Merge pull request #1930 from dnoland1/patch-34

Fixed audit example for protect-kernel-defaults and make-iptables-util-chains
2026-05-16 01:53:51 +00:00 · 2019-10-24 06:58:24 -07:00
parent ac03883af0 e7119e1fd1
commit c4e26a2391
3 changed files with 6 additions and 6 deletions
@@ -366,8 +366,8 @@ To pass the following controls in the CIS benchmark, ensure the appropriate flag
 Inspect the Kubelet containers on all hosts and verify that they are running with the following options:

 - `--streaming-connection-idle-timeout=<duration greater than 0>`
- `--protect-kernel-defaults=false`
- `--make-iptables-util-chains=false`
+- `--protect-kernel-defaults=true`
+- `--make-iptables-util-chains=true`
 - `--event-qps=0`

 **Remediation**
@@ -385,8 +385,8 @@ Inspect the Kubelet containers on all hosts and verify that they are running wit

 - `--streaming-connection-idle-timeout=<duration greater than 0>`
 - `--authorization-mode=Webhook`
- `--protect-kernel-defaults=false`
- `--make-iptables-util-chains=false`
+- `--protect-kernel-defaults=true`
+- `--make-iptables-util-chains=true`
 - `--event-qps=0`
 - `--anonymous-auth=false`
 - `--feature-gates="RotateKubeletServerCertificate=true"`
@@ -473,8 +473,8 @@ Inspect the Kubelet containers on all hosts and verify that they are running wit

 - `--streaming-connection-idle-timeout=<duration greater than 0>`
 - `--authorization-mode=Webhook`
- `--protect-kernel-defaults=false`
- `--make-iptables-util-chains=false`
+- `--protect-kernel-defaults=true`
+- `--make-iptables-util-chains=true`
 - `--event-qps=0`
 - `--anonymous-auth=false`
 - `--feature-gates="RotateKubeletServerCertificate=true"`