Merge pull request #339 from vardhaman22/0.5/fix-5.1.5-k3s-backport

[release/v0.5] fix 5.1.5 check for rke2 cis-1.9
rancher · Jan 13, 2025 · f0efed9 · f0efed9
2 parents 4878cef + 2c47296
commit f0efed9
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/package/cfg/rke2-cis-1.9/policies.yaml b/package/cfg/rke2-cis-1.9/policies.yaml
@@ -106,7 +106,7 @@ groups:
         scored: true
 
       - id: 5.1.5
-        text: "Ensure that default service accounts are not actively used. (Manual)"
+        text: "Ensure that default service accounts are not actively used. (Automated)"
         audit: |
           kubectl get serviceaccounts --all-namespaces --field-selector metadata.name=default \
           -o custom-columns=N:.metadata.namespace,SA:.metadata.name,ASA:.automountServiceAccountToken --no-headers \
@@ -135,7 +135,7 @@ groups:
           automountServiceAccountToken: false
           Or using kubectl:
           kubectl patch serviceaccount --namespace <NAMESPACE> default --patch '{"automountServiceAccountToken": false}'
-        scored: false
+        scored: true
 
       - id: 5.1.6
         text: "Ensure that Service Account Tokens are only mounted where necessary (Automated)"