kube-bench

Commit Graph

Author	SHA1	Message	Date
James Ward	5f34058dc7	Support Linting YAML as part of Travis CI build (#554 ) * add yamllint command to travis CI installs and runs a linter across the YAML in the project to ensure consistency in the written YAML. this uses yamllint and the default yamllint config with "truthy" and "line-length" disabled. * run dos2unix on CRLF files * YAMLLINT: remove trailing spaces * YAMLLint: add YAML document start * YAMLLint: too many spaces around bracket * YAMLLint: fix indentation * YAMLLint: remove duplicate key * YAMLLint: newline at end of file * YAMLLint: Too few spaces after comma * YAMLLint: too many spaces after colon	4 years ago
Roberto Rojas	13193d75b0	Fixes Issue #535 (#537 ) * isEtcd should not run on openshift 3.10/3.11 * adds openssl * fixed tests * fixes bugs * adds isEtcd tests	5 years ago
Huang Huang	4a07f87e6f	Fix remediations about file permission (#534 ) * Fix remediation of 2.2.3 in cis-1.3 * Fix remediation of 4.1.1 in cis-1.5	5 years ago
Mateus Caruccio	6e1c39237a	Openshift configs (#526 ) * Adds openshift to autodetect node type * detect okd node units	5 years ago
Roberto Rojas	af976e6f50	Fixes Issue #494 - add tests for CIS 1.5 (#530 ) * Initial commit. * Add master and node config. * Add section 5 of CIS 1.5.1. * Split sections into section files * Fix YAML issues. * adds target translation * adds target translation * adds cis-1.5 mapping * fixed tests * fixes are per PR * fixed intergration test * integration kind test file to appropriate ks8 version * fixed etcd text * fixed README * fixed text * etcd: fixed grep path * etcd: fixes * fixed error message bug * Update README.md Co-Authored-By: Liz Rice <liz@lizrice.com> * Update README.md Co-Authored-By: Liz Rice <liz@lizrice.com> * fixes as per PR review	5 years ago
Huang Huang	7015f4b4b5	Fix remediation of 2.2.3 (#527 )	5 years ago
Roberto Rojas	9c6d4de860	Issue #421 : Merges PR #422 with master (#523 ) * Add kubeconfig location of kube-proxy for AKS * Add job for AKS node * Automate ca file permission check * removed job-aks.yaml as other PRs added needed features * fixed integration test due to merge changes	5 years ago
Liz Rice	d7b5422e8a	Fix detection of encryption-provider-config (#513 ) Fixes: https://github.com/aquasecurity/kube-bench/issues/420 Signed-off-by: Manuel Rüger <manuel@rueg.eu>	5 years ago
Roberto Rojas	7ca438b618	Fixes Issue 269 - Numbering to use CIS Versions (#511 ) * starting benchmark flag * Revert "starting benchmark flag" This reverts commit `58fc948626`. * fixes issue #269 * add more unit tests * fix bug * Update cmd/common.go Co-Authored-By: Liz Rice <liz@lizrice.com> * fixes as per PR review * fixes as per PR review * adds more tests * fixed tests * changes as per PR Review * changes as per PR Review * updated README * Update README.md Co-Authored-By: Liz Rice <liz@lizrice.com> * Update README.md Co-Authored-By: Liz Rice <liz@lizrice.com> * Update README.md Co-Authored-By: Liz Rice <liz@lizrice.com> * Update README.md Co-Authored-By: Liz Rice <liz@lizrice.com> * changes are per PR review	5 years ago
mwwolters	8276e521d4	Changed 1.3.3 to check that --use-service-account-credentials isn't set to false, but the flag is set (#442 )	5 years ago
Roberto Rojas	13fe1cdfb8	Fixes issue #501 : specifying absolute path for both ps and cat (#508 ) * fixes issue #501 * specify abolute path for ps and cat	5 years ago
Kevin W Monroe	04946a48fb	add snap component paths to default config (#414 )	5 years ago
Prem Kumar	01ee110ac4	Fix repetitive flags in some ocp-3.11 tests (#462 ) * fix flag repetition in ocp-3.11/node.yaml * fix flag repetition in ocp-3.11/master.yaml	5 years ago
Arpit Pandey	ce0137a31a	Fix few typos (#469 )	5 years ago
Simarpreet Singh	d77eab2234	master.yaml: Add --audit-policy-file check for 1.1.37. (#440 ) * master.yaml: Add --audit-policy-file check for 1.1.37. Signed-off-by: Simarpreet Singh <simar@linux.com> * fix-177: fix line endings Signed-off-by: Simarpreet Singh <simar@linux.com>	5 years ago
