Skip to content

Commit

Permalink
doc: add CIS EKS 1.5.0
Browse files Browse the repository at this point in the history 
Signed-off-by: Peter Balogh <[email protected]>
  • Loading branch information
@pbalogh-sa
pbalogh-sa committed Jan 9, 2025
1 parent 86abf36 commit cf36925
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 4 deletions.
7 changes: 4 additions & 3 deletions docs/architecture.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,11 @@ The tests (or "controls") are maintained in YAML documents. There are different
## Kube-bench benchmarks

The test files for the various versions of Benchmarks can be found in directories
with same name as the Benchmark versions under the `cfg` directory next to the kube-bench executable,
with same name as the Benchmark versions under the `cfg` directory next to the kube-bench executable,
for example `./cfg/cis-1.5` will contain all test files for [CIS Kubernetes Benchmark v1.5.1](https://workbench.cisecurity.org/benchmarks/4892) which are:
master.yaml, controlplane.yaml, node.yaml, etcd.yaml, policies.yaml and config.yaml
master.yaml, controlplane.yaml, node.yaml, etcd.yaml, policies.yaml and config.yaml

Check the contents of the benchmark directory under `cfg` to see which targets are available for that benchmark. Each file except `config.yaml` represents a target (also known as a `control` in other parts of this documentation).
Check the contents of the benchmark directory under `cfg` to see which targets are available for that benchmark. Each file except `config.yaml` represents a target (also known as a `control` in other parts of this documentation).

The following table shows the valid targets based on the CIS Benchmark version.

Expand All @@ -29,6 +29,7 @@ The following table shows the valid targets based on the CIS Benchmark version.
| eks-1.0.1 | controlplane, node, policies, managedservices |
| eks-1.1.0 | controlplane, node, policies, managedservices |
| eks-1.2.0 | controlplane, node, policies, managedservices |
| eks-1.5.0 | controlplane, node, policies, managedservices |
| ack-1.0 | master, controlplane, node, etcd, policies, managedservices |
| aks-1.0 | controlplane, node, policies, managedservices |
| rh-0.7 | master,node|
Expand Down
3 changes: 2 additions & 1 deletion docs/platforms.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ kube-bench supports running tests for Kubernetes.
Most of our supported benchmarks are defined in one of the following:
[CIS Kubernetes Benchmarks](https://www.cisecurity.org/benchmark/kubernetes/)
[STIG Document Library](https://public.cyber.mil/stigs/downloads)

Some defined by other hardenening guides.

| Source | Kubernetes Benchmark | kube-bench config | Kubernetes versions |
Expand All @@ -24,6 +24,7 @@ Some defined by other hardenening guides.
| CIS | [EKS 1.0.1](https://workbench.cisecurity.org/benchmarks/6041) | eks-1.0.1 | EKS |
| CIS | [EKS 1.1.0](https://workbench.cisecurity.org/benchmarks/6248) | eks-1.1.0 | EKS |
| CIS | [EKS 1.2.0](https://workbench.cisecurity.org/benchmarks/9681) | eks-1.2.0 | EKS |
| CIS | [EKS 1.5.0](https://workbench.cisecurity.org/benchmarks/17733) | eks-1.5.0 | EKS |
| CIS | [ACK 1.0.0](https://workbench.cisecurity.org/benchmarks/6467) | ack-1.0 | ACK |
| CIS | [AKS 1.0.0](https://workbench.cisecurity.org/benchmarks/6347) | aks-1.0 | AKS |
| RHEL | RedHat OpenShift hardening guide | rh-0.7 | OCP 3.10-3.11 |
Expand Down

0 comments on commit cf36925

Please sign in to comment.