Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Status:

Layer

Result

Comment

os/lynis

PASS

If libvirt or weave are installed, lynis will no longer pass. Virtlet KUD plugin requires libvirt, so if it is enabled during installation lynis will no longer pass.

os/vuls

FAIL: 153 vulnerabilities found

Total: 153 (High:33 Medium:93 Low:27 ?:0), 1/153 Fixed, 801 installed, 0 exploits, en: 2, ja: 0 alerts. Most, if not all, of the vulnerabilities seem to come from the validation containers, not the host OS itself. vuls-icn-20200513.txtnotes-icn-20200513.txt

k8s/conformance

PASS

KUD deployment without additional plugins lets sonobuoy pass (takes about 2h15min to run).

k8s/kubehunter

FAIL Inside-a-Pod Scanning: 5 vulnerabilities

Patched system:public-info-viewer to hide /version, otherwise Cluster Remote Scanning would fail too. Need to update KUD scripts to automatically patch system:public-info-viewer. All others kubehunter tests are a PASS. kubehunter-icn-20200513.txt


Attachments:

kubehunter-icn-20200513.txt

vuls-icn-20200513.txt

notes-icn-20200513.txt

(do not preview, download file and then open it)