arno/kube-bench
1
0
Fork 0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-11-29 11:28:14 +00:00
Code Issues Releases Wiki Activity

Fix supported targets for EKS benchmark (#648)

Browse Source 
* Fix supported targets for EKS benchmark

* docs: heading at wrong level in README

* docs: remove duplicate TOC heading

* Fix invalid argument for gem install

Co-authored-by: Liz Rice <liz@lizrice.com>
This commit is contained in:
Matthieu ANTOINE 2020-07-29 15:40:59 +02:00 committed by GitHub
parent 2a325bd60d
commit ea4eaa6fd5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 55 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.travis.yml
View File

@ -11,7 +11,7 @@ before_install:
- sudo apt-get -qq update - sudo apt-get -qq update
- sudo apt-get install -y rpm - sudo apt-get install -y rpm
- pip install --user yamllint==1.18.0 - pip install --user yamllint==1.18.0
- gem install --no-ri --no-rdoc fpm - gem install --no-document fpm
- go get -t -v ./... - go get -t -v ./...
script: script:

47
README.md
View File

@ -26,27 +26,28 @@ Tests are configured with YAML files, making this tool easy to update as test sp
Table of Contents Table of Contents
================= =================
* [CIS Kubernetes Benchmark support](#cis-kubernetes-benchmark-support) - [CIS Kubernetes Benchmark support](#cis-kubernetes-benchmark-support)
* [Installation](#installation) - [Installation](#installation)
* [Running kube-bench](#running-kube-bench) - [Running kube-bench](#running-kube-bench)
* [Running inside a container](#running-inside-a-container) - [Running inside a container](#running-inside-a-container)
* [Running in a kubernetes cluster](#running-in-a-kubernetes-cluster) - [Running in a Kubernetes cluster](#running-in-a-kubernetes-cluster)
* [Running in an Azure Kubernetes Service(AKS) cluster](#running-in-an-aks-cluster) - [Running in an AKS cluster](#running-in-an-aks-cluster)
* [Running in an EKS cluster](#running-in-an-eks-cluster) - [Running in an EKS cluster](#running-in-an-eks-cluster)
* [Installing from a container](#installing-from-a-container) - [Installing from a container](#installing-from-a-container)
* [Installing from sources](#installing-from-sources) - [Installing from sources](#installing-from-sources)
* [Running on OpenShift](#running-on-openshift) - [Running on OpenShift](#running-on-openshift)
* [Output](#output) - [Running in an GKE cluster](#running-in-an-gke-cluster)
* [Configuration](#configuration) - [Output](#output)
* [Troubleshooting](#troubleshooting) - [Configuration](#configuration)
* [Test config YAML representation](#test-config-yaml-representation) - [Troubleshooting](#troubleshooting)
* [Omitting checks](#omitting-checks) - [Test config YAML representation](#test-config-yaml-representation)
* [Roadmap](#roadmap) - [Omitting checks](#omitting-checks)
* [Testing locally with kind](#testing-locally-with-kind) - [Roadmap](#roadmap)
* [Contributing](#contributing) - [Testing locally with kind](#testing-locally-with-kind)
* [Bugs](#bugs) - [Contributing](#contributing)
* [Features](#features) - [Bugs](#bugs)
* [Pull Requests](#pull-requests) - [Features](#features)
- [Pull Requests](#pull-requests)
## CIS Kubernetes Benchmark support ## CIS Kubernetes Benchmark support
@ -122,7 +123,7 @@ The following table shows the valid targets based on the CIS Benchmark version.
| cis-1.4| master, node | | cis-1.4| master, node |
| cis-1.5| master, controlplane, node, etcd, policies | | cis-1.5| master, controlplane, node, etcd, policies |
| gke-1.0| master, controlplane, node, etcd, policies, managedservices | | gke-1.0| master, controlplane, node, etcd, policies, managedservices |
| eks-1.0| node, policies, managedservices | | eks-1.0| controlplane, node, policies, managedservices |
If no targets are specified, `kube-bench` will determine the appropriate targets based on the CIS Benchmark version. If no targets are specified, `kube-bench` will determine the appropriate targets based on the CIS Benchmark version.
@ -257,7 +258,7 @@ go build -o kube-bench .
./kube-bench ./kube-bench
``` ```
## Running on OpenShift ### Running on OpenShift
| OpenShift Hardening Guide | kube-bench config | | OpenShift Hardening Guide | kube-bench config |
|---|---| |---|---|

1
cmd/common.go
View File

@ -422,6 +422,7 @@ var benchmarkVersionToTargetsMap = map[string][]string{
"cis-1.4": []string{string(check.MASTER), string(check.NODE)}, "cis-1.4": []string{string(check.MASTER), string(check.NODE)},
"cis-1.5": []string{string(check.MASTER), string(check.NODE), string(check.CONTROLPLANE), string(check.ETCD), string(check.POLICIES)}, "cis-1.5": []string{string(check.MASTER), string(check.NODE), string(check.CONTROLPLANE), string(check.ETCD), string(check.POLICIES)},
"gke-1.0": []string{string(check.MASTER), string(check.NODE), string(check.CONTROLPLANE), string(check.ETCD), string(check.POLICIES), string(check.MANAGEDSERVICES)}, "gke-1.0": []string{string(check.MASTER), string(check.NODE), string(check.CONTROLPLANE), string(check.ETCD), string(check.POLICIES), string(check.MANAGEDSERVICES)},
"eks-1.0": []string{string(check.NODE), string(check.CONTROLPLANE), string(check.POLICIES), string(check.MANAGEDSERVICES)},
} }
// validTargets helps determine if the targets // validTargets helps determine if the targets

6
cmd/common_test.go
View File

@ -399,6 +399,12 @@ func TestValidTargets(t *testing.T) {
targets: []string{"master", "node", "controlplane", "etcd", "policies", "managedservices"}, targets: []string{"master", "node", "controlplane", "etcd", "policies", "managedservices"},
expected: true, expected: true,
}, },
{
name: "eks-1.0 valid",
benchmark: "eks-1.0",
targets: []string{"node", "policies", "controlplane", "managedservices"},
expected: true,
},
} }
for _, c := range cases { for _, c := range cases {