Liz Rice
dc8dcfbf8c
Merge pull request #211 from yoavAqua/support-skip-flag
...
Type skip and not scored checks
5 years ago
Yoav Hizkiahou
49f745af8e
Support new check type - skip:
...
If a check is marked with type "skip", it will be marked as Info.
Support scored property:
If a check is not scored and is not marked with type skip, it will be marked as Warn.
5 years ago
Liz Rice
ba437d500a
Merge pull request #206 from westonsteimel/no_runningversion_if_version_set
...
Only get runningVersion if --version has not been provided
5 years ago
Weston Steimel
42f4152058
Only get runningVersion if --version has not been provided
...
Signed-off-by: Weston Steimel <weston.steimel@gmail.com>
5 years ago
Liz Rice
8dabb7dc37
Merge pull request #201 from aquasecurity/yam-comment
...
Comment why we mount /usr/bin
5 years ago
Liz Rice
f2062e81a1
Comment why /usr/bin is mounted
5 years ago
Liz Rice
528bcfbffe
Update job-node.yaml
5 years ago
Liz Rice
3422b9102f
Add comment for why /usr/bin is mounted
5 years ago
Liz Rice
86b126ad2b
Create NOTICE ( #199 )
...
* Create NOTICE
* Update NOTICE
5 years ago
Liz Rice
827945f7fb
Merge pull request #200 from spuder/patch-1
...
warn osx limitation
5 years ago
Liz Rice
79427e185e
Merge branch 'master' into patch-1
5 years ago
Liz Rice
6b9ceae9d4
True for Windows too
5 years ago
Liz Rice
fbd6eb8ff5
Merge pull request #198 from aquasecurity/mount-volumes
...
For #197 - create job YAML files that mount host volumes as needed
5 years ago
Spencer Owen
2a9a02f25b
warn osx limitation
5 years ago
Liz Rice
8021610e46
For #197 - create job YAML files that mount host volumes as needed
5 years ago
Liz Rice
2eef3e8ad2
Merge pull request #193 from maxbischoff/patch-1
...
Changed 1.1.14 to not fail when flag is not set
5 years ago
Maximilian Bischoff
791fbba9e7
Changed 1.1.14 to not fail when flag is not set
...
Added another test item that checks whether --disable-admission-plugins is not set and an "or" bin_op.
This causes check 1.1.14 to be successful when the flag is not set, while still failing when the flag is set and includes the value NamespaceLifecycle
5 years ago
Liz Rice
f6cab11357
Merge pull request #187 from martinmosegaard/doc-kubectl-host-pid
...
Document limitation of running with kubectl
5 years ago
Liz Rice
9f2899027e
Merge branch 'master' into doc-kubectl-host-pid
5 years ago
Liz Rice
313fe038f6
Merge pull request #188 from martinmosegaard/rm-space-tls-cipher
...
Remove spaces in remediation command for tls-cipher-suites
5 years ago
Liz Rice
2d721ed4ad
Merge branch 'master' into rm-space-tls-cipher
5 years ago
Liz Rice
799b928054
Merge pull request #189 from Congelli501/patch-1
...
Typo: trailing whitespace for rule text
5 years ago
Liz Rice
3a662b3ff6
Merge branch 'master' into doc-kubectl-host-pid
5 years ago
Liz Rice
f902b30110
Merge branch 'master' into rm-space-tls-cipher
5 years ago
Liz Rice
b52a88214f
Merge branch 'master' into patch-1
5 years ago
Liz Rice
bfdd921f3d
Merge pull request #190 from Congelli501/patch-2
...
Advise the use to mount /etc & /var read only for docker usage
5 years ago
Colin GILLE
af7ad90477
Advise the use to mount /etc & /var read only for docker usage
5 years ago
Colin GILLE
ffe7ffb3d3
Type: trailing whitespace for rule text
5 years ago
Martin Mosegaard Amdisen
fd120d0adf
Remove spaces in remediation command for tls-cipher-suites
...
Makes it easier to copy-paste the remediation. Matches the other occurences
of tls-cipher-suites in the configuration.
5 years ago
Martin Mosegaard Amdisen
ba03d8f64b
Document limitation of running with kubectl
...
Once the master node recommended check:
1.1.12 Ensure that the admission control plugin DenyEscalatingExec is set
has been followed, it is no longer possible to run kube-bench itself using kubectl.
5 years ago
Liz Rice
21f7902288
Merge pull request #183 from s1lv3r40/master
...
Fixing Node Check - 2.1.15 typos
5 years ago
Liz Rice
26e28b8897
Merge branch 'master' into master
5 years ago
Liz Rice
ae1812b4db
Merge pull request #185 from maxbischoff/patch-1
...
Added missing "=" to master.yaml
5 years ago
Liz Rice
1534a4aea8
Merge branch 'master' into patch-1
5 years ago
Liz Rice
28a57ff1a3
Merge branch 'master' into master
5 years ago
Liz Rice
41fe066039
Merge pull request #186 from seslattery/seslattery-patch-1
...
Fix typo on README.md
5 years ago
Sean Slattery
5ca498cd50
Fix typo on README.md
5 years ago
Maximilian Bischoff
e81b785bf8
Added missing "=" to master.yaml
...
In the remediation of 1.1.11 the flag --enable-admission-plugins was missing a =
5 years ago
Vladimir Dimov
645d23e1ec
fixing typos 2.1.15
5 years ago
Liz Rice
52d6ac717d
Merge pull request #181 from aquasecurity/config-file-location-mount
...
read config files from host /etc
6 years ago
Liz Rice
bdbbe41b69
Also /var
6 years ago
Liz Rice
ba9985047c
read config files from host /etc
...
I don't see how kube-bench can check the permissions on files unless it has access to them on the host, so I think we need to be mounting the /etc directory from the host
6 years ago
Liz Rice
5fe702edbe
Merge pull request #175 from aquasecurity/fix-2.1.8
...
Fix node check 2.1.8
6 years ago
Liz Rice
6e80b6477a
Merge branch 'master' into fix-2.1.8
6 years ago
Liz Rice
e1f5bb1ace
Merge pull request #173 from aquasecurity/fix-1.1.37
...
Fix check 1.1.37.
6 years ago
Liz Rice
6d8788071f
Merge branch 'master' into fix-2.1.8
6 years ago
Liz Rice
f42243e9b5
Merge branch 'master' into fix-1.1.37
6 years ago
Liz Rice
d004acdbba
Merge pull request #174 from johscheuer/correct-readme
...
Correct readme for 1.11 example
6 years ago
Abubakr-Sadik Nii Nai Davis
0a5358665e
By default --make-iptables-util-chain is true, so PASS if this flag is not set.
6 years ago
Abubakr-Sadik Nii Nai Davis
4f40a11e84
Change binary op from and to or.
6 years ago