Add cis-1.7 and cis-1.24 self assessments (#280)

* Automate self-assessment section headers * Add cis 1.7 and 1.24 assessments Signed-off-by: Derek Nola <[email protected]>
k3s-io · May 17, 2024 · e8a5599 · e8a5599
1 parent 17b40eb
commit e8a5599
Show file tree

Hide file tree

Showing 12 changed files with 3,493 additions and 19 deletions.
diff --git a/.codespellrc b/.codespellrc
@@ -1,4 +1,4 @@
 [codespell]
-skip = .git,./src,./node_modules,*.js,*.json,./build,./.github,yarn.lock
+skip = .git,./src,./node_modules,*.js,*.json,./build,./.github,yarn.lock,./scripts
 check-filenames = true
 ignore-words-list = aks,ec2,eks,gce,gcp,ro,shouldnot,pullrequest,readd
diff --git a/docs/security/security.md b/docs/security/security.md
@@ -10,8 +10,10 @@ First the hardening guide provides a list of security best practices to secure a
 
 Second, is the self assessment to validate a hardened cluster. We currently have two different assessments available:
 
-* [CIS 1.23 Benchmark Self-Assessment Guide](self-assessment-1.23.md), older version of the CIS benchmark
+* [CIS 1.24 Benchmark Self-Assessment Guide](self-assessment-1.24.md), old version of CIS benchmark, for K3s v1.24
 
-* [CIS 1.8 Benchmark Self-Assessment Guide](self-assessment-1.8.md), newer version of the CIS benchmark
+* [CIS 1.7 Benchmark Self-Assessment Guide](self-assessment-1.7.md), for K3s version v1.25-v1.26
+
+* [CIS 1.8 Benchmark Self-Assessment Guide](self-assessment-1.8.md), for K3s version v1.27-v1.29
 
 
diff --git a/docs/security/self-assessment-1.23.md b/docs/security/self-assessment-1.23.md
@@ -2,17 +2,15 @@
 title: CIS 1.23 Self Assessment Guide
 ---
 
-### CIS Kubernetes Benchmark v1.23 - K3s with Kubernetes v1.22 to v1.24
-
-#### Overview
+## Overview
 
 This document is a companion to the [K3s security hardening guide](hardening-guide.md). The hardening guide provides prescriptive guidance for hardening a production installation of K3s, and this benchmark guide is meant to help you evaluate the level of security of the hardened cluster against each control in the CIS Kubernetes Benchmark. It is to be used by K3s operators, security teams, auditors, and decision-makers.
 
-This guide is specific to the **v1.22**, **v1.23** and **v1.24** release line of K3s and the **v1.23** release of the CIS Kubernetes Benchmark.
+This guide is specific to the **v1.22-v1.23** release lines of K3s and the **v1.23** release of the CIS Kubernetes Benchmark.
 
 For more information about each control, including detailed descriptions and remediations for failing tests, you can refer to the corresponding section of the CIS Kubernetes Benchmark v1.6. You can download the benchmark, after creating a free account, in [Center for Internet Security (CIS)](https://www.cisecurity.org/benchmark/kubernetes/).
 
-#### Testing controls methodology
+### Testing controls methodology
 
 Each control in the CIS Kubernetes Benchmark was evaluated against a K3s cluster that was configured according to the accompanying hardening guide.
 
@@ -28,9 +26,6 @@ This guide makes the assumption that K3s is running as a Systemd unit. Your inst
 
 > NOTE: Only `automated` tests (previously called `scored`) are covered in this guide.
 
-### Controls
-
----
 
 ## 1.1 Control Plane Node Configuration Files
 ### 1.1.1 Ensure that the API server pod specification file permissions are set to 644 or more restrictive (Automated)