public/rancher-docs
1
0
Fork 0
mirror of https://github.com/rancher/rancher-docs.git synced 2026-05-26 14:48:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

Respond to feedback on CIS scan doc

Browse Source
This commit is contained in:
catherineluse
2019-12-20 12:23:34 -07:00
committed by Catherine Luse
parent 3ef9e40bd8
commit f7214c39f8
2 changed files with 9 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
content/rancher/v2.x/en/security/_index.md
+4 -4
View File
@@ -35,17 +35,17 @@ On this page, we provide security-related documentation along with resources to
_Available as of v2.4_
Rancher leverages [kube-bench](https://github.com/aquasecurity/kube-bench) run a security scan to check whether Kubernetes is deployed according to security best practices as defined in the CIS (Center for Internet Security) Kubernetes Benchmark.
Rancher leverages [kube-bench](https://github.com/aquasecurity/kube-bench) to run a security scan to check whether Kubernetes is deployed according to security best practices as defined in the CIS (Center for Internet Security) Kubernetes Benchmark.
The CIS Kubernetes Benchmark is a reference document that can be used to establish a secure configuration baseline for Kubernetes.
The CIS Kubernetes Benchmark is a reference document that can be used to establish a secure configuration baseline for Kubernetes. The Benchmark provides recommendations of two types: Scored and Not Scored. We run tests related to only Scored recommendations.
When Rancher scans a cluster, it generates a report showing the results of each test, including the number of passed, skipped, and failed tests. The report also includes guidance on how to configure the cluster so that the failing tests will pass.
When Rancher runs a CIS Security Scan on a cluster, it generates a report showing the results of each test, including a summary with the number of passed, skipped and failed tests. The report also includes remediation steps for any failed tests.
For details, refer to the section on [security scans.]({{<baseurl>}}/rancher/v2.x/en/security/security-scan)
### Rancher Hardening Guide
The Rancher Hardening Guide is based off of controls and best practices found in the [CIS Kubernetes Benchmark](https://www.cisecurity.org/benchmark/kubernetes/) from the Center for Internet Security. The hardening guide provides prescriptive guidance for hardening a production installation of Rancher v2.1.x, v2.2.x and v.2.3.x. See Rancher's [Self Assessment of the CIS Kubernetes Benchmark](#cis-benchmark-rancher-self-assessment) for the full list of security controls.
The Rancher Hardening Guide is based off of controls and best practices found in the <a href="https://www.cisecurity.org/benchmark/kubernetes/" target="_blank">CIS Kubernetes Benchmark</a> from the Center for Internet Security. The hardening guide provides prescriptive guidance for hardening a production installation of Rancher v2.1.x, v2.2.x and v.2.3.x. See Rancher's [Self Assessment of the CIS Kubernetes Benchmark](#cis-benchmark-rancher-self-assessment) for the full list of security controls.
- [Hardening Guide for Rancher v2.1.x with Kubernetes 1.11]({{< baseurl >}}/rancher/v2.x/en/security/hardening-2.1/)
- [Hardening Guide for Rancher v2.2.x with Kubernetes 1.13]({{< baseurl >}}/rancher/v2.x/en/security/hardening-2.2/)
content/rancher/v2.x/en/security/security-scan/_index.md
+5 -5
View File
@@ -7,9 +7,9 @@ _Available as of v2.4_
Rancher can run a security scan to check whether Kubernetes is deployed according to security best practices as defined in the CIS (Center for Internet Security) Kubernetes Benchmark.
The CIS Kubernetes Benchmark is a reference document that can be used to establish a secure configuration baseline for Kubernetes.
The CIS Kubernetes Benchmark is a reference document that can be used to establish a secure configuration baseline for Kubernetes. The Benchmark provides recommendations of two types: Scored and Not Scored. We run tests related to only Scored recommendations.
When Rancher scans a cluster, it generates a report showing the results of each test, including the number of passed, skipped, and failed tests. The report also includes guidance on how to configure the cluster so that the failing tests will pass.
When Rancher runs a CIS Security Scan on a cluster, it generates a report showing the results of each test, including a summary with the number of passed, skipped and failed tests. The report also includes remediation steps for any failed tests.
To check clusters for CIS Kubernetes Benchmark compliance, the security scan leverages [kube-bench,](https://github.com/aquasecurity/kube-bench) an open-source tool from Aqua Security.
@@ -19,11 +19,11 @@ When Rancher scans a cluster hosted in a managed Kubernetes provider such as GKE
Each scan generates a report can be viewed in the Rancher UI and can be downloaded in CSV format.
The version of the [benchmark](https://www.cisecurity.org/benchmark/kubernetes/) that is used depends on the cluster's Kubernetes version.
The version of the [Benchmark](https://www.cisecurity.org/benchmark/kubernetes/) that is used depends on the cluster's Kubernetes version.
Each test in the resport is identified by its corresponding section of the benchmark. For example, if a cluster fails test 1.3.6, you can look up the description and rationale for the benchmark section 1.3.6 in the benchmark itself, or in Rancher's [hardening guide for the Kubernetes version that the cluster is using.]({{<baseurl>}}/rancher/v2.x/en/security/#rancher-hardening-guide)
Each test in the report is identified by its corresponding Scored test in the Benchmark. For example, if a cluster fails test 1.3.6, you can look up the description and rationale for the section 1.3.6 in the Benchmark itself, or in Rancher's [hardening guide for the Kubernetes version that the cluster is using.]({{<baseurl>}}/rancher/v2.x/en/security/#rancher-hardening-guide) Recommendations marked as Not Scored in the Benchmark are not included in the report.
Similarly, for information how to manually audit the test result, you could look up section 1.3.6 in Rancher's [self-assessment guide for the corresponding Kubernetes version.]({{<baseurl>}}/rancher/v2.x/en/security/#the-cis-benchmark-and-self-assessment)
Similarly, for information on how to manually audit the test result, you could look up section 1.3.6 in Rancher's [self-assessment guide for the corresponding Kubernetes version.]({{<baseurl>}}/rancher/v2.x/en/security/#the-cis-benchmark-and-self-assessment)
### Prerequisites