1
0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2025-01-11 16:20:55 +00:00
Commit Graph

675 Commits

Author SHA1 Message Date
Itay Shakury
3964377a80
add contribution guidelines () 2019-10-16 17:51:33 +03:00
Liz Rice
1b49050974 docs: Clarify the meaning of WARN state ()
* docs: Clarify the meaning of WARN state

* Update README.md
2019-10-15 10:04:18 -04:00
Simarpreet Singh
d12a45bba9 Properly initialize viper library when checking for master components ()
* common_test: Add a failing test to show the SISEGV

Signed-off-by: Simarpreet Singh <simar@linux.com>

* common: Go green by fixing isMaster() to instantiate viper

Signed-off-by: Simarpreet Singh <simar@linux.com>

* common: Inject a seam for getBinariesFunc to be patched-in.

Also adds additional tests to showcase unhappy behaviors.

Signed-off-by: Simarpreet Singh <simar@linux.com>

* common_test: Rename TestIsMaster()

Signed-off-by: Simarpreet Singh <simar@linux.com>

* common: init viper with master config

Signed-off-by: Simarpreet Singh <simar@linux.com>

* common: Add a pre-check if valid yaml is passed but doesn't include master.

Also adds additional tests to showcase unhappy behaviors.

Signed-off-by: Simarpreet Singh <simar@linux.com>

* mod: Upgrade viper to v1.4.0

Signed-off-by: Simarpreet Singh <simar@linux.com>

* common: Refactor node only yaml to a file

Signed-off-by: Simarpreet Singh <simar@linux.com>

* common: Log  when master components are not found

Signed-off-by: Simarpreet Singh <simar@linux.com>

* common_test: Refactor subtests into a table

Signed-off-by: Simarpreet Singh <simar@linux.com>
2019-10-14 11:15:08 -04:00
Roberto Rojas
a6ee61fd08
Fixes issue : removed versions prior to 1.11 ()
* removed version prior to 1.11

* removed references to kubernetes versions prior to 1.11
2019-10-14 10:52:43 -04:00
Roberto Rojas
3aa41db166
Issue : Merges JSON and Exec Params files ()
* starts fixes 

* new approach to minize duplications

* applied merged yaml files for v1.11 and v1.13

* yaml files json/params merged

* fixes to remove double quotes from numbers and booleans

* fixed bug

* fixed certificate check

* removed -json files

* changes based on PR review

* Update check/check_test.go

Yay more tests!

Co-Authored-By: Liz Rice <liz@lizrice.com>

* changes as PR review

* fixed bug when scored check is missing tests

* attempt to improve the code

* fixed list breaks

* removes handleError function

* Update check/check.go

Accepting suggested log level.

Co-Authored-By: Liz Rice <liz@lizrice.com>
2019-10-14 10:37:10 -04:00
Roberto Rojas
c22f81610d
removes federated () 2019-10-12 19:00:26 -04:00
Roberto Rojas
91dfeb7577
passes KUBEBENCH_VERSION down to Dockerfile () 2019-10-12 18:53:17 -04:00
Roberto Rojas
4416e46967
Adds Unit Tests for check/toNumeric ()
* fixes issue 

* fixed unit test error text
2019-10-12 18:46:19 -04:00
James George
050145f6b3 docs: minor tweak () 2019-10-11 15:47:10 +01:00
yoavrotems
89afda1f63 Add [Manual test] to remediation in all the manual tests () 2019-10-09 16:26:02 +01:00
Simarpreet Singh
37f626dce6 cfg: Make proxy checks optional ()
Signed-off-by: Simarpreet Singh <simar@linux.com>
2019-10-08 11:53:39 +01:00
Liz Rice
16beb3e616
docs: note that you may need to be root () 2019-09-21 15:07:16 +01:00
yoavrotems
27261d1d32 Change Kind version ()
Something with the old version was crashing. now using the most recent one 1.15.3 is working.
2019-09-03 13:42:07 +01:00
Roberto Rojas
41e0ae77de changes to use the "op: valid_elements" operation to manage list of items () 2019-09-03 13:36:47 +01:00
yoavrotems
ea9089bd42 update the yaml according ()
The update is from the new cis version 1.4.1.
like been done in https://github.com/aquasecurity/kube-bench/issues/370
2019-09-02 16:40:45 +01:00
Roberto Rojas
ec3b1076c0 Fixes issue ()
* fixes issue 

