updated DSLs
Prince Chaddha
parent
1fb4542c78
commit
7ae624e9d8
|
|
@ -13,6 +13,9 @@ info:
|
||||||
- https://kubernetes.io/docs/tasks/debug-application-cluster/audit/
|
- https://kubernetes.io/docs/tasks/debug-application-cluster/audit/
|
||||||
tags: cloud,devops,kubernetes,security,devsecops,api-server
|
tags: cloud,devops,kubernetes,security,devsecops,api-server
|
||||||
|
|
||||||
|
variables:
|
||||||
|
argument: "audit-log-path"
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
code:
|
code:
|
||||||
- engine:
|
- engine:
|
||||||
|
|
@ -35,6 +38,5 @@ code:
|
||||||
extractors:
|
extractors:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- "API server configuration is missing the audit-log-path argument."
|
- '"API server configuration is missing the " + argument + " argument."'
|
||||||
|
# digest: 4a0a0047304502204104b24f090bfea60d25246f47dd468a5696ce9e436fe282748f60d6c4929718022100c4902c1fc9855589dda168845c10e65647624c849700bcb556ada0418a10136a:366f2a24c8eb519f6968bd8801c08ebe
|
||||||
# digest: 4c0a006730b50222003e5c33fedeeb5d9b8b9af1d43e89b7b8b97c51aa77c345d7f976f9350e22e746022
|
|
||||||
|
|
@ -13,6 +13,9 @@ info:
|
||||||
- https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/
|
- https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/
|
||||||
tags: cloud,devops,kubernetes,security,devsecops,encryption
|
tags: cloud,devops,kubernetes,security,devsecops,encryption
|
||||||
|
|
||||||
|
variables:
|
||||||
|
argument: "encryption-provider-config"
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
code:
|
code:
|
||||||
- engine:
|
- engine:
|
||||||
|
|
@ -29,10 +32,11 @@ code:
|
||||||
|
|
||||||
- type: word
|
- type: word
|
||||||
words:
|
words:
|
||||||
- "--encryption-provider-config"
|
- "encryption-provider-config"
|
||||||
negative: true
|
negative: true
|
||||||
|
|
||||||
extractors:
|
extractors:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- "Encryption provider configuration is not appropriately set."
|
- '"API server configuration is missing the " + argument + " argument"'
|
||||||
|
# digest: 4b0a00483046022100d14427c3db24f5ff548847a899b85731aa480204820c6d9916a85e01dfd67939022100aeefbe775d7dade76e9c6df085d0fca70f39ead3c3374b189912d92b646253ad:366f2a24c8eb519f6968bd8801c08ebe
|
||||||
|
|
@ -13,6 +13,9 @@ info:
|
||||||
- https://etcd.io/docs/v3.5/op-guide/security/
|
- https://etcd.io/docs/v3.5/op-guide/security/
|
||||||
tags: cloud,devops,kubernetes,security,devsecops,etcd
|
tags: cloud,devops,kubernetes,security,devsecops,etcd
|
||||||
|
|
||||||
|
variables:
|
||||||
|
argument: "etcd-cafile"
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
code:
|
code:
|
||||||
- engine:
|
- engine:
|
||||||
|
|
@ -35,5 +38,5 @@ code:
|
||||||
extractors:
|
extractors:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- "Etcd configuration is missing the etcd-cafile argument."
|
- '"Etcd configuration is missing the " + argument + " argument"'
|
||||||
# digest: 490a004630440220707289eec6b2f08d1bc88620d1d58ff41c2f661a0956d079441ee324f9ae7591022003d8bd244a842d8ba73ac829f52bb4790ab780328b5f42299d826d12d5728039:366f2a24c8eb519f6968bd8801c08ebe
|
# digest: 4a0a004730450220594bb2a708ae66a4c884326cc844ef1f6886bf8a0b305630686bd04feeb76136022100fd52f890fc86dd1b66edf3798c51cda58cff07559fe9ea37f851eeec416fd052:366f2a24c8eb519f6968bd8801c08ebe
|
||||||
|
|
@ -13,6 +13,9 @@ info:
|
||||||
- https://etcd.io/docs/v3.4.0/op-guide/security/
|
- https://etcd.io/docs/v3.4.0/op-guide/security/
|
||||||
tags: cloud,devops,kubernetes,security,devsecops,etcd
|
tags: cloud,devops,kubernetes,security,devsecops,etcd
|
||||||
|
|
||||||
|
variables:
|
||||||
|
argument: "etcd-certfile or etcd-keyfile"
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
code:
|
code:
|
||||||
- engine:
|
- engine:
|
||||||
|
|
@ -36,4 +39,5 @@ code:
|
||||||
extractors:
|
extractors:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- "etcd server configuration is missing the etcd-certfile or etcd-keyfile arguments."
|
- '"etcd server configuration is missing the " + argument + " arguments."'
|
||||||
|
# digest: 4a0a00473045022100cfc23ca747bd1aecd67bf39514f649aaaff7816196d78c5dc95666a03cb4c5090220365eb627df9b1bca710f3a45ef2371ab91d59dd2e43f3d180cd95b119ca758b3:366f2a24c8eb519f6968bd8801c08ebe
|
||||||
|
|
@ -13,6 +13,9 @@ info:
|
||||||
- https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
|
- https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
|
||||||
tags: cloud,devops,kubernetes,security,devsecops,namespaces
|
tags: cloud,devops,kubernetes,security,devsecops,namespaces
|
||||||
|
|
||||||
|
variables:
|
||||||
|
argument: "namespaces"
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
code:
|
code:
|
||||||
- engine:
|
- engine:
|
||||||
|
|
@ -35,6 +38,5 @@ code:
|
||||||
extractors:
|
extractors:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- "Kubernetes cluster is not utilizing namespaces."
