How to conduct CIS hardening benchmark scanning for Rancher v2.3.x

Follow
Table of Contents

How to conduct CIS hardening benchmark scanning for Rancher v2.3.x

CIS Benchmarks are best practices for the secure configuration of a target system. Available for more than 140 technologies, CIS Benchmarks are developed through a unique consensus-based process comprised of cybersecurity professionals and subject matter experts around the world. CIS Benchmarks are the only consensus-based, best-practice security configuration guides both developed and accepted by government, business, industry, and academia.

This script is based on CIS Benchmark Rancher Self-Assessment Guide v2.3 https://rancher.com/docs/rancher/v2.x/en/security/benchmark-2.3, which was derived from CIS Kubernetes Benchmark v1.4.1.

Pre-requisites

  • Rancher version 2.3.x
  • Kubernetes version 1.15
  • jq, grep, awk and kubectl installed on target node

Steps

  1. Clone the script into the target node git clone https://github.com/nickngch/rancher-hardening.git
  2. Access the folder cd rancher-hardening
  3. Execute the script based on the node's role
  4. For Control Plane - sudo bash ./master.sh 2.3 cp
  5. For Control Plane + ETCD - sudo bash ./master.sh 2.3 all
  6. For ETCD - sudo bash ./master.sh 2.3 etcd
  7. For worker node - sudo ./worker.sh 2.3

Limitation

  • Section 1.6 and 1.7 in master node require manual verification.

Further reading

https://www.cisecurity.org/cis-benchmarks/cis-benchmarks-faq/

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.