arno/kube-bench
1
0
Fork 0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2025-06-23 00:19:07 +00:00
Code Issues Releases Wiki Activity

No need to run install.sh.

Browse Source 
Simply clone the project, compile the go app and run ./cis_kubernetes
This commit is contained in:
Amir Jerbi 2017-06-20 00:03:46 +03:00
parent 26cc77ec1d
commit 55fd838191
4 changed files with 20 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
README.md
View File

@ -8,15 +8,27 @@ Tests are configured with YAML files, making this tool easy to update as test sp
You will need to run this application on the target machines that you want to test. You will need to run this application on the target machines that you want to test.
If Go is installed on the target machines, you can simply clone this repository, build and install as follows: If Go is installed on the target machines, you can simply clone this repository and as follows:
```go build -o cis_kubernetes .``` ```go build -o cis_kubernetes .```
```./install.sh```
The installation script creates a directory ~/.cis_kubernetes and copies the test config files there. ## Usage
```./cis_kubernetes [command]```
Available Commands:
master Checks for Kubernetes master node
node Checks for Kubernetes node
federated Checks for Kubernetes federated deployment
help Help information
Flags:
-c, --check string A comma-delimited list of checks to run as specified in CIS document. Example --check="1.1.1,1.1.2"
-g, --group string Run all the checks under this comma-delimited list of groups. Example --group="1.1"
-h, --help help for cis_kubernetes
--json Output results as JSON
## Test config YAML representation ## Test config YAML representation
The tests are represented as YAML documents (installed by default into ~/.cis_kubernetes). The tests are represented as YAML documents (installed by default into ./cfg).
An example is as listed below: An example is as listed below:
``` ```

6
cfg/config.yaml
View File

@ -3,9 +3,9 @@
# These are YAML files that hold all the details for running checks. # These are YAML files that hold all the details for running checks.
# #
## Uncomment to use different control file paths. ## Uncomment to use different control file paths.
# masterControls: $HOME/.cis_kubernetes/master.yaml # masterControls: ./cfg/master.yaml
# nodeControls: $HOME/.cis_kubernetes/node.yaml # nodeControls: ./cfg/node.yaml
# federatedControls: $HOME/.cis_kubernetes/federated.yaml # federatedControls: ./cfg/federated.yaml
## Configuration Directories. ## Configuration Directories.
# Specifies the directories to look for configuration files # Specifies the directories to look for configuration files

2
cmd/root.go
View File

@ -23,7 +23,7 @@ import (
) )
var ( var (
cfgDir = os.Getenv("HOME") + "/.cis_kubernetes" cfgDir = "./cfg"
cfgFile string cfgFile string
jsonFmt bool jsonFmt bool

12
install.sh
View File

@ -1,12 +0,0 @@
#!/bin/bash
cfgdir="$HOME/.cis_kubernetes"
echo "create cis_kubernetes configuration directory"
mkdir $cfgdir
echo "copy cis_kubernetes configuration file"
cp cfg/config.yaml $cfgdir
echo "copy controls files to configuration directory"
cp cfg/{master,node,federated}.yaml $cfgdir