github.com/khulnasoft-lab/kube-bench@v0.2.1-0.20240330183753-9df52345ae58/cfg/eks-stig-kubernetes-v1r6/policies.yaml

github.com/khulnasoft-lab/kube-bench@v0.2.1-0.20240330183753-9df52345ae58/cfg/eks-stig-kubernetes-v1r6/policies.yaml (about)

     1  ---
     2  controls:
     3  version: "eks-stig-kubernetes-v1r6"
     4  id: 4
     5  text: "Policies"
     6  type: "policies"
     7  groups:
     8    - id: 4.1
     9      text: "Policies - DISA Category Code I"
    10      checks:
    11        - id: V-242381
    12          text: "The Kubernetes Controller Manager must create unique service accounts for each work payload. (Manual)"
    13          type: "manual"
    14          remediation: |
    15           Create explicit service accounts wherever a Kubernetes workload requires specific access
    16           to the Kubernetes API server.
    17           Modify the configuration of each default service account to include this value
    18           automountServiceAccountToken: false
    19          scored: false
    20  
    21        - id: V-242383
    22          text: "User-managed resources must be created in dedicated namespaces. (Manual)"
    23          type: "manual"
    24          remediation: |
    25           Move any user-managed resources from the default, kube-public and kube-node-lease namespaces, to user namespaces.
    26          scored: false
    27  
    28        - id: V-242417
    29          text: "Kubernetes must separate user functionality. (Manual)"
    30          type: "manual"
    31          remediation: |
    32           Move any user pods that are present in the Kubernetes system namespaces to user specific namespaces.
    33          scored: false