|
- '"Kubernetes cluster is not utilizing " + argument'
|
||||||
|
# digest: 490a0046304402202672a3c25ca835a804437f2745bf15f10a66112c320e7a5b51dfe586de57195d0220710bfe5832faacbd8efd9f24794ba191e008f325933688c53fc3a982a784da90:366f2a24c8eb519f6968bd8801c08ebe
|
||||||
# digest: 4b0a00483046022100a4752be32718d5e3bf67d19c2
|
|
||||||
|
|
@ -13,6 +13,9 @@ info:
|
||||||
- https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
|
- https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
|
||||||
tags: cloud,devops,kubernetes,security,devsecops,api-server
|
tags: cloud,devops,kubernetes,security,devsecops,api-server
|
||||||
|
|
||||||
|
variables:
|
||||||
|
argument: "service-account-issuer"
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
code:
|
code:
|
||||||
- engine:
|
- engine:
|
||||||
|
|
@ -35,4 +38,5 @@ code:
|
||||||
extractors:
|
extractors:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- "API server configuration lacks the service-account-issuer argument."
|
- '"API server configuration lacks the " + argument + " argument."'
|
||||||
|
# digest: 4a0a00473045022100c383c51f45c32761519dc9ae727df05e29281c3c290d9d57d16db6930fa148b20220228d5e842cdfd0f2c0b6cdf7361d18f45d9ed24f62d49ce47aa81ec2a470e548:366f2a24c8eb519f6968bd8801c08ebe
|
||||||
|
|
@ -13,6 +13,9 @@ info:
|
||||||
- https://kubernetes.io/docs/admin/kube-apiserver/
|
- https://kubernetes.io/docs/admin/kube-apiserver/
|
||||||
tags: cloud,devops,kubernetes,security,devsecops,api-server
|
tags: cloud,devops,kubernetes,security,devsecops,api-server
|
||||||
|
|
||||||
|
variables:
|
||||||
|
argument: "service-account-key-file"
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
code:
|
code:
|
||||||
- engine:
|
- engine:
|
||||||
|
|
@ -35,6 +38,5 @@ code:
|
||||||
extractors:
|
extractors:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- "API server configuration is missing the service-account-key-file argument."
|
- '"API server configuration is missing the " + argument + " argument."'
|
||||||
|
# digest: 4b0a00483046022100d90abd4d95997cdae687e28ede25e595c3567439758ad5e5b8adf28ac88684ff022100a25db689afdc09e1640bf03bd0b212e5e20b0b4b1532723c985c617f99fb5ad8:366f2a24c8eb519f6968bd8801c08ebe
|
||||||
# digest: 4a0a00473045022100e3dc33fefeeb5d3b9a9af3d43e89b7b7c97c50aa77b344d7e976f9340e22e7450220159e8da06b7ceb82c532bd1caeeeffba7c237c568a57988f1ada334a7c09fa83:366f2a24c8eb519f6968bd8801c08ebe
|
|
||||||
|
|
@ -13,6 +13,9 @@ info:
|
||||||
- https://kubernetes.io/docs/admin/kube-apiserver/
|
- https://kubernetes.io/docs/admin/kube-apiserver/
|
||||||
tags: cloud,devops,kubernetes,security,devsecops,api-server
|
tags: cloud,devops,kubernetes,security,devsecops,api-server
|
||||||
|
|
||||||
|
variables:
|
||||||
|
argument: "service-account-lookup=true"
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
code:
|
code:
|
||||||
- engine:
|
- engine:
|
||||||
|
|
@ -35,4 +38,5 @@ code:
|
||||||
extractors:
|
extractors:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- "API server configuration is missing the 'service-account-lookup=true' argument."
|
- '"API server configuration is missing the \"" + argument + "\" argument."'
|
||||||
|
# digest: 4b0a0048304602210085946e152e8d65fcadb1a22c5eac0e8376ed742a2f8932f74e3dbf2d30411a24022100c5c0c4d7313d6e28cb338c82c20170e4ae7f5b45ae784715be32160b4314e357:366f2a24c8eb519f6968bd8801c08ebe
|
||||||
|
|
@ -13,6 +13,9 @@ info:
|
||||||
- https://kubernetes.io/docs/admin/kube-apiserver/
|
- https://kubernetes.io/docs/admin/kube-apiserver/
|
||||||
tags: cloud,devops,kubernetes,security,devsecops,api-server
|
tags: cloud,devops,kubernetes,security,devsecops,api-server
|
||||||
|
|
||||||
|
variables:
|
||||||
|
argument: "tls-cert-file or tls-private-key-file"
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
code:
|
code:
|
||||||
- engine:
|
- engine:
|
||||||
|
|
@ -36,6 +39,5 @@ code:
|
||||||
extractors:
|
extractors:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- "API server configuration is missing the tls-cert-file or tls-private-key-file argument."
|
- '"API server configuration is missing the " + argument + " argument."'
|
||||||
|
# digest: 490a00463044022061ee1577d8528e7614d9ad92ed72f68f00426fc1d950015d2bef6fce8fbf285402207dd62ff126ce6129997240e3edc31f8adaf047cf5c341ba65b0ff1851b35ee99:366f2a24c8eb519f6968bd8801c08ebe
|
||||||
# digest: 4a0a00473045022100e3dc33fefeeb5d3b9a9af3d43e89b7b7c97c50aa77b344d7e976f9340e22e7450220159e8da06b7ceb82c532bd1caeeeffba7c237c568a57988f1ada334a7c09fa83:366f2a24c8eb519f6968bd8801c08ebe
|
|
||||||
Loading…
Reference in New Issue