diff --git a/cloud/kubernetes/security-compliance/k8s-audit-log-path-set.yaml b/cloud/kubernetes/security-compliance/k8s-audit-log-path-set.yaml index 0566d127fa..d705b4bd37 100644 --- a/cloud/kubernetes/security-compliance/k8s-audit-log-path-set.yaml +++ b/cloud/kubernetes/security-compliance/k8s-audit-log-path-set.yaml @@ -13,6 +13,9 @@ info: - https://kubernetes.io/docs/tasks/debug-application-cluster/audit/ tags: cloud,devops,kubernetes,security,devsecops,api-server +variables: + argument: "audit-log-path" + self-contained: true code: - engine: @@ -35,6 +38,5 @@ code: extractors: - type: dsl dsl: - - "API server configuration is missing the audit-log-path argument." - -# digest: 4c0a006730b50222003e5c33fedeeb5d9b8b9af1d43e89b7b8b97c51aa77c345d7f976f9350e22e746022 + - '"API server configuration is missing the " + argument + " argument."' +# digest: 4a0a0047304502204104b24f090bfea60d25246f47dd468a5696ce9e436fe282748f60d6c4929718022100c4902c1fc9855589dda168845c10e65647624c849700bcb556ada0418a10136a:366f2a24c8eb519f6968bd8801c08ebe \ No newline at end of file diff --git a/cloud/kubernetes/security-compliance/k8s-enc-prov-conf.yaml b/cloud/kubernetes/security-compliance/k8s-enc-prov-conf.yaml index 4a95a30227..b755b9ff12 100644 --- a/cloud/kubernetes/security-compliance/k8s-enc-prov-conf.yaml +++ b/cloud/kubernetes/security-compliance/k8s-enc-prov-conf.yaml @@ -13,6 +13,9 @@ info: - https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/ tags: cloud,devops,kubernetes,security,devsecops,encryption +variables: + argument: "encryption-provider-config" + self-contained: true code: - engine: @@ -29,10 +32,11 @@ code: - type: word words: - - "--encryption-provider-config" + - "encryption-provider-config" negative: true extractors: - type: dsl dsl: - - "Encryption provider configuration is not appropriately set." \ No newline at end of file + - '"API server configuration is missing the " + argument + " argument"' +# digest: 4b0a00483046022100d14427c3db24f5ff548847a899b85731aa480204820c6d9916a85e01dfd67939022100aeefbe775d7dade76e9c6df085d0fca70f39ead3c3374b189912d92b646253ad:366f2a24c8eb519f6968bd8801c08ebe \ No newline at end of file diff --git a/cloud/kubernetes/security-compliance/k8s-etcd-cafile-set.yaml b/cloud/kubernetes/security-compliance/k8s-etcd-cafile-set.yaml index e0a05ee92e..6607c49e47 100644 --- a/cloud/kubernetes/security-compliance/k8s-etcd-cafile-set.yaml +++ b/cloud/kubernetes/security-compliance/k8s-etcd-cafile-set.yaml @@ -13,6 +13,9 @@ info: - https://etcd.io/docs/v3.5/op-guide/security/ tags: cloud,devops,kubernetes,security,devsecops,etcd +variables: + argument: "etcd-cafile" + self-contained: true code: - engine: @@ -35,5 +38,5 @@ code: extractors: - type: dsl dsl: - - "Etcd configuration is missing the etcd-cafile argument." -# digest: 490a004630440220707289eec6b2f08d1bc88620d1d58ff41c2f661a0956d079441ee324f9ae7591022003d8bd244a842d8ba73ac829f52bb4790ab780328b5f42299d826d12d5728039:366f2a24c8eb519f6968bd8801c08ebe \ No newline at end of file + - '"Etcd configuration is missing the " + argument + " argument"' +# digest: 4a0a004730450220594bb2a708ae66a4c884326cc844ef1f6886bf8a0b305630686bd04feeb76136022100fd52f890fc86dd1b66edf3798c51cda58cff07559fe9ea37f851eeec416fd052:366f2a24c8eb519f6968bd8801c08ebe \ No newline at end of file diff --git a/cloud/kubernetes/security-compliance/k8s-etcd-files-set.yaml b/cloud/kubernetes/security-compliance/k8s-etcd-files-set.yaml index 342f97c575..7a6160556f 100644 --- a/cloud/kubernetes/security-compliance/k8s-etcd-files-set.yaml +++ b/cloud/kubernetes/security-compliance/k8s-etcd-files-set.yaml @@ -13,6 +13,9 @@ info: - https://etcd.io/docs/v3.4.0/op-guide/security/ tags: cloud,devops,kubernetes,security,devsecops,etcd +variables: + argument: "etcd-certfile or etcd-keyfile" + self-contained: true code: - engine: @@ -36,4 +39,5 @@ code: extractors: - type: dsl dsl: - - "etcd server configuration is missing the etcd-certfile or etcd-keyfile arguments." + - '"etcd server configuration is missing the " + argument + " arguments."' +# digest: 4a0a00473045022100cfc23ca747bd1aecd67bf39514f649aaaff7816196d78c5dc95666a03cb4c5090220365eb627df9b1bca710f3a45ef2371ab91d59dd2e43f3d180cd95b119ca758b3:366f2a24c8eb519f6968bd8801c08ebe \ No newline at end of file diff --git a/cloud/kubernetes/security-compliance/k8s-ns-usage-check.yaml b/cloud/kubernetes/security-compliance/k8s-ns-usage-check.yaml index 64f7d6a04b..a16b69c46b 100644 --- a/cloud/kubernetes/security-compliance/k8s-ns-usage-check.yaml +++ b/cloud/kubernetes/security-compliance/k8s-ns-usage-check.yaml @@ -13,6 +13,9 @@ info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ tags: cloud,devops,kubernetes,security,devsecops,namespaces +variables: + argument: "namespaces" + self-contained: true code: - engine: @@ -35,6 +38,5 @@ code: extractors: - type: dsl dsl: - - "Kubernetes cluster is not utilizing namespaces." - -# digest: 4b0a00483046022100a4752be32718d5e3bf67d19c2 + - '"Kubernetes cluster is not utilizing " + argument' +# digest: 490a0046304402202672a3c25ca835a804437f2745bf15f10a66112c320e7a5b51dfe586de57195d0220710bfe5832faacbd8efd9f24794ba191e008f325933688c53fc3a982a784da90:366f2a24c8eb519f6968bd8801c08ebe \ No newline at end of file diff --git a/cloud/kubernetes/security-compliance/k8s-svc-acct-issuer-set.yaml b/cloud/kubernetes/security-compliance/k8s-svc-acct-issuer-set.yaml index 823bcf2729..2ef75035b1 100644 --- a/cloud/kubernetes/security-compliance/k8s-svc-acct-issuer-set.yaml +++ b/cloud/kubernetes/security-compliance/k8s-svc-acct-issuer-set.yaml @@ -13,6 +13,9 @@ info: - https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ tags: cloud,devops,kubernetes,security,devsecops,api-server +variables: + argument: "service-account-issuer" + self-contained: true code: - engine: @@ -35,4 +38,5 @@ code: extractors: - type: dsl dsl: - - "API server configuration lacks the service-account-issuer argument." \ No newline at end of file + - '"API server configuration lacks the " + argument + " argument."' +# digest: 4a0a00473045022100c383c51f45c32761519dc9ae727df05e29281c3c290d9d57d16db6930fa148b20220228d5e842cdfd0f2c0b6cdf7361d18f45d9ed24f62d49ce47aa81ec2a470e548:366f2a24c8eb519f6968bd8801c08ebe \ No newline at end of file diff --git a/cloud/kubernetes/security-compliance/k8s-svc-acct-key.yaml b/cloud/kubernetes/security-compliance/k8s-svc-acct-key.yaml index 3c48a6ed5f..297ea44109 