Simarpreet Singh	d12a45bba9	Properly initialize viper library when checking for master components (#434 ) * common_test: Add a failing test to show the SISEGV Signed-off-by: Simarpreet Singh <simar@linux.com> * common: Go green by fixing isMaster() to instantiate viper Signed-off-by: Simarpreet Singh <simar@linux.com> * common: Inject a seam for getBinariesFunc to be patched-in. Also adds additional tests to showcase unhappy behaviors. Signed-off-by: Simarpreet Singh <simar@linux.com> * common_test: Rename TestIsMaster() Signed-off-by: Simarpreet Singh <simar@linux.com> * common: init viper with master config Signed-off-by: Simarpreet Singh <simar@linux.com> * common: Add a pre-check if valid yaml is passed but doesn't include master. Also adds additional tests to showcase unhappy behaviors. Signed-off-by: Simarpreet Singh <simar@linux.com> * mod: Upgrade viper to v1.4.0 Signed-off-by: Simarpreet Singh <simar@linux.com> * common: Refactor node only yaml to a file Signed-off-by: Simarpreet Singh <simar@linux.com> * common: Log when master components are not found Signed-off-by: Simarpreet Singh <simar@linux.com> * common_test: Refactor subtests into a table Signed-off-by: Simarpreet Singh <simar@linux.com>	5 years ago
Roberto Rojas	a6ee61fd08	Fixes issue #289 : removed versions prior to 1.11 (#429 ) * removed version prior to 1.11 * removed references to kubernetes versions prior to 1.11	5 years ago
Roberto Rojas	3aa41db166	Issue #353 : Merges JSON and Exec Params files (#426 ) * starts fixes #353 * new approach to minize duplications * applied merged yaml files for v1.11 and v1.13 * yaml files json/params merged * fixes to remove double quotes from numbers and booleans * fixed bug * fixed certificate check * removed -json files * changes based on PR review * Update check/check_test.go Yay more tests! Co-Authored-By: Liz Rice <liz@lizrice.com> * changes as PR review * fixed bug when scored check is missing tests * attempt to improve the code * fixed list breaks * removes handleError function * Update check/check.go Accepting suggested log level. Co-Authored-By: Liz Rice <liz@lizrice.com>	5 years ago
Roberto Rojas	c22f81610d	removes federated (#431 )	5 years ago
yoavrotems	89afda1f63	Add [Manual test] to remediation in all the manual tests (#435 )	5 years ago
Simarpreet Singh	37f626dce6	cfg: Make proxy checks optional (#436 ) Signed-off-by: Simarpreet Singh <simar@linux.com>	5 years ago
Roberto Rojas	41e0ae77de	changes to use the "op: valid_elements" operation to manage list of items (#402 )	5 years ago
yoavrotems	ea9089bd42	update the yaml according (#410 ) The update is from the new cis version 1.4.1. like been done in https://github.com/aquasecurity/kube-bench/issues/370	5 years ago
Roberto Rojas	ec3b1076c0	Fixes issue #407 (#409 ) * fixes issue #407 * fixes issue #407	5 years ago
Roberto Rojas	13dfa15ad6	Fixes Issue #396 - Replaces $kubeletconf for $kubeletsvc (#399 ) * fixes issue #396 * reverts remediation text change * changes to 1.11-json and 1.13-json as per PR review * Tiny typo	5 years ago
Liz Rice	a2466da4b0	Correct 1.1.13 to match CIS spec (#406 ) Text should say Not Scored	5 years ago
Roberto Rojas	7a53806863	fixes issue #346 by explicitly only checking read-only property (#404 )	5 years ago
yoavrotems	4b5a877f1f	Remove some tests from been manual (#398 ) * Remove some tests from been manual * Remove some tests from been manual	5 years ago
Roberto Rojas	f343d36862	hyperkube v1.15 renamed "proxy" to "kube-proxy" (#400 )	5 years ago
Roberto Rojas	3e5d02e920	fixes issue #386 (#397 ) * fixes issue #386 * Correct typo	5 years ago
Abubakr-Sadik Nii Nai Davis	a3b8ba58ad	Fix error converting from string to integer (#392 ) Replace the `gt` with `eq` for string comparison of kube-bench check 2.1.6 in `cfg/1.6/node.yaml`.	5 years ago
