on the etcd data directory found above). For example, chmod 700 /var/lib/etcd Audit Script: 1.1.11.sh #!/bin/bash -e etcd_bin=${1} test_dir=$(ps -ef | grep ${etcd_bin} | grep -- --data-dir | sed 's% HostConfig.Binds[]' | grep "$ {test_dir}" | cut -d ":" -f 1 | xargs stat -c %a Audit Execution: ./1.1.11.sh etcd Expected result: '700' is equal to '700' 1.1.12 Ensure that the etcd data directory ownership etcd data directory found above). For example, chown etcd:etcd /var/lib/etcd Audit Script: 1.1.12.sh #!/bin/bash -e etcd_bin=${1} test_dir=$(ps -ef | grep ${etcd_bin} | grep -- --data-dir | sed 's%

on the etcd data directory found above). For example, chmod 700 /var/lib/etcd Audit Script: 1.1.11.sh #!/bin/bash -e etcd_bin=${1} test_dir=$(ps -ef | grep ${etcd_bin} | grep -- --data-dir | sed 's% HostConfig.Binds[]' | grep "$ {test_dir}" | cut -d ":" -f 1 | xargs stat -c %a Audit Execution: ./1.1.11.sh etcd Expected result: '700' is equal to '700' 1.1.12 Ensure that the etcd data directory ownership etcd data directory found above). For example, chown etcd:etcd /var/lib/etcd Audit Script: 1.1.12.sh #!/bin/bash -e etcd_bin=${1} test_dir=$(ps -ef | grep ${etcd_bin} | grep -- --data-dir | sed 's%

master node. For example, chown -R root:root / etc/kubernetes/pki/ Audit: check_files_owner_in_dir.sh /node/etc/kubernetes/ssl Expected Result: 'true' is equal to 'true' Audit Script: #!/usr/bin/env master node. For example, chmod -R 644 /etc/ kubernetes/pki/*.crt Audit: check_files_permissions.sh /node/etc/kubernetes/ssl/!(*key).pe m Expected Result: 'true' is equal to 'true' Audit Script: master node. For example, chmod -R 600 /etc/ kubernetes/ssl/*key.pem Audit: check_files_permissions.sh /node/etc/kubernetes/ssl/*key.pem 600 Expected Result: 'true' is equal to 'true' Audit Script:

githubusercontent.com/helm/helm/master/scripts /get-helm-3 | bash Option2 $ curl -sfL https://get.helm.sh/helm-v3.5.3-linux- amd64.tar.gz -o helm.tgz $ tar xf helm.tgz $ mv linux-amd64/helm /usr/local/bin/ SDC by running the get_vxflexos_info.sh script. 4. Copy the csi-vxflexos/values.yaml into a file called myvalues.yaml in the same directory as the csi-install.sh script. 5. Edit myvalues.yaml to set PowerFlex system IP details and credentials. 7. Run the following sh csi-install.sh command to proceed with the installation: $ sh csi-install.sh --namespace vxflexos –values myvalues.yaml 8. Run the following

automountServiceAccountToken: false Create a bash script file called account_update.sh. Be sure to chmod +x account_update.sh so the script has execute permissions. #!/bin/bash -e for namespace in $(kubectl Egress Create a bash script file called apply_networkPolicy_to_all_ns.sh. Be sure to chmod +x apply_networkPolicy_to_all_ns.sh so the script has execute permissions. #!/bin/bash -e for namespace in - sysctl -w kernel.panic_on_oops=1 - curl https://releases.rancher.com/install-docker/18.09.sh | sh - usermod -aG docker ubuntu - return=1; while [ $return != 0 ]; do sleep 2; docker ps; return=$

automountServiceAccountToken: false Create a bash script file called account_update.sh. Be sure to chmod +x account_update.sh so the script has execute permissions. #!/bin/bash -e for namespace in $(kubectl Egress Create a bash script file called apply_networkPolicy_to_all_ns.sh. Be sure to chmod +x apply_networkPolicy_to_all_ns.sh so the script has execute permissions. Hardening Guide v2.4 6 #!/bin/bash - sysctl -w kernel.panic_on_oops=1 - curl https://releases.rancher.com/install-docker/18.09.sh | sh - usermod -aG docker ubuntu - return=1; while [ $return != 0 ]; do sleep 2; docker ps; return=$

RKE2 installation script: curl -sfL https://get.rke2.io -o install.sh b. Make the installation script executable. chmod +x install.sh c. Set the installation variables to point to the desired release INSTALL_RKE2_CHANNEL_URL=https://github.com/rancher/rke2/releases d. Run the installation script. ./install.sh This script installs the rke2-server service. e. Enable and start the rke2-server service. systemctl io -o install.sh b. Make the installation script executable. chmod +x install.sh c. Set the installation type. INSTALL_RKE2_TYPE="agent" d. Run the installation script. ./install.sh This script

INSTALL_RKE2_TYPE=server $ export INSTALL_RKE2_VERSION= $ curl -sfL https://get.rke2.io | sh - $ systemctl enable --now rke2-server.service Connect to the nodes dedicated as workers of the RKE INSTALL_RKE2_TYPE=agent $ export INSTALL_RKE2_VERSION= $ curl -sfL https://get.rke2.io | sh - $ systemctl enable --now rke2-agent.service More details can be found in the RKE 2 documentation:

...... 33 1. 概要 1.1. 环境说明 系统相关的登录账号、密码信息如下： 访问地址 账号 / 密码 描述 https://k8sadmin.sxc.sh/ Rancher UI Page 5 2. 系统登陆 2.1. 概述 通过 Rancher Server URL 登陆到 Rancher UI 管理平台。