Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[v2.9] Bump cis-operator and security-scan to the latest version in cis-benchmark chart #330

Closed
vardhaman22 opened this issue Aug 1, 2024 · 2 comments
Closed

[v2.9] Bump cis-operator and security-scan to the latest version in cis-benchmark chart #330

vardhaman22 opened this issue Aug 1, 2024 · 2 comments
Assignees
@vardhaman22
Labels
team/infracloud team/security

Comments

@vardhaman22
Copy link
Contributor

new versions of cis-operator and security-scan is available and needed to be bumped in the rancher-cis-benchmark chart.
This was referenced Aug 1, 2024
Closed
Open
@vardhaman22 vardhaman22 self-assigned this Aug 1, 2024
@vardhaman22 vardhaman22 mentioned this issue Aug 2, 2024
Merged
@vardhaman22
Copy link
Contributor Author

vardhaman22 commented Aug 9, 2024
edited
Loading

for the new security scan tag many checks of the rke2 and k3s profiles are updated so all those profiles needs to be verified.

  • permissive and hardened k3s profiles 1.23, 1.24, 1.7, 1.8
  • permissive and hardened rke2 profiles 1.23, 1.24, 1.7, 1.8

also this PR fixes some issue with k3s checks on sles so that also needs to be verified.

@vardhaman22 vardhaman22 mentioned this issue Aug 14, 2024
Merged
@vivek-shilimkar
Copy link
Member

Validated on rancher v2.9.1-rc1

  • Created RKE1 v1.30.3rancher1-1 node driver and hardened clusters.
  • Created RKE2 v1.30.2+rke2r1 node driver and hardened clusters.
  • Created K3s v1.30.2+k3s2 node driver and hardened clusters.
  • Installed CIS 6.1.0-rc2 chart on all the clusters.

Following expected failures are

  • 4.1.7 fails on RKE1 hardened
  • 1.1.1, 1.1.3, 1.1.5, 1.1.7 fails on RKE2 node driver cluster which is expected.

@vardhaman22 vardhaman22 mentioned this issue Aug 16, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vardhaman22 vardhaman22

Labels
team/infracloud team/security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@vivek-shilimkar @vardhaman22