Patrick Lieberg	0d81ef10d5	Update config.yaml to add Azure AKS file locations for kubelet (#383 ) * testing Azure config locations * "Updated default config.yaml to incorporate Azure AKS file locations for kubelet" * "Adjusted order of new lines. Removed unneeded lines."	5 years ago
mwwolters	787bf6ca4d	Updated check to pass if flag isn't set (#379 )	5 years ago
Liz Rice	f8b2f6c841	Correct 1.4.21 text (#356 ) 1.4.21 is about the PKI key file not the certificate	5 years ago
yoavrotems	136e9cd731	Remove federated from ocp (#381 ) * Delete federated.yaml There is no federated tests in ocp * Delete federated.yaml There are no federated tests in OCP	5 years ago
Efrat Levitan	b8a463f051	Correction to 1.13 and 1.13-json test 2.1.5 (#380 )	5 years ago
yoavrotems	22b971a633	fixes-according-kube-cis1.4.1 (#376 ) * Update master.yaml * Update node.yaml Fix 2.1.11 - got DEPRECATED 2.1.14 changed to be a set of options, would be fixed by https://github.com/aquasecurity/kube-bench/pull/367 * Update master.yaml * Update node.yaml change 2.1.11 Title, and state to not scored	5 years ago
Roberto Rojas	0422368615	issue #369 : fixes RotateKubeletServerCertificate tests in 1.13-json (#371 )	5 years ago
mwwolters	893aa3588c	Updated check to pass if flag isn't set (#375 )	5 years ago
Roberto Rojas	937bfc7b2e	issue #344 : Adds support for array comparison. Every element in the s… (#367 ) * issue #344: Adds support for array comparison. Every element in the source array must exist in the target array. * issue #344: Fixed typo and found if condition based on code review * adds unit tests for valid_elements comparison * removes spaces from split strings	5 years ago
Roberto Rojas	c87c5cfb51	Fixes bugs on tests 2.1.4 and 2.1.5 - 1.13-json (#365 ) * Adds bin_op to Test 2.1.4 * Adds bin_op to Test 2.1.5	5 years ago
Roberto Rojas	3926ba3977	issue #337 : Adds comment for properties detected thru parsing command line. Fixed Audit for test 2.1.8 (#354 )	5 years ago
Roberto Rojas	d127512ab9	issue #349 : changes test 2.2.8 (#351 )	5 years ago
Roberto Rojas	336ca84998	fixes substitution variable (kubeletconf -> kubeletsvc). (#350 )	5 years ago
zilard	d8528a1ec8	issue #234 : implement test 2.2.8 (#343 ) * implement test 2.2.8 * Nit: correct indentation The indentation looked a bit wonky due to spaces vs tabs; hopefully this corrects it	5 years ago
Roberto Rojas	a0bed18054	Adds json version of config for k8s 1.13 (#342 )	5 years ago
Manuel Rüger	5e6cdfdb0e	Detect kube-controller in CMD (#326 ) If kube-controller-manager is getting detected by older versions of procps, it will only be detected if we're looking for kube-controller (15 chars) NOTE: "The command name is not the same as the command line. Previous versions of procps and the kernel truncated this command name to 15 characters. This limitation is no longer present in both. If you depended on matching only 15 characters, you may no longer get a match."	5 years ago
Simarpreet Singh	dddc42f046	cfg: remove erroneous whitespaces in yaml Signed-off-by: Simarpreet Singh <simar@linux.com>	5 years ago
pthomson	2275eea93f	Adding OCP 3.11 Adding OCP 3.11	5 years ago
Simarpreet Singh	5df39eed02	ocp-3.10: Fix malformed yaml and improve TestControls_RunChecks This improves the TestControls_RunChecks() test by making more comprehensive assertions on a more fully fledged input yaml Fixes: https://github.com/aquasecurity/kube-bench/issues/304 Signed-off-by: Simarpreet Singh <simar@linux.com>	5 years ago
Liz Rice	bab1237a44	Merge branch 'master' into add_kubelet_config_path	5 years ago
Daniel Sagi	43caaab00a	added another kubelet config file to paths, in the main config yaml file. default location for gke cluster	5 years ago
Liz Rice	9d577d94b4	Update openshift executables	5 years ago
Liz Rice	12e48297a6	Config file improvements Correct defaults in main config.yaml file Remove unnecessary overrides in version-specific config.yaml	5 years ago
