← Back to Home 📄 View Raw XML

🔍 kube-bench Scan Result - Kubernetes control plane node running K8s 1.28

Target System: k8s-control-01.example.com
IP Address: 192.168.2.101
OS: N/A
Scan Start: 2026-05-08T18:16:56.232025
Scan End: 2026-05-08T18:21:56.232025

54

Passed

7

Failed

0

Other

Rule Check Results

Rule ID Result Severity Message
control_plane_api_server_anonymous_auth PASS HIGH -
control_plane_api_server_basic_auth PASS MEDIUM -
control_plane_api_server_token_auth PASS MEDIUM -
control_plane_api_server_kubelet_https PASS MEDIUM -
control_plane_api_server_kubelet_client_certificate PASS LOW -
control_plane_api_server_kubelet_certificate_authority PASS HIGH -
control_plane_api_server_authorization_mode PASS MEDIUM -
control_plane_api_server_authorization_mode_node PASS LOW -
control_plane_api_server_authorization_mode_rbac PASS HIGH -
control_plane_api_server_admission_control_plugin_always_admit PASS MEDIUM -
control_plane_api_server_admission_control_plugin_always_pull_images PASS HIGH -
control_plane_api_server_admission_control_plugin_security_context_deny PASS LOW -
control_plane_api_server_admission_control_plugin_service_account PASS MEDIUM -
control_plane_api_server_admission_control_plugin_namespace_lifecycle PASS LOW -
control_plane_api_server_admission_control_plugin_pod_security_policy PASS HIGH -
control_plane_api_server_admission_control_plugin_node_restriction PASS MEDIUM -
control_plane_api_server_insecure_port PASS HIGH -
control_plane_api_server_secure_port PASS LOW -
control_plane_api_server_profiling PASS LOW -
control_plane_api_server_audit_log_path FAIL HIGH Check failed: control_plane_api_server_audit_log_path
control_plane_api_server_audit_log_maxage PASS MEDIUM -
control_plane_api_server_audit_log_maxbackup FAIL MEDIUM Check failed: control_plane_api_server_audit_log_maxbackup
control_plane_api_server_audit_log_maxsize PASS HIGH -
control_plane_api_server_request_timeout FAIL HIGH Check failed: control_plane_api_server_request_timeout
control_plane_api_server_service_account_lookup PASS HIGH -
control_plane_api_server_service_account_key_file PASS LOW -
control_plane_api_server_etcd_certfile PASS HIGH -
control_plane_api_server_tls_cert_file PASS MEDIUM -
control_plane_api_server_client_ca_file PASS LOW -
control_plane_api_server_etcd_cafile PASS HIGH -
control_plane_api_server_encryption_provider_config PASS HIGH -
control_plane_api_server_tls_cipher_suites PASS HIGH -
control_plane_scheduler_profiling PASS MEDIUM -
control_plane_scheduler_bind_address PASS MEDIUM -
control_plane_controller_manager_terminated_pod_gc_threshold PASS HIGH -
control_plane_controller_manager_profiling PASS HIGH -
control_plane_controller_manager_use_service_account_credentials PASS HIGH -
control_plane_controller_manager_service_account_private_key_file PASS MEDIUM -
control_plane_controller_manager_root_ca_file PASS MEDIUM -
control_plane_controller_manager_feature_gates_rotate_kubelet_server_certificate PASS HIGH -
control_plane_controller_manager_bind_address PASS LOW -
worker_node_kubelet_anonymous_auth FAIL HIGH Check failed: worker_node_kubelet_anonymous_auth
worker_node_kubelet_authorization_mode PASS HIGH -
worker_node_kubelet_client_ca_file PASS LOW -
worker_node_kubelet_read_only_port PASS HIGH -
worker_node_kubelet_streaming_connection_idle_timeout FAIL HIGH Check failed: worker_node_kubelet_streaming_connection_idle_timeout
worker_node_kubelet_protect_kernel_defaults PASS HIGH -
worker_node_kubelet_make_iptables_util_chains PASS HIGH -
worker_node_kubelet_hostname_override PASS MEDIUM -
worker_node_kubelet_event_qps PASS HIGH -
worker_node_kubelet_tls_cert_file PASS MEDIUM -
worker_node_kubelet_rotate_certificates PASS HIGH -
etcd_cert_file FAIL HIGH Check failed: etcd_cert_file
etcd_client_cert_auth PASS HIGH -
etcd_auto_tls FAIL MEDIUM Check failed: etcd_auto_tls
etcd_peer_cert_file PASS LOW -
etcd_peer_client_cert_auth PASS LOW -
etcd_peer_auto_tls PASS LOW -
etcd_unique_ca PASS MEDIUM -
network_policy_enabled PASS MEDIUM -
pod_security_policy_enabled PASS LOW -