Readme file, including the test config format documentation

7 years ago · 1b0813c42c
parent 281cb60c74
commit 1b0813c42c
2 changed files with 63 additions and 58 deletions
--- a/README.md
+++ b/README.md
@ -6,8 +6,68 @@ Tests are configured with YAML files, making this tool easy to update as test sp

 ## Installation

-Install by cloning this repository and running 
+You will need to run this application on the target machines that you want to test. 
+
+If Go is installed on the target machines, you can simply clone this repository, build and install as follows: 
+
+```go build -o cis_kubernetes .```
+```./install.sh```
+
+The installation script creates a directory ~/.cis_kubernetes and copies the test config files there. 
+
+## Test config YAML representation
+The tests are represented as YAML documents (installed by default into ~/.cis_kubernetes).
+
+An example is as listed below:
+```
+---
+controls:
+id: 1
+text: "Master Checks"
+type: "master"
+groups:
+- id: 1.1
+  text: "Kube-apiserver"
+  checks:
+    - id: 1.1.1
+      text: "Ensure that the --allow-privileged argument is set (Scored)"
+      audit: "ps -ef | grep kube-apiserver | grep -v grep"
+      tests:
+      - flag: "--allow-privileged"
+        set: true
+      remediation: "Edit the /etc/kubernetes/config file on the master node and set the KUBE_ALLOW_PRIV parameter to '--allow-privileged=false'"
+      scored: true
+```
+
+Recommendations (called `checks` in this document) can run on Kubernetes Master, Node or Federated API Servers.
+Checks are organized into `groups` which share similar controls (things to check for) and are grouped together in the section of the CIS Kubernetes document.
+These groups are further organized under `controls` which can be of the type `master`, `node` or `federated apiserver` to reflect the various Kubernetes node types.
+
+## Tests
+Tests are the items we actually look for to determine if a check is successful or not. Checks can have multiple tests, which must all be successful for the check to pass.
+
+The syntax for tests:
+```
+tests:
+- flag:
+  set:
+  compare:
+    op:
+    value:
+...
+```
+Tests have various `operations` which are used to compare the output of audit commands for success.
+These operations are:
+
+- `eq`: tests if the flag value is equal to the compared value.
+- `noteq`: tests if the flag value is unequal to the compared value.
+- `gt`: tests if the flag value is greater than the compared value.
+- `gte`: tests if the flag value is greater than or equal to the compared value.
+- `lt`: tests if the flag value is less than the compared value.
+- `lte`: tests if the flag value is less than or equal to the compared value.
+- `has`: tests if the flag value contains the compared value.
+- `nothave`: tests if the flag value does not contain the compared value.
+
+

-```make install```

-This builds the application and also copies the test configuration files into a .cis_kubernetes directory in your home directory. 
--- a/check/README.md
+++ b/check/README.md
@ -1,55 +0,0 @@
-# Checks
-Checks are recommendations from the Center for Internet Security for Kubernetes 1.6+ installations.
-
-## YAML Representation
-In this application these recommendations are represented as YAML documents.
-An example is as listed below:
-```
---
-controls:
-id: 1
-text: "Master Checks"
-type: "master"
-groups:
- id: 1.1
-  text: "Kube-apiserver"
-  checks:
-    - id: 1.1.1
-      text: "Ensure that the --allow-privileged argument is set (Scored)"
-      audit: "ps -ef | grep kube-apiserver | grep -v grep"
-      tests:
-      - flag: "--allow-privileged"
-        set: true
-      remediation: "Edit the /etc/kubernetes/config file on the master node and set the KUBE_ALLOW_PRIV parameter to '--allow-privileged=false'"
-      scored: true
-```
-
-Recommendations (called `checks` in this document) can run on Kubernetes Master, Node or Federated API Servers.
-Checks are organized into `groups` which share similar controls (things to check for) and are grouped together in the section of the CIS Kubernetes document.
-These groups are further organized under `controls` which can be of the type `master`, `node` or `federated apiserver` to reflect the various Kubernetes node types.
-
-## Tests
-Tests are the items we actually look for to determine if a check is successful or not. Checks can have multiple tests, which must all be successful for the check to pass.
-
-The syntax for tests:
-```
-tests:
- flag:
-  set:
-  compare:
-    op:
-    value:
-...
-```
-Tests have various `operations` which are used to compare the output of audit commands for success.
-These operations are:
-
- `eq`: tests if the flag value is equal to the compared value.
- `noteq`: tests if the flag value is unequal to the compared value.
- `gt`: tests if the flag value is greater than the compared value.
- `gte`: tests if the flag value is greater than or equal to the compared value.
- `lt`: tests if the flag value is less than the compared value.
- `lte`: tests if the flag value is less than or equal to the compared value.
- `has`: tests if the flag value contains the compared value.
- `nothave`: tests if the flag value does not contain the compared value.
-