https://ginglis13.github.io/en/os/1.21.x/api/reporting/Recent content in Reporting on BottlerocketHugoenhttps://ginglis13.github.io/en/os/1.21.x/api/reporting/cis/Mon, 01 Jan 0001 00:00:00 +0000https://ginglis13.github.io/en/os/1.21.x/api/reporting/cis/<p>The <a href="https://www.cisecurity.org/benchmark/bottlerocket">Bottlerocket CIS Benchmark</a> contains a number of security best practices to harden Bottlerocket worker nodes. The benchmark contains two levels:</p> <ul> <li><strong>Level 1:</strong> basic guidelines with clear security benefits that do not inhibit the node. Bottlerocket’s default settings are compliant with level 1.</li> <li><strong>Level 2:</strong> detailed, specific guidance that provide more defence to the node. This level introduces some trade-offs between functionality and security.</li> </ul> <p>The report API has built-in tests that allow you to evaluate the state of the node to both Level 1 and Level 2.</p>https://ginglis13.github.io/en/os/1.21.x/api/reporting/cis-k8s/Mon, 01 Jan 0001 00:00:00 +0000https://ginglis13.github.io/en/os/1.21.x/api/reporting/cis-k8s/<p>The <a href="https://www.cisecurity.org/benchmark/kubernetes">Kubernetes CIS Benchmark</a> contains a number of security best practices to harden Kubernetes worker nodes.</p> <div class="alert alert-success" role="alert"> <h4 class="alert-heading">Note</h4> <p>The Kubernetes CIS Benchmark contains two levels, however, currently, level 2 only adds one additional check (4.2.8) for worker nodes. The Bottlerocket reporting API cannot automatically evaluate this additional check and therefore the two levels are functionally identical for automatic evaluation purposes.</p> </div> <h2 id="examples">Examples</h2> <p>Expanding upon the general instructions to <a href="https://ginglis13.github.io/en/os/1.21.x/api/#running-a-report">run a report</a>, for the Bottlerocket CIS benchmark use the identifier <code>cis-k8s</code>:</p>