From dd6b9613774a680e656308b2ad0573e5272ef44e Mon Sep 17 00:00:00 2001
From: Nelson Roberts <nelson@rancher.com>
Date: Mon, 8 Jun 2020 09:51:48 -0700
Subject: [PATCH] EIO-4: known issue update

---
 content/rancher/v2.x/en/security/hardening-2.3.5/_index.md | 4 ++--
 content/rancher/v2.x/en/security/hardening-2.4/_index.md   | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/content/rancher/v2.x/en/security/hardening-2.3.5/_index.md b/content/rancher/v2.x/en/security/hardening-2.3.5/_index.md
index 13f8965da9e..4f9aa6849e8 100644
--- a/content/rancher/v2.x/en/security/hardening-2.3.5/_index.md
+++ b/content/rancher/v2.x/en/security/hardening-2.3.5/_index.md
@@ -24,8 +24,8 @@ For more detail about evaluating a hardened cluster against the official CIS ben
 
 #### Known Issues
 
-- Rancher **exec shell** and **view logs** for pods are **not** functional in a CIS 1.5 hardened setup when only public IP is provided when registering custom nodes.
-- When setting the `default_pod_security_policy_template_id:` to `restricted` Rancher creates **RoleBindings** and **ClusterRoleBindings** on the default service accounts. The default service accounts should be configured such that it does not provide a service account token and does not have any explicit rights assignments.
+- Rancher **exec shell** and **view logs** for pods are **not** functional in a CIS 1.5 hardened setup when only public IP is provided when registering custom nodes. This functionality requires a private IP to be provided when registering the custom nodes.
+- When setting the `default_pod_security_policy_template_id:` to `restricted` Rancher creates **RoleBindings** and **ClusterRoleBindings** on the default service accounts. The CIS 1.5 5.1.5 check requires the default service accounts have no roles or cluster roles bound to it apart from the defaults. In addition the default service accounts should be configured such that it does not provide a service account token and does not have any explicit rights assignments.
 
 ### Configure Kernel Runtime Parameters
 
diff --git a/content/rancher/v2.x/en/security/hardening-2.4/_index.md b/content/rancher/v2.x/en/security/hardening-2.4/_index.md
index 47923a5d429..fd0614ad98a 100644
--- a/content/rancher/v2.x/en/security/hardening-2.4/_index.md
+++ b/content/rancher/v2.x/en/security/hardening-2.4/_index.md
@@ -24,8 +24,8 @@ For more detail about evaluating a hardened cluster against the official CIS ben
 
 #### Known Issues
 
-- Rancher **exec shell** and **view logs** for pods are **not** functional in a CIS 1.5 hardened setup when only public IP is provided when registering custom nodes.
-- When setting the `default_pod_security_policy_template_id:` to `restricted` Rancher creates **RoleBindings** and **ClusterRoleBindings** on the default service accounts. The default service accounts should be configured such that it does not provide a service account token and does not have any explicit rights assignments.
+- Rancher **exec shell** and **view logs** for pods are **not** functional in a CIS 1.5 hardened setup when only public IP is provided when registering custom nodes. This functionality requires a private IP to be provided when registering the custom nodes.
+- When setting the `default_pod_security_policy_template_id:` to `restricted` Rancher creates **RoleBindings** and **ClusterRoleBindings** on the default service accounts. The CIS 1.5 5.1.5 check requires the default service accounts have no roles or cluster roles bound to it apart from the defaults. In addition the default service accounts should be configured such that it does not provide a service account token and does not have any explicit rights assignments.
 
 ### Configure Kernel Runtime Parameters