How to conduct CIS hardening benchmark scanning for Rancher v2.3.x
CIS Benchmarks are best practices for the secure configuration of a target system. Available for more than 140 technologies, CIS Benchmarks are developed through a unique consensus-based process comprised of cybersecurity professionals and subject matter experts around the world. CIS Benchmarks are the only consensus-based, best-practice security configuration guides both developed and accepted by government, business, industry, and academia.
This script is based on
CIS Benchmark Rancher Self-Assessment Guide v2.3 https://rancher.com/docs/rancher/v2.x/en/security/benchmark-2.3, which was derived from
CIS Kubernetes Benchmark v1.4.1.
- Rancher version 2.3.x
- Kubernetes version 1.15
kubectlinstalled on target node
- Clone the script into the target node
git clone https://github.com/nickngch/rancher-hardening.git
- Access the folder
- Execute the script based on the node's role
- For Control Plane -
sudo bash ./master.sh 2.3 cp
- For Control Plane + ETCD -
sudo bash ./master.sh 2.3 all
- For ETCD -
sudo bash ./master.sh 2.3 etcd
- For worker node -
sudo ./worker.sh 2.3
- Section 1.6 and 1.7 in master node require manual verification.