Liz Rice	02d5654cc1	Correct 1.1.14 in 1.13/master.yaml	5 years ago
Liz Rice	caf3fbd0a0	Moving more config into master config file	5 years ago
daniellohausen	22e835f0f5	Reverted kubelet conf to original value	5 years ago
daniellohausen	7ec10211a5	Added KOPS-specific paths	5 years ago
Abubakr-Sadik Nii Nai Davis	fbbf6b37c7	Change test_items in 1.11 master.yaml check 1.5.2 to fix issue with check failing even when --client-cert-auth is set.	5 years ago
Liz Rice	91c6ef2155	Merge branch 'master' into json-config	5 years ago
Liz Rice	7e8dfbc6ea	Fix invalid YAML	5 years ago
Liz Rice	b4419e810f	Tiny typo	5 years ago
Liz Rice	d05d71553f	Tiny typo	5 years ago
yoavrotems	e70f50b2b5	update files	5 years ago
Liz Rice	27dc75fefa	No need for unused master config file. Better comments in config file	5 years ago
Liz Rice	902a10f1c7	Just have one path for both json and yaml	5 years ago
Liz Rice	c887794807	Merge branch 'master' into feature/json-config	5 years ago
Liz Rice	b1ce0a9a75	Merge branch 'master' into yoavrotems-patch-2	5 years ago
yoavrotems	d059196b71	Update master.yaml Fix 1.1.23 to check if --service-account-lookup argument is set and if so then if it's equal to true	5 years ago
yoavrotems	a85e5a7759	Update master.yaml Fix title of 1.4.21 from 644 to 600 according to cis benchmark	5 years ago
Florent Delannoy	4d3144ca21	Support JSON and YAML configuration Support new configuration options besides --flags: - JSON file through `jsonpath` - YAML file through `yamlpath` These new options are fully backwards-compatible with the existing tests. Added a new profile, 1.11-json, that expects a JSON kubelet configuration file and scores accordingly. This profile is compatible with EKS.	5 years ago
Liz Rice	9b3628e76a	Update openshift executable config for #236	5 years ago
Liz Rice	1ead9e1d71	Merge branch 'master' into clean-ocp-configs	5 years ago
Abubakr-Sadik Nii Nai Davis	53ed68a0b2	Clean up OCP benchmark config. The OCP benchmarks uses configs for only binary component variable names. This commit cleans up the OCP config by removing all configuration except those component binaries required to run kube-bench on OCP installations and adds missing ones.	5 years ago
yoavrotems	c6102f0a1b	Fix the files Fix the start from 1.11 to 1.13 and adding changes from pull #227, and pull #228.	5 years ago
yoavrotems	e534392525	Delete node.yaml replace with the new node.yaml file	5 years ago
yoavrotems	5f09ecef44	Delete master.yaml replace with the new master.yaml file	5 years ago
yoavrotems	a7d9e06c1b	Delete config.yaml replace with the new config.yaml file	5 years ago
yoavrotems	50f22e7f13	Merge branch 'master' into add-new-cfg-version1.4	5 years ago
Liz Rice	dd8e7ec874	Merge branch 'master' into fix-208	5 years ago
Abubakr-Sadik Nii Nai Davis	d255b49d4b	Revert 1.8 config file.	5 years ago
Abubakr-Sadik Nii Nai Davis	a88b0703d8	Add kubeconfig variable substitution for kubelet and proxy. There are checks for the kubeconfig for both kubelet and proxy which the current kube-bench implementation does not check for properly. kube-bench checks the wrong files. This PR adds support for variable substitution for all the config file types are that should be checked in the CIS benchmarks. This PR also fixes a buggy in CIS 1.3.0 check 2.2.9, which checks for ownership of the kubelet config file /var/lib/kubelet/config.yaml but recommends changing ownership of kubelet kubeconfig file /etc/kubernetes/kubelet.conf as remediation.	5 years ago
Abubakr-Sadik Nii Nai Davis	3f98c1def2	Fix wrong reference to kubelet.config in node checks. This fix applies to only checks for kubernetes versions 1.8 and 1.11. See https://github.com/aquasecurity/kube-bench/pull/208.	5 years ago
Liz Rice	d712db47a2	Only find flags on the process we really want	5 years ago
yoavrotems	82150fdc63	add new config files from the new CIS Kubernetes Benchmark there is a new update at CIS_Kubernetes_Benchmark_v1.4.0 for Kubernetes 1.13	5 years ago
