How to conduct CIS hardening benchmark scanning for Rancher v2.3.x

This document (000020178) is provided subject to the disclaimer at the end of this document.

Situation

How to conduct CIS hardening benchmark scanning for Rancher v2.3.x

CIS Benchmarks are best practices for the secure configuration of a target system. Available for more than 140 technologies, CIS Benchmarks are developed through a unique consensus-based process comprised of cybersecurity professionals and subject matter experts around the world. CIS Benchmarks are the only consensus-based, best-practice security configuration guides both developed and accepted by government, business, industry, and academia.

This script is based on CIS Benchmark Rancher Self-Assessment Guide v2.3 https://rancher.com/docs/rancher/v2.x/en/security/benchmark-2.3, which was derived from CIS Kubernetes Benchmark v1.4.1.

Pre-requisites
  • Rancher version 2.3.x
  • Kubernetes version 1.15
  • jq, grep, awk and kubectl installed on target node
Steps
  1. Clone the script into the target node git clone https://github.com/nickngch/rancher-hardening.git
  2. Access the folder cd rancher-hardening
  3. Execute the script based on the node's role
  4. For Control Plane - sudo bash ./master.sh 2.3 cp
  5. For Control Plane + ETCD - sudo bash ./master.sh 2.3 all
  6. For ETCD - sudo bash ./master.sh 2.3 etcd
  7. For worker node - sudo ./worker.sh 2.3
Limitation
  • Section 1.6 and 1.7 in master node require manual verification.
Further reading

https://www.cisecurity.org/cis-benchmarks/cis-benchmarks-faq/

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:000020178
  • Creation Date: 13-Jul-2021
  • Modified Date:13-Jul-2021
    • SUSE Rancher

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.


SUSE Customer Support Quick Reference Guide SUSE Technical Support Handbook Update Advisories
Support FAQ

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center
Report a Software Vulnerability Submit Tips, Tricks, and Tools Download Free Tools