From 0ed0a08aa7f50e2a68985b6a539abe1c9b3c45b5 Mon Sep 17 00:00:00 2001 From: Derek Nola Date: Wed, 24 Apr 2024 14:19:54 -0700 Subject: [PATCH] Rename assessment guides, configure redirects Signed-off-by: Derek Nola --- docs/advanced.md | 3 --- docs/security/hardening-guide.md | 2 +- docs/security/security.md | 11 +++++++++-- .../{self-assessment.md => self-assessment-1.23.md} | 0 docs/security/{cis-1.8.md => self-assessment-1.8.md} | 4 ++-- docusaurus.config.js | 3 ++- sidebars.js | 4 ++-- 7 files changed, 16 insertions(+), 11 deletions(-) rename docs/security/{self-assessment.md => self-assessment-1.23.md} (100%) rename docs/security/{cis-1.8.md => self-assessment-1.8.md} (99%) diff --git a/docs/advanced.md b/docs/advanced.md index 39b30d032..50c0987bd 100644 --- a/docs/advanced.md +++ b/docs/advanced.md @@ -1,8 +1,5 @@ --- title: "Advanced Options / Configuration" -aliases: - - /k3s/latest/en/running/ - - /k3s/latest/en/configuration/ --- This section contains advanced information describing the different ways you can run and manage K3s, as well as steps necessary to prepare the host OS for K3s use. diff --git a/docs/security/hardening-guide.md b/docs/security/hardening-guide.md index 4f5d82bdb..7a2021ed7 100644 --- a/docs/security/hardening-guide.md +++ b/docs/security/hardening-guide.md @@ -852,4 +852,4 @@ For `default` service accounts in the built-in namespaces (`kube-system`, `kube- ## Conclusion -If you have followed this guide, your K3s cluster will be configured to comply with the CIS Kubernetes Benchmark. You can review the [CIS Benchmark Self-Assessment Guide](self-assessment.md) to understand the expectations of each of the benchmark's checks and how you can do the same on your cluster. +If you have followed this guide, your K3s cluster will be configured to comply with the CIS Kubernetes Benchmark. You can review the [CIS 1.8 Self-Assessment Guide](self-assessment-1.8.md) to understand the expectations of each of the benchmark's checks and how you can do the same on your cluster. diff --git a/docs/security/security.md b/docs/security/security.md index 37c81b346..9fe7b4b6e 100644 --- a/docs/security/security.md +++ b/docs/security/security.md @@ -4,7 +4,14 @@ title: "Security" This section describes the methodology and means of securing a K3s cluster. It's broken into 2 sections. These guides assume k3s is running with embedded etcd. -The documents below apply to CIS Kubernetes Benchmark v1.23. +First the hardening guide provides a list of security best practices to secure a K3s cluster. * [Hardening Guide](hardening-guide.md) -* [CIS Benchmark Self-Assessment Guide](self-assessment.md) + +Second, is the self assessment to validate a hardened cluster. We currently have two different assessments available: + +* [CIS 1.23 Benchmark Self-Assessment Guide](self-assessment-1.23.md), older version of the CIS benchmark + +* [CIS 1.8 Benchmark Self-Assessment Guide](self-assessment-1.8.md), newer version of the CIS benchmark + + diff --git a/docs/security/self-assessment.md b/docs/security/self-assessment-1.23.md similarity index 100% rename from docs/security/self-assessment.md rename to docs/security/self-assessment-1.23.md diff --git a/docs/security/cis-1.8.md b/docs/security/self-assessment-1.8.md similarity index 99% rename from docs/security/cis-1.8.md rename to docs/security/self-assessment-1.8.md index bbc237565..53308f6bc 100644 --- a/docs/security/cis-1.8.md +++ b/docs/security/self-assessment-1.8.md @@ -6,7 +6,7 @@ title: CIS 1.8 Self Assessment Guide This document is a companion to the [K3s security hardening guide](hardening-guide.md). The hardening guide provides prescriptive guidance for hardening a production installation of K3s, and this benchmark guide is meant to help you evaluate the level of security of the hardened cluster against each control in the CIS Kubernetes Benchmark. It is to be used by K3s operators, security teams, auditors, and decision-makers. -This guide is specific to the **vv1.26-v1.29** release line of K3s and the **v1.8** release of the CIS Kubernetes Benchmark. +This guide is specific to the **v1.26-v1.29** release line of K3s and the **v1.8** release of the CIS Kubernetes Benchmark. For more information about each control, including detailed descriptions and remediations for failing tests, you can refer to the corresponding section of the CIS Kubernetes Benchmark v1.8. You can download the benchmark, after creating a free account, in [Center for Internet Security (CIS)](https://www.cisecurity.org/benchmark/kubernetes/). @@ -1781,7 +1781,7 @@ it is set to an empty array. **Remediation:** Review the use of capabilities in applications running on your cluster. Where a namespace -contains applicaions which do not require any Linux capabities to operate consider adding +contains applications which do not require any Linux capabities to operate consider adding a PSP which forbids the admission of containers which do not drop all capabilities. ### 5.2.11 Minimize the admission of Windows HostProcess containers (Manual) diff --git a/docusaurus.config.js b/docusaurus.config.js index 28bb36b6d..9f07df0f1 100644 --- a/docusaurus.config.js +++ b/docusaurus.config.js @@ -122,7 +122,8 @@ module.exports = { { from: '/backup-restore/backup-restore', to: '/datastore/backup-restore' }, { from: '/reference/agent-config', to: '/cli/agent' }, { from: '/reference/server-config', to: '/cli/server' }, - { from: '/installation/network-options', to: '/networking/basic-network-options' }, + { from: '/installation/network-options', to: '/networking/basic-network-options' }, + { from: '/security/self-assessment', to: '/security/self-assessment-1.23' }, ], }, ], diff --git a/sidebars.js b/sidebars.js index 5bf7329f2..dfab91b4d 100644 --- a/sidebars.js +++ b/sidebars.js @@ -45,8 +45,8 @@ module.exports = { items:[ 'security/secrets-encryption', 'security/hardening-guide', - 'security/cis-1.8', - 'security/self-assessment', + 'security/self-assessment-1.8', + 'security/self-assessment-1.23', ], }, {