounted | |
| cgroup_hostroot="$(mount -t cgroup2 | head -1 | cut -d' ' -f3)" | |
| if [ -z "$cgroup_hostroot" ]; then | |
| echo "cgroup2 mount not found, fail" | |
| exit 1 | |
| fi |