Rancher Hardening Guide Rancher v2.1.x1 Description Configure a restrictive pod security policy (PSP) as the default and create role bindings for system level services to use the less restrictive default PSP. Rationale To address the following following controls, a restrictive default PSP needs to be applied as the default. Role bindings need to be in place to allow system services to still function. 1.7.1 - Do not admit privileged containers get role default-psp-role -n cattle-system kubectl get clusterrole psp:restricted Verify the bindings are set correctly: kubectl get rolebinding -n ingress-nginx default-psp-rolebinding kubectl get0 码力 | 24 页 | 336.27 KB | 1 年前3- CIS Benchmark Rancher Self-Assessment Guide - v2.4"${default_binding}" -gt 0 ]]; then echo "fail: default service accounts have non default bindings" exit 1 fi echo "--pass" exit 0 Audit Execution: ./5.1.5.sh Expected result: '--pass'0 码力 | 54 页 | 447.77 KB | 1 年前3
- CIS 1.5 Benchmark - Self-Assessment Guide - Rancher v2.5"${default_binding}" -gt 0 ]]; then echo "fail: default service accounts have non default bindings" exit 1 fi echo "--pass" exit 0 Audit Execution: ./5.1.5.sh Expected result: '--pass'0 码力 | 54 页 | 447.97 KB | 1 年前3
共 3 条
- 1