Abubakr-Sadik Nii Nai Davis	e899e941f7	Add OCP 3.10 benchmarks.	5 years ago
Maximilian Bischoff	791fbba9e7	Changed 1.1.14 to not fail when flag is not set Added another test item that checks whether --disable-admission-plugins is not set and an "or" bin_op. This causes check 1.1.14 to be successful when the flag is not set, while still failing when the flag is set and includes the value NamespaceLifecycle	5 years ago
Liz Rice	2d721ed4ad	Merge branch 'master' into rm-space-tls-cipher	6 years ago
Colin GILLE	ffe7ffb3d3	Type: trailing whitespace for rule text	6 years ago
Martin Mosegaard Amdisen	fd120d0adf	Remove spaces in remediation command for tls-cipher-suites Makes it easier to copy-paste the remediation. Matches the other occurences of tls-cipher-suites in the configuration.	6 years ago
Liz Rice	26e28b8897	Merge branch 'master' into master	6 years ago
Maximilian Bischoff	e81b785bf8	Added missing "=" to master.yaml In the remediation of 1.1.11 the flag --enable-admission-plugins was missing a =	6 years ago
Vladimir Dimov	645d23e1ec	fixing typos 2.1.15	6 years ago
Liz Rice	6e80b6477a	Merge branch 'master' into fix-2.1.8	6 years ago
Abubakr-Sadik Nii Nai Davis	0a5358665e	By default --make-iptables-util-chain is true, so PASS if this flag is not set.	6 years ago
Abubakr-Sadik Nii Nai Davis	4f40a11e84	Change binary op from and to or.	6 years ago
Abubakr-Sadik Nii Nai Davis	c0f56e966a	Fix check 1.1.37.	6 years ago
Nick Perry	e083c8f0a3	Fixes https://github.com/aquasecurity/kube-bench/issues/170 Correcting the logic of 1.1.14 for Kubernetes 1.11.	6 years ago
Liz Rice	48489637c5	Merge branch 'master' into fix-1.3.7	6 years ago
Michal Jankowski	9988503223	Fixing 1.3.7 on 1.11 master. With multiple test items operator defaults to "and". In case of 1.3.7 the tests check whether --address flag is either set to 127.0.0.1 or not set at all. Those conditions cannot be met at the same time.	6 years ago
Michal Jankowski	5f254de415	Fixing checks 2.2.9 and 2.2.10 on 1.11 nodes. Path to kubelet configuration was accidentally prefixed with a dollar symbol (probably as a result of copying some other test that used variable name). After removing the dollar sign from paths both checks pass on conforming deployment.	6 years ago
Abubakr-Sadik Nii Nai Davis	97623aea05	Update kubernetes node benchmark to check kubelet systemd unitfile. Also clean up the config file for 1.11 a bit.	6 years ago
Abubakr-Sadik Nii Nai Davis	b1369832bc	A few corrections to node tests. (#2 ) * Add a few corrections. * Add a few corrections to node test file.	6 years ago
Abubakr-Sadik Nii Nai Davis	934b4aef96	Add a few corrections. (#1 )	6 years ago
noqcks	e85de9e8af	fix simple errors	6 years ago
noqcks	b3a115963b	adding 1.11 config and node checks	6 years ago
noqcks	ba5ec8d4be	adding 1.11 master configuration	6 years ago
Liz Rice	c44e0db97b	Inlcude .manifest extension config files for kops & kubespray	6 years ago
Liz Rice	024b7ed396	Merge branch 'master' into master	6 years ago
Julien Garcia Gonzalez	2073e08363	update 2.2.4 rules	6 years ago
Julien Garcia Gonzalez	db096c9f51	Rule node 2.2.4 is not correct	6 years ago
hutr	d736d10f90	fix sed string for 1.4.12	6 years ago
hutr	50a3725ff2	Merge branch 'master' into master	6 years ago
hutr	468f5fac6e	changes for 1.4.11 and 1.4.2 added tests: for 1.4.11 and removed grep -v grep for both	6 years ago
Erwan Miran	182e9b5e01	Addition of missing audit field in 2.2.6 node item	6 years ago
hutr	e4100a4435	fixed grep string for 1.4.11 and 1.4.22 check 1.4.11 and 1.4.22 FAIL even when permissions is correct.	6 years ago
Abubakr-Sadik Nii Nai Davis	b10b2bd22e	Merge branch 'master' into fix-typo	6 years ago
Abubakr-Sadik Nii Nai Davis	aa9da13226	Fix a bunch of typos.	6 years ago
Liz Rice	1935c952d6	--request-timeout is a duration	6 years ago
Lee Briggs	d464ab5639	Wrong configuration file	6 years ago