* fixes issue 
2019-08-30 17:33:14 +01:00
Roberto Rojas
13dfa15ad6 Fixes Issue - Replaces $kubeletconf for $kubeletsvc ()
* fixes issue 

* reverts remediation text change

* changes to 1.11-json and 1.13-json as per PR review

* Tiny typo
2019-08-30 15:21:41 +01:00
Liz Rice
a2466da4b0
Correct 1.1.13 to match CIS spec ()
Text should say Not Scored
2019-08-30 15:10:30 +01:00
Liz Rice
d0d4e95d93
Updated version support ()
Strictly, we don't have the changes in 1.13-json but we do have them in 1.13
2019-08-30 12:09:11 +01:00
Roberto Rojas
7a53806863 fixes issue by explicitly only checking read-only property () 2019-08-30 08:56:48 +01:00
yoavrotems
4b5a877f1f Remove some tests from been manual ()
* Remove some tests from been manual

* Remove some tests from been manual
2019-08-29 08:54:29 +01:00
Roberto Rojas
f343d36862 hyperkube v1.15 renamed "proxy" to "kube-proxy" () 2019-08-28 16:53:48 +01:00
Roberto Rojas
3e5d02e920 fixes issue ()
* fixes issue 

* Correct typo
2019-08-28 09:27:56 +01:00
Abubakr-Sadik Nii Nai Davis
92df9cb36c Read kubernetes version from environment ()
* Read kubernetes version from environment

Set kubernetes version to the value of the environment variable `KUBE_BENCH_VERSION` if it is defined and the flag `--version` is not specified on the kube-bench command line.

The command line flag `--version` takes precedence of the environment variable `KUBE_BENCH_VERSION` if both are defined.

* Add info about KUBE_BENCH_VERSION to README
2019-08-27 09:04:11 +01:00
Abubakr-Sadik Nii Nai Davis
a3b8ba58ad Fix error converting from string to integer ()
Replace the `gt` with `eq` for string comparison of kube-bench check 2.1.6 in `cfg/1.6/node.yaml`.
2019-08-23 16:15:21 +01:00
Patrick Lieberg
0d81ef10d5 Update config.yaml to add Azure AKS file locations for kubelet ()
* testing Azure config locations

* "Updated default config.yaml to incorporate Azure AKS file locations for kubelet"

* "Adjusted order of new lines.  Removed unneeded lines."
2019-08-22 14:52:34 +01:00
Abubakr-Sadik Nii Nai Davis
3fba5f4dac Fix version command failing because of missing config file it does not need. ()
* Fix version command failing because of missing config file it does
not need.

* Fix typo

* Remove reference to github issue in comment
2019-08-22 13:43:09 +01:00
mwwolters
787bf6ca4d Updated check to pass if flag isn't set () 2019-08-09 18:24:20 +01:00
Liz Rice
f8b2f6c841
Correct 1.4.21 text ()
1.4.21 is about the PKI key file not the certificate
2019-08-07 17:17:21 +01:00
yoavrotems
136e9cd731 Remove federated from ocp ()
* Delete federated.yaml

There is no federated tests in ocp

* Delete federated.yaml

There are no federated tests in OCP
2019-08-07 16:52:04 +01:00
Abubakr-Sadik Nii Nai Davis
2e27d681f7 Remove duplicate documentation. ()
* Remove duplicate documentation.

* Add test configuration header back in main README.

* Add missing regex operator in docs/README.

* Fix incorrect description of configuration options bins, confs etc.

* Move description of version auto-detection to main README.

