← Back to Home 📄 View Raw XML

🔍 kube-bench Scan Result - Kubernetes worker node running K8s 1.28

Target System: k8s-worker-02.example.com
IP Address: 192.168.2.103
OS: N/A
Scan Start: 2026-05-07T17:16:56.232025
Scan End: 2026-05-07T17:22:56.232025

49

Passed

12

Failed

0

Other

Rule Check Results

Rule ID	Result	Severity	Message
`control_plane_api_server_anonymous_auth`	PASS	LOW	-
`control_plane_api_server_basic_auth`	PASS	LOW	-
`control_plane_api_server_token_auth`	FAIL	HIGH	Check failed: control_plane_api_server_token_auth
`control_plane_api_server_kubelet_https`	PASS	LOW	-
`control_plane_api_server_kubelet_client_certificate`	PASS	HIGH	-
`control_plane_api_server_kubelet_certificate_authority`	PASS	LOW	-
`control_plane_api_server_authorization_mode`	PASS	HIGH	-
`control_plane_api_server_authorization_mode_node`	PASS	MEDIUM	-
`control_plane_api_server_authorization_mode_rbac`	PASS	LOW	-
`control_plane_api_server_admission_control_plugin_always_admit`	FAIL	LOW	Check failed: control_plane_api_server_admission_control_plugin_always_admit
`control_plane_api_server_admission_control_plugin_always_pull_images`	PASS	LOW	-
`control_plane_api_server_admission_control_plugin_security_context_deny`	FAIL	HIGH	Check failed: control_plane_api_server_admission_control_plugin_security_context_deny
`control_plane_api_server_admission_control_plugin_service_account`	FAIL	LOW	Check failed: control_plane_api_server_admission_control_plugin_service_account
`control_plane_api_server_admission_control_plugin_namespace_lifecycle`	PASS	HIGH	-
`control_plane_api_server_admission_control_plugin_pod_security_policy`	FAIL	LOW	Check failed: control_plane_api_server_admission_control_plugin_pod_security_policy
`control_plane_api_server_admission_control_plugin_node_restriction`	PASS	HIGH	-
`control_plane_api_server_insecure_port`	PASS	MEDIUM	-
`control_plane_api_server_secure_port`	PASS	HIGH	-
`control_plane_api_server_profiling`	PASS	MEDIUM	-
`control_plane_api_server_audit_log_path`	FAIL	HIGH	Check failed: control_plane_api_server_audit_log_path
`control_plane_api_server_audit_log_maxage`	PASS	MEDIUM	-
`control_plane_api_server_audit_log_maxbackup`	FAIL	HIGH	Check failed: control_plane_api_server_audit_log_maxbackup
`control_plane_api_server_audit_log_maxsize`	PASS	LOW	-
`control_plane_api_server_request_timeout`	PASS	LOW	-
`control_plane_api_server_service_account_lookup`	PASS	MEDIUM	-
`control_plane_api_server_service_account_key_file`	PASS	LOW	-
`control_plane_api_server_etcd_certfile`	PASS	LOW	-
`control_plane_api_server_tls_cert_file`	FAIL	MEDIUM	Check failed: control_plane_api_server_tls_cert_file
`control_plane_api_server_client_ca_file`	FAIL	MEDIUM	Check failed: control_plane_api_server_client_ca_file
`control_plane_api_server_etcd_cafile`	PASS	LOW	-
`control_plane_api_server_encryption_provider_config`	PASS	LOW	-
`control_plane_api_server_tls_cipher_suites`	PASS	LOW	-
`control_plane_scheduler_profiling`	PASS	HIGH	-
`control_plane_scheduler_bind_address`	PASS	HIGH	-
`control_plane_controller_manager_terminated_pod_gc_threshold`	PASS	MEDIUM	-
`control_plane_controller_manager_profiling`	PASS	MEDIUM	-
`control_plane_controller_manager_use_service_account_credentials`	PASS	MEDIUM	-
`control_plane_controller_manager_service_account_private_key_file`	FAIL	MEDIUM	Check failed: control_plane_controller_manager_service_account_private_key_file
`control_plane_controller_manager_root_ca_file`	PASS	HIGH	-
`control_plane_controller_manager_feature_gates_rotate_kubelet_server_certificate`	PASS	MEDIUM	-
`control_plane_controller_manager_bind_address`	PASS	HIGH	-
`worker_node_kubelet_anonymous_auth`	FAIL	HIGH	Check failed: worker_node_kubelet_anonymous_auth
`worker_node_kubelet_authorization_mode`	PASS	HIGH	-
`worker_node_kubelet_client_ca_file`	PASS	HIGH	-
`worker_node_kubelet_read_only_port`	PASS	LOW	-
`worker_node_kubelet_streaming_connection_idle_timeout`	FAIL	LOW	Check failed: worker_node_kubelet_streaming_connection_idle_timeout
`worker_node_kubelet_protect_kernel_defaults`	PASS	MEDIUM	-
`worker_node_kubelet_make_iptables_util_chains`	PASS	MEDIUM	-
`worker_node_kubelet_hostname_override`	PASS	LOW	-
`worker_node_kubelet_event_qps`	PASS	MEDIUM	-
`worker_node_kubelet_tls_cert_file`	PASS	MEDIUM	-
`worker_node_kubelet_rotate_certificates`	PASS	LOW	-
`etcd_cert_file`	PASS	MEDIUM	-
`etcd_client_cert_auth`	PASS	HIGH	-
`etcd_auto_tls`	PASS	LOW	-
`etcd_peer_cert_file`	PASS	MEDIUM	-
`etcd_peer_client_cert_auth`	PASS	LOW	-
`etcd_peer_auto_tls`	PASS	MEDIUM	-
`etcd_unique_ca`	PASS	LOW	-
`network_policy_enabled`	PASS	MEDIUM	-
`pod_security_policy_enabled`	PASS	MEDIUM	-