Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Modify 1.2.3 Ensure that the DenyServiceExternalIPs is set in CIS-1.7/1.8 #1607

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Modify 1.2.3 Ensure that the DenyServiceExternalIPs is set in CIS-1.7/1.8 #1607

wants to merge 2 commits into from

Conversation

andypitcher
Copy link
Contributor

@andypitcher andypitcher commented Apr 30, 2024
edited
Loading

Parent: #1606

Context: In CIS-1.7 and CIS-1.8 (master 1.2.3 Ensure that the DenyServiceExternalIPs is set) the operand is wrong and makes the check to WARN even if --enable-admission-plugins=DenyServiceExternalIPs is properly set.

This PR makes the following change to master 1.2.3 check for CIS-1.7 and CIS-1.8:

  • op changed from have to has and removed bin_op: or
  • remediation description changed to only include --enable-admission-plugins

@andypitcher andypitcher changed the title Modify 1.2.3 Ensure that the DenyServiceExternalIPs is set inc CIS-1.7/1.8 Modify 1.2.3 Ensure that the DenyServiceExternalIPs is set in CIS-1.7/1.8 Apr 30, 2024
@andypitcher andypitcher mentioned this pull request Apr 30, 2024
Open
2 tasks
@andypitcher andypitcher force-pushed the fix-master-1.2.3-DenyServiceExternalIPs branch from 2edf840 to e2184fb Compare April 30, 2024 23:58
@andypitcher
Copy link
Contributor Author

@mozillazg could you review this ? For context, this issue has been added in CIS Workbench for 1.10 Milestone
See: https://workbench.cisecurity.org/tickets/21649 and also the below comment:
image

mozillazg
mozillazg approved these changes Jul 27, 2024
View reviewed changes
Copy link
Collaborator

@mozillazg mozillazg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, Thanks for your contribution!

@mozillazg
Copy link
Collaborator

@chen-keinan ping~

@andypitcher
Modify 1.2.3 Ensure that the DenyServiceExternalIPs is set
1f003a6 
 - op changed from `have` to `has` and removed bin_op: or
 - remediation description changed to only include --enable-admission-plugins
@andypitcher
Apply changes for CIS-1.9
2a8c05e
@andypitcher andypitcher force-pushed the fix-master-1.2.3-DenyServiceExternalIPs branch from 2a071f0 to 2a8c05e Compare August 21, 2024 19:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mozillazg mozillazg mozillazg approved these changes

@chen-keinan chen-keinan Awaiting requested review from chen-keinan

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@andypitcher @mozillazg