Versions Compared

Old Version 21

changes.mady.by.user Ruoyu Ying

Saved on

compared with

New Version 22

changes.mady.by.user Igor Duarte Cardoso

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Igor Duarte Cardoso

Status as of May 13th 28th 2020:

Layer

Result

Comments

Comment
Nexus

os/lynis

PASS

if disabling ICN pluginsIf libvirt or weave are installed, lynis will no longer pass. This is a problem because the virtlet ICN plugin requires libvirt.


Logs

os/vuls

FAIL:

153

141 unfixed vulnerabilities found

141 unfixed vulnerabilities.

Total: 153 (High:

33

30 Medium:

93

96 Low:27 ?:0),

1

 12/153 Fixed,

801

795 installed, 0 exploits, en: 2, ja: 0 alerts

Logs

k8s/conformance

PASS

if disabling ICN pluginsNeed to enable ICN plugins and understand reason for failures. Just the basic KUD deployment is enough to make conformance pass.


Logs

k8s/kubehunter

FAIL

PASS except:

  • Inside-a-Pod Scanning:
5 vulnerabilities

Patched system:public-info-viewer to hide /version, otherwise Cluster Remote Scanning would fail too. Need to update KUD scripts to automatically patch system:public-info-viewer.

Important links:

Steps To Implement Security Scan Requirements

...

  • 1 vulnerability: CAP_NET_RAW

Inside-a-Pod Scanning: 1 vulnerability: CAP_NET_RAW.

Logs

CI logs: 

The gerrit comments contains the CI log url. All the CI logs are under this folder ICN : https://jenkins.akraino.org/view/icn/job/icn-master-verify/

...