* read-only-port defaults are correct
* Tests that should catch good read-only-port
* Rework checks & tests
* Linting on issue template YAML
* More explicit test for 4.2.4
* Remove verbosity for ease of reading results
* Use subtests
* Tidy more test cases
* read-only-port defaults are correct
* Tests that should catch good read-only-port
* Rework checks & tests
* Linting on issue template YAML
* More explicit test for 4.2.4
* Run audit as shell script instead of as single line command
* Rename runExecCommands to runAudit
* Fix tests
Co-authored-by: Liz Rice <liz@lizrice.com>
* Add option to do bitwise and between two value in order to compare permissions
* Update test.go
Removed self debug note
* Update test_test.go
FIx typo
* Update test.go
* Update test.go
Switched between max and requested value, because accidentally assigned them oppositely and remove old function relate to octal base
* Update test_test.go
* Update test_test.go
* Update check.go
Added new warn_reason value which gives a brief explanation about why the not scored tests failed
* Update common.go
Changed when a not scored test fails because it has a wrong syntax audit command or just running something that can't be run the print the failure. but if the test just fails because it doesn't line up with the cis hardening recommendations then print the remediation text.
* Update check/check.go
fix typo
Co-Authored-By: Liz Rice <liz@lizrice.com>
* Update check.go
* Update common.go
* Update check.go
added back os.Exit(1) to exitWithError
* Update job-master.data
Change some tests output to fit warn reason. (No change to the summary)
* Update job-node.data
Changed some tests output to fit warn reason. (No change to the summary)
* Update job.data
Change some tests output to fit warn reason. (No change to the summary)
* Update common.go
Keep to old way to print manual test output
Co-authored-by: Liz Rice <liz@lizrice.com>
Co-authored-by: Roberto Rojas <robertojrojas@gmail.com>
- Tests that did not increase coverage and were redundant are removed.
- New tests reflecting the meaning of the state as explained in the
README are added.
Co-authored-by: s-nirali <25746945+s-nirali@users.noreply.github.com>
If running these checks in a CI system it may be beneficial
to output in a more standardized format such as JUnit for
parsing by other tools in a consistent manner.
Fixes#460
Signed-off-by: John Schnake <jschnake@vmware.com>
* issue #344: Adds support for array comparison. Every element in the source array must exist in the target array.
* issue #344: Fixed typo and found if condition based on code review
* adds unit tests for valid_elements comparison
* removes spaces from split strings
This improves the TestControls_RunChecks() test by making
more comprehensive assertions on a more fully fledged input yaml
Fixes: https://github.com/aquasecurity/kube-bench/issues/304
Signed-off-by: Simarpreet Singh <simar@linux.com>
Support new configuration options besides --flags:
- JSON file through `jsonpath`
- YAML file through `yamlpath`
These new options are fully backwards-compatible with the existing
tests.
Added a new profile, 1.11-json, that expects a JSON kubelet
configuration file and scores accordingly. This profile is compatible
with EKS.
Tests could easily be marked "skip" because the user doesn't want to run them in their environment, and in this common case the set of tests will be non-nil
If a check is marked with type "skip", it will be marked as Info.
Support scored property:
If a check is not scored and is not marked with type skip, it will be marked as Warn.