Lee Briggs	165444df60	Test fixes for 1.8	6 years ago
Liz Rice	4b1b2b8762	Merge branch 'master' into master	6 years ago
Liz Rice	fc4fe38bc2	Merge branch 'master' into unnecessary-warning	6 years ago
Konstantin Semenov	961dbeb2b5	Correct sed regex	6 years ago
Konstantinos Karampogias	8fc6904093	Improve etcd data directory extraction - If data-dir is not the last argument, the remaining arguments are captured preventing the correct checking. Signed-off-by: Konstantin Semenov <ksemenov@pivotal.io>	6 years ago
Abubakr-Sadik Nii Nai Davis	7fcfb0cf30	Fix issue with etcd checks failing because of using " " instead of "=" to specify value. This issue affects master checks 1.4.11 and 1.4.12.	6 years ago
Abubakr-Sadik Nii Nai Davis	53eb720952	Merge branch 'master' into unnecessary-warning	7 years ago
Abubakr-Sadik Nii Nai Davis	04f044e3b9	Add support for merging general and kubernetes version specific config files. This change unifies all config files, podspecs and unitfiles under a single component configuration key; `config`.	7 years ago
Liz Rice	d52e326147	Correct test config file typo	7 years ago
Liz Rice	2eb261b94f	Remove odd spacing and line breaks from test config files	7 years ago
Abubakr-Sadik Nii Nai Davis	e227934c88	Add function to get unit files for kubernetes components.	7 years ago
Abubakr-Sadik Nii Nai Davis	6ce0c5bf60	Add function to get pod specs for kubernetes components.	7 years ago
Abubakr-Sadik Nii Nai Davis	8e758bb5e0	Update federated definitions.	7 years ago
Abubakr-Sadik Nii Nai Davis	82e325f96e	Update 1.8 node definition.	7 years ago
Abubakr-Sadik Nii Nai Davis	04f21d1887	Update 1.8 master definition.	7 years ago
Abubakr-Sadik Nii Nai Davis	7663dc87ee	Copy 1.7 benchmark as 1.8.	7 years ago
Abubakr-Sadik Nii Nai Davis	d9e1eee2cd	Merge remote-tracking branch 'origin/master' into support for multiple Kubernetes versions.	7 years ago
Abubakr-Sadik Nii Nai Davis	f2e744bdcb	Reorganize benchmark checks into Kubernetes 1.7 and restore Kubernetes 1.6 benchmarks.	7 years ago
Liz Rice	a6036bcfcf	Corrections to config file substitutions. Use “kubernetes” as a fake component name so we can more easily substitute “kubernetesconf”	7 years ago
Liz Rice	a3197f8efe	Reorder YAML to make a bit more sense. Allow for optional components, and a config file that we don’t think exists.	7 years ago
Liz Rice	e4e41683c4	Update the config file	7 years ago
Abubakr-Sadik Nii Nai Davis	3e3aa0ed82	Change node check 2.1.6 to use operation `noteq` instead of `gt`. Kubelet option --streaming-connection-idle-timeout expects a string value which fails parsing to integer for greater than comparison. The string "0" indicates no timeout and this is what we are checking for.	7 years ago
Liz Rice	cf62def9fd	Better config file locations	7 years ago
Abubakr-Sadik Nii Nai Davis	086bb629db	Add 640 to permission checks.	7 years ago
Abubakr-Sadik Nii Nai Davis	e6f2b4d4fe	Add config checks for permissions stricter that 644 to definition files.	7 years ago
Abubakr-Sadik Nii Nai Davis	dddea28713	Merge branch 'master' into issue-25	7 years ago
Abubakr-Sadik Nii Nai Davis	d2fa9d35b6	Rewrite audit commands in the check definition that contain shell builtins and modify text to command function to support this. Shell builtins fail the binary command lookup test which result in a WARN. Audit commands which include shell builtins must use the form: "/bin/sh -c 'sh-builtin arg'" So they are executed properly. Additionally Go will fail to execute commands involving shell builtins if they are not in the above format.	7 years ago
Abubakr-Sadik Nii Nai Davis	9c07527069	Remove misleading comment about manual checks in node check definition.	7 years ago
Abubakr-Sadik Nii Nai Davis	c39516581b	Add master node manual check definitions.	7 years ago
Liz Rice	b5f4876138	Revert "Issue 19"	7 years ago

1 2 3 4 5 ...

266 Commits (dependabot/go_modules/golang.org/x/net-0.23.0)