* Use 1.13 in examples since cfg/1.12 doesn't exist

* Remove duplicate sentence about regex

This sentence is now in the docs/README

* Add link to the docs for test YAML definitions
2019-08-07 03:43:51 -07:00
Efrat Levitan
b8a463f051 Correction to 1.13 and 1.13-json test 2.1.5 () 2019-08-07 03:33:09 -07:00
yoavrotems
22b971a633 fixes-according-kube-cis1.4.1 ()
* Update master.yaml

* Update node.yaml

Fix 2.1.11 - got DEPRECATED
2.1.14 changed to be a set of options, would be fixed by https://github.com/aquasecurity/kube-bench/pull/367

* Update master.yaml

* Update node.yaml

change 2.1.11 Title, and state to not scored
2019-08-06 06:19:29 -07:00
Roberto Rojas
0422368615 issue : fixes RotateKubeletServerCertificate tests in 1.13-json () 2019-08-06 00:58:35 -07:00
mwwolters
893aa3588c Updated check to pass if flag isn't set () 2019-07-30 10:09:24 -07:00
Roberto Rojas
937bfc7b2e issue : Adds support for array comparison. Every element in the s… ()
* issue : Adds support for array comparison. Every element in the source array must exist in the target array.

* issue : Fixed typo and found if condition based on code review

* adds unit tests for valid_elements comparison

* removes spaces from split strings
2019-07-26 11:11:59 -07:00
Roberto Rojas
dab5e92bb5 Issue : Adds Unit Tests for Test Comparisons ()
* issue : starts unit tests for Test Comparison.

* issue : Adds tests for "eq" operation

* changes test result message

* issue : Adds tests for "noteq" operation

* issue : Adds tests for "gt" operation

* issue : Adds tests for "lt" operation

* issue : Adds tests for "gte" operation

* issue : Adds tests for "lte" operation

* issue : Adds tests for "has" operation

* issue : Adds tests for "nothave" operation

* issue : Adds tests for "regex" operation
2019-07-17 10:08:11 -04:00
yoavrotems
7c97f6a490 Add codecov ()
* Update .gitignore

* Update .travis.yml

* Update makefile

* Update .travis.yml

* Update .travis.yml

* Update .travis.yml

* Update README.md

* Update README.md

* Update README.md

* Update makefile

* Update .travis.yml
2019-07-16 14:11:51 -04:00
Roberto Rojas
86e3456f33 issue : Changes condition so that score: false tests are performed ()
* issue : Changes condition so that score: false tests are performed

* issue : Changes comments.
2019-07-13 08:05:29 +01:00
zilard
b86dd92c91 Issue : Refactor get<Thing>Files into getFiles ()
* issue : replace everywhere get<Thing>Files with getFiles
2019-07-13 07:48:24 +01:00
Roberto Rojas
c87c5cfb51 Fixes bugs on tests 2.1.4 and 2.1.5 - 1.13-json ()
* Adds bin_op to Test 2.1.4

* Adds bin_op to Test 2.1.5
2019-07-13 07:35:44 +01:00
Roberto Rojas
b649588f46 turns Go Module on () 2019-07-12 14:12:59 +01:00
Liz Rice
cb3d876ced
Remove Darwin build from go-releaser ()
Should fix 
2019-07-12 12:41:46 +01:00
Roberto Rojas
d43cdfdf01 Issue : Adds Unit Tests for JSONPath Parse & Execute ()
* issue : Adds json/yaml unmarshal Unit Tests.

* issue : Adds jsonpath Unit Tests.

* issue : Removes log package.
2019-07-12 07:09:27 +01:00
Roberto Rojas
3926ba3977 issue : Adds comment for properties detected thru parsing command line. Fixed Audit for test 2.1.8 () 2019-07-11 17:05:24 +01:00
Roberto Rojas
d127512ab9 issue : changes test 2.2.8 () 2019-07-10 15:54:09 +01:00
Roberto Rojas
336ca84998 fixes substitution variable (kubeletconf -> kubeletsvc). () 2019-07-10 14:20:14 +01:00
zilard
d8528a1ec8 issue : implement test 2.2.8 ()
* implement test 2.2.8

* Nit: correct indentation

The indentation looked a bit wonky due to spaces vs tabs; hopefully this corrects it
2019-07-10 10:43:15 +01:00
Roberto Rojas
a0bed18054 Adds json version of config for k8s 1.13 () 2019-07-10 09:26:37 +01:00
Liz Rice
25b2c5da5a
Add comment about procps limitation () 2019-07-08 22:29:37 +01:00