100644 --- a/cloud/kubernetes/security-compliance/k8s-svc-acct-key.yaml +++ b/cloud/kubernetes/security-compliance/k8s-svc-acct-key.yaml @@ -13,6 +13,9 @@ info: - https://kubernetes.io/docs/admin/kube-apiserver/ tags: cloud,devops,kubernetes,security,devsecops,api-server +variables: + argument: "service-account-key-file" + self-contained: true code: - engine: @@ -35,6 +38,5 @@ code: extractors: - type: dsl dsl: - - "API server configuration is missing the service-account-key-file argument." - -# digest: 4a0a00473045022100e3dc33fefeeb5d3b9a9af3d43e89b7b7c97c50aa77b344d7e976f9340e22e7450220159e8da06b7ceb82c532bd1caeeeffba7c237c568a57988f1ada334a7c09fa83:366f2a24c8eb519f6968bd8801c08ebe \ No newline at end of file + - '"API server configuration is missing the " + argument + " argument."' +# digest: 4b0a00483046022100d90abd4d95997cdae687e28ede25e595c3567439758ad5e5b8adf28ac88684ff022100a25db689afdc09e1640bf03bd0b212e5e20b0b4b1532723c985c617f99fb5ad8:366f2a24c8eb519f6968bd8801c08ebe \ No newline at end of file diff --git a/cloud/kubernetes/security-compliance/k8s-svc-acct-lookup-set.yaml b/cloud/kubernetes/security-compliance/k8s-svc-acct-lookup-set.yaml index 049615a486..5168e9aaf8 100644 --- a/cloud/kubernetes/security-compliance/k8s-svc-acct-lookup-set.yaml +++ b/cloud/kubernetes/security-compliance/k8s-svc-acct-lookup-set.yaml @@ -13,6 +13,9 @@ info: - https://kubernetes.io/docs/admin/kube-apiserver/ tags: cloud,devops,kubernetes,security,devsecops,api-server +variables: + argument: "service-account-lookup=true" + self-contained: true code: - engine: @@ -35,4 +38,5 @@ code: extractors: - type: dsl dsl: - - "API server configuration is missing the 'service-account-lookup=true' argument." + - '"API server configuration is missing the \"" + argument + "\" argument."' +# digest: 4b0a0048304602210085946e152e8d65fcadb1a22c5eac0e8376ed742a2f8932f74e3dbf2d30411a24022100c5c0c4d7313d6e28cb338c82c20170e4ae7f5b45ae784715be32160b4314e357:366f2a24c8eb519f6968bd8801c08ebe \ No newline at end of file diff --git a/cloud/kubernetes/security-compliance/k8s-tls-config-set.yaml b/cloud/kubernetes/security-compliance/k8s-tls-config-set.yaml index 8c982f216a..30b5c65b75 100644 --- a/cloud/kubernetes/security-compliance/k8s-tls-config-set.yaml +++ b/cloud/kubernetes/security-compliance/k8s-tls-config-set.yaml @@ -13,6 +13,9 @@ info: - https://kubernetes.io/docs/admin/kube-apiserver/ tags: cloud,devops,kubernetes,security,devsecops,api-server +variables: + argument: "tls-cert-file or tls-private-key-file" + self-contained: true code: - engine: @@ -36,6 +39,5 @@ code: extractors: - type: dsl dsl: - - "API server configuration is missing the tls-cert-file or tls-private-key-file argument." - -# digest: 4a0a00473045022100e3dc33fefeeb5d3b9a9af3d43e89b7b7c97c50aa77b344d7e976f9340e22e7450220159e8da06b7ceb82c532bd1caeeeffba7c237c568a57988f1ada334a7c09fa83:366f2a24c8eb519f6968bd8801c08ebe + - '"API server configuration is missing the " + argument + " argument."' +# digest: 490a00463044022061ee1577d8528e7614d9ad92ed72f68f00426fc1d950015d2bef6fce8fbf285402207dd62ff126ce6129997240e3edc31f8adaf047cf5c341ba65b0ff1851b35ee99:366f2a24c8eb519f6968bd8801c08ebe \ No newline at end of file