mirror of
https://github.com/aquasecurity/kube-bench.git
synced 2024-12-18 20:58:10 +00:00
Merge pull request #130 from aquasecurity/fix-typo
A bunch of text edits
This commit is contained in:
commit
c0d80b4669
33
README.md
33
README.md
@ -37,6 +37,19 @@ You can even use your own configs by mounting them over the default ones in `/op
|
||||
docker run --pid=host -v path/to/my-config.yaml:/opt/kube-bench/cfg/config.yaml aquasec/kube-bench:latest <master|node>
|
||||
```
|
||||
|
||||
### Running in a kubernetes cluster
|
||||
Run the master check
|
||||
|
||||
```
|
||||
kubectl run --rm -i -t kube-bench-master --image=aquasec/kube-bench:latest --restart=Never --overrides="{ \"apiVersion\": \"v1\", \"spec\": { \"hostPID\": true, \"nodeSelector\": { \"kubernetes.io/role\": \"master\" }, \"tolerations\": [ { \"key\": \"node-role.kubernetes.io/master\", \"operator\": \"Exists\", \"effect\": \"NoSchedule\" } ] } }" -- master --version 1.8
|
||||
```
|
||||
|
||||
Run the node check
|
||||
|
||||
```
|
||||
kubectl run --rm -i -t kube-bench-node --image=aquasec/kube-bench:latest --restart=Never --overrides="{ \"apiVersion\": \"v1\", \"spec\": { \"hostPID\": true } }" -- node --version 1.8
|
||||
```
|
||||
|
||||
### Installing from a container
|
||||
|
||||
This command copies the kube-bench binary and configuration files to your host from the Docker container:
|
||||
@ -55,25 +68,13 @@ go get github.com/Masterminds/glide
|
||||
cd $GOPATH/src/github.com/aquasecurity/kube-bench
|
||||
$GOPATH/bin/glide install
|
||||
go build -o kube-bench .
|
||||
./kube-bench <master|node>
|
||||
```
|
||||
|
||||
## Usage
|
||||
```./kube-bench [command]```
|
||||
# See all supported options
|
||||
./kube-bench --help
|
||||
|
||||
```
|
||||
Available Commands:
|
||||
federated Run benchmark checks for a Kubernetes federated deployment.
|
||||
help Help about any command
|
||||
master Run benchmark checks for a Kubernetes master node.
|
||||
node Run benchmark checks for a Kubernetes node.
|
||||
# Run the all checks on a master node
|
||||
./kube-bench master
|
||||
|
||||
Flags:
|
||||
-c, --check string A comma-delimited list of checks to run as specified in CIS document. Example --check="1.1.1,1.1.2"
|
||||
--config string config file (default is ./cfg/config.yaml)
|
||||
-g, --group string Run all the checks under this comma-delimited list of groups. Example --group="1.1"
|
||||
--json Prints the results as JSON
|
||||
-v, --verbose verbose output (default false)
|
||||
```
|
||||
|
||||
## Configuration
|
||||
|
@ -418,7 +418,7 @@ groups:
|
||||
|
||||
- id: 1.1.26
|
||||
text: "Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as
|
||||
appropriate (Scored"
|
||||
appropriate (Scored)"
|
||||
audit: "ps -ef | grep $apiserverbin | grep -v grep"
|
||||
tests:
|
||||
bin_op: and
|
||||
@ -666,7 +666,7 @@ groups:
|
||||
scored: true
|
||||
|
||||
- id: 1.3.3
|
||||
text: "Ensure that the --use-service-account-credentials argument is set"
|
||||
text: "Ensure that the --use-service-account-credentials argument is set (Scored)"
|
||||
audit: "ps -ef | grep $controllermanagerbin | grep -v grep"
|
||||
tests:
|
||||
test_items:
|
||||
|
@ -46,7 +46,7 @@ var (
|
||||
var RootCmd = &cobra.Command{
|
||||
Use: os.Args[0],
|
||||
Short: "Run CIS Benchmarks checks against a Kubernetes deployment",
|
||||
Long: `This tool runs the CIS Kubernetes 1.6 Benchmark v1.0.0 checks.`,
|
||||
Long: `This tool runs the CIS Kubernetes Benchmark (http://www.cisecurity.org/benchmark/kubernetes/)`,
|
||||
}
|
||||
|
||||
// Execute adds all child commands to the root command sets flags appropriately.
|
||||
@ -65,7 +65,7 @@ func init() {
|
||||
cobra.OnInitialize(initConfig)
|
||||
|
||||
// Output control
|
||||
RootCmd.PersistentFlags().BoolVar(&noResults, "noresults", false, "Disable prints of results section")
|
||||
RootCmd.PersistentFlags().BoolVar(&noResults, "noresults", false, "Disable printing of results section")
|
||||
RootCmd.PersistentFlags().BoolVar(&noSummary, "nosummary", false, "Disable printing of summary section")
|
||||
RootCmd.PersistentFlags().BoolVar(&noRemediations, "noremediations", false, "Disable printing of remediations section")
|
||||
RootCmd.PersistentFlags().BoolVar(&jsonFmt, "json", false, "Prints the results as JSON")
|
||||
|
Loading…
Reference in New Issue
Block a user