From 3b54d7dfd808a1363f80e3c5db8efa6b15c2c90d Mon Sep 17 00:00:00 2001 From: mozillazg Date: Sun, 3 Dec 2023 01:36:04 +0000 Subject: [PATCH] update integration test --- integration/testdata/Expected_output.data | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/integration/testdata/Expected_output.data b/integration/testdata/Expected_output.data index 0df5ce0b3..91f345ca7 100644 --- a/integration/testdata/Expected_output.data +++ b/integration/testdata/Expected_output.data @@ -221,8 +221,8 @@ minimum. [INFO] 4.1 Worker Node Configuration Files [PASS] 4.1.1 Ensure that the kubelet service file permissions are set to 644 or more restrictive (Automated) [PASS] 4.1.2 Ensure that the kubelet service file ownership is set to root:root (Automated) -[PASS] 4.1.3 If proxy kubeconfig file exists ensure permissions are set to 644 or more restrictive (Manual) -[PASS] 4.1.4 If proxy kubeconfig file exists ensure ownership is set to root:root (Manual) +[WARN] 4.1.3 If proxy kubeconfig file exists ensure permissions are set to 644 or more restrictive (Manual) +[WARN] 4.1.4 If proxy kubeconfig file exists ensure ownership is set to root:root (Manual) [PASS] 4.1.5 Ensure that the --kubeconfig kubelet.conf file permissions are set to 644 or more restrictive (Automated) [PASS] 4.1.6 Ensure that the --kubeconfig kubelet.conf file ownership is set to root:root (Automated) [PASS] 4.1.7 Ensure that the certificate authorities file permissions are set to 644 or more restrictive (Manual) @@ -245,6 +245,13 @@ minimum. [WARN] 4.2.13 Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers (Manual) == Remediations node == +4.1.3 Run the below command (based on the file location on your system) on the each worker node. +For example, +chmod 644 /etc/kubernetes/proxy.conf + +4.1.4 Run the below command (based on the file location on your system) on the each worker node. +For example, chown root:root /etc/kubernetes/proxy.conf + 4.2.6 If using a Kubelet config file, edit the file to set protectKernelDefaults: true. If using command line arguments, edit the kubelet service file /etc/systemd/system/kubelet.service.d/10-kubeadm.conf on each worker node and