![[The AI Show Episode 142]: ChatGPT’s New Image Generator, Studio Ghibli Craze and Backlash, Gemini 2.5, OpenAI Academy, 4o Updates, Vibe Marketing & xAI Acquires X](https://www.marketingaiinstitute.com/hubfs/ep%20142%20cover.png)
![[FREE EBOOKS] The Kubernetes Bible, The Ultimate Linux Shell Scripting Guide & Four More Best Selling Titles](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
![From drop-out to software architect with Jason Lengstorf [Podcast #167]](https://cdn.hashnode.com/res/hashnode/image/upload/v1743796461357/f3d19cd7-e6f5-4d7c-8bfc-eb974bc8da68.png?#)
.png?#)
.jpg?#)
 (1).webp?#)
_Christophe_Coat_Alamy.jpg?#)
![Rapidus in Talks With Apple as It Accelerates Toward 2nm Chip Production [Report]](https://www.iclarified.com/images/news/96937/96937/96937-640.jpg)
Kubernetes hardening made easy: Running CIS Benchmarks with kube-bench
In today's world, where security risks and breaches are growing daily, it is crucial to maintain our applications and infrastructure's compliance with security standards and that is where CIS benchmarks from CIS (Center for Internet Security) comes in. And with kube-bench, running these checks becomes straightforward, helping you strengthen your Kubernetes clusters with confidence. CIS Benchmarks Here is the mission statement from CIS's website. Our mission is to make the connected world a safer place by developing, validating, and promoting timely best practice solutions that help people, businesses, and governments protect themselves against pervasive cyber threats. Ref. https://www.cisecurity.org/ for more details. It basically helps us to jot down: What all best practices/guidelines to use? Which tools are available to assist us in scanning our application or infrastructure? Making sure the best practices are updated on timely manner. The benchmarks are basically available for multiple platforms including: All the public cloud providers. Softwares DevSecOps tools Mobile devices Operating Systems and much more. You can find their extensive list here: https://learn.cisecurity.org/benchmarks CIS Benchmarks: Download PDF for your platform For downloading the PDF files you just need to provide some general details about yourself. Once done, press "Submit" and you will receive an email with the link from where you can download all kinds of benchmarks. It looks something like this: Upon pressing "Access PDFs" you will be routed to their extensive list of benchmarks which looks something like this: You can choose whatever you want to, but since we are interested in Kubernetes as of now, we will scroll down to the Kubernetes section. And the good part here is, this is not limited to vanilla Kubernetes, we can even download benchmarks for all the Kubernetes flavours like EKS from AWS, AKS from Azure, GKE from Google, etc. Once you download a specific PDF, you will see it contains a great amount of details including recommendations, problem statement, impact, remediation, etc. Now, if you have observed the PDF contains thousands of recommendations and going thru them and applying them one by one is a time-consuming task and just imagine you have 100s of clusters. Though I would recommend you to at-least go thru it once and get an idea of what all details it contains and how we can make use of it. To make our lives easier there are couple of tools which can help us to automate this process and help us to identify where we are lacking. So that we can fix them quickly. CIS Benchmarks: Tools There are couple of tools which are managed by CIS itself like CIS-CAT Lite/CIS-CAT Pro/etc. CIS-CAT Lite is a free version and it supports a limited options excluding Kubernetes. CIS-CAT Pro is the one which supports Kubernetes but it is just available for CIS SecureSuite Members. Ref. https://www.cisecurity.org/cybersecurity-tools for more details about the tools. Now, let's talk about the good part, the community has given us couple of opensource tools which does the same
In today's world, where security risks and breaches are growing daily, it is crucial to maintain our applications and infrastructure's compliance with security standards and that is where CIS benchmarks from CIS (Center for Internet Security) comes in. And with kube-bench, running these checks becomes straightforward, helping you strengthen your Kubernetes clusters with confidence.
CIS Benchmarks
Here is the mission statement from CIS's website.
Our mission is to make the connected world a safer place by developing, validating, and promoting timely best practice solutions that help people, businesses, and governments protect themselves against pervasive cyber threats.
Ref. https://www.cisecurity.org/ for more details.
It basically helps us to jot down:
- What all best practices/guidelines to use?
- Which tools are available to assist us in scanning our application or infrastructure?
- Making sure the best practices are updated on timely manner.
The benchmarks are basically available for multiple platforms including:
- All the public cloud providers.
- Softwares
- DevSecOps tools
- Mobile devices
- Operating Systems
- and much more.
You can find their extensive list here: https://learn.cisecurity.org/benchmarks
CIS Benchmarks: Download PDF for your platform
For downloading the PDF files you just need to provide some general details about yourself.
Once done, press "Submit" and you will receive an email with the link from where you can download all kinds of benchmarks.
It looks something like this:
Upon pressing "Access PDFs" you will be routed to their extensive list of benchmarks which looks something like this:
You can choose whatever you want to, but since we are interested in Kubernetes as of now, we will scroll down to the Kubernetes section.
And the good part here is, this is not limited to vanilla Kubernetes, we can even download benchmarks for all the Kubernetes flavours like EKS from AWS, AKS from Azure, GKE from Google, etc.
Once you download a specific PDF, you will see it contains a great amount of details including recommendations, problem statement, impact, remediation, etc.
Now, if you have observed the PDF contains thousands of recommendations and going thru them and applying them one by one is a time-consuming task and just imagine you have 100s of clusters. Though I would recommend you to at-least go thru it once and get an idea of what all details it contains and how we can make use of it.
To make our lives easier there are couple of tools which can help us to automate this process and help us to identify where we are lacking. So that we can fix them quickly.
CIS Benchmarks: Tools
There are couple of tools which are managed by CIS itself like CIS-CAT Lite/CIS-CAT Pro/etc. CIS-CAT Lite is a free version and it supports a limited options excluding Kubernetes. CIS-CAT Pro is the one which supports Kubernetes but it is just available for CIS SecureSuite Members.
Ref. https://www.cisecurity.org/cybersecurity-tools for more details about the tools.
Now, let's talk about the good part, the community has given us couple of opensource tools which does the same
