Make Sure Your Kasten Cluster is secure with KUBE BENCH | Veeam Community Resource Hub

The CIS Benchmarks are essential for finding security issues in IT. CIS-CAT is a tool that can evaluate your systems and provide information on remediating security issues. For Kubernetes you must purchase CIS-CAT PRO.

However, there is an open-source alternative KUBE BENCH. There are various ways to run KUBE BENCH but the simplest is to download the package for your OS and run it in on your controlplane node.

https://github.com/aquasecurity/kube-bench#running-in-a-kubernetes-cluster

Download the latest version:

Install the binaries:

Run the defined benchmarks, in our case cis-1.5:

The results will come out with a convenient colour scheme:

For each section a count of pass, warn, and fail is provided with a concrete actions to remediate the problems:

After taking the necessary corrective measures you can run the tests again.

Now your cluster is lean and mean, next step you need to back it up :)

Page 1 / 1

Time to get in to Kubernetes. So much to learn.

@Geoff Burke thx for sharing, also for me, a lot to learn about Kubernetes.

thx for sharing

Lot of learning here, thanks for sharing @Geoff Burke

Time to re-learn as it’s been almost 2yrs since I went through a Pluralsight course. So much I’m sure has changed!

@Geoff Burke : More to learn on Kubernetes :)

Comment