Kubernetes¶
- TEMPLATE kubernetes_machine_config_file¶
- Macro which generates Kubernetes remediation in MachineConfig format:
path (String): Path to the configuration file.
file_permissions_mode (String): File permissions to be applied to the file represented by path argument
source_content (String): The source of the content to be applied.
kubernetes_machine_config_file(path=’’, file_permissions_mode=’’, source=’’)
- TEMPLATE kubernetes_machine_config_file_with_dependencies¶
Macro which generates Kubernetes remediation in MachineConfig format with dependencies reflected:
path (String): Path to the configuration file.
file_permissions_mode (String): File permissions to be applied to the file represented by path argument
source_content (String): The source of the content to be applied.
deps (list): The list of dependencies for this remediation to be applies (they’re XCCDF IDs)
kubernetes_machine_config_file_with_dependencies(path=’’, file_permissions_mode=’’, source=’’, deps=[])
- TEMPLATE kubernetes_sshd_set¶
High level macro to generate Kubernetes remediation to set the ssh daemon configuration file.
kubernetes_sshd_set()
- TEMPLATE kubernetes_usbguard_set¶
High level macro to generate Kubernetes remediation to set the usbguard daemon configuration file.
kubernetes_usbguard_set(deps=[])
- TEMPLATE kubernetes_machineconfig_audit_add_syscall_rule¶
Macro to generate MachineConfig adding an auditd rule for syscall watching
kubernetes_machineconfig_audit_add_syscall_rule(path=’’, syscalls=[], key=’’, fields=’’)
- TEMPLATE kubernetes_machineconfig_ospp_audit_rules¶
Macro to generate MachineConfig setting OSPP audit rules
kubernetes_machineconfig_ospp_audit_rules()
- TEMPLATE kubernetes_machineconfig_logrotate_config¶
Macro to generate MachineConfig setting our recommended logrotate.conf
kubernetes_machineconfig_logrotate_config()
- TEMPLATE kubernetes_machineconfig_auditd_config¶
Macro to generate MachineConfig setting our recommended auditd.conf
kubernetes_machineconfig_auditd_config()
- TEMPLATE kubernetes_machineconfig_chrony_config¶
Macro to generate MachineConfig setting our recommended chrony.conf
kubernetes_machineconfig_chrony_config()