1
0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-12-21 14:18:06 +00:00
Commit Graph

675 Commits

Author SHA1 Message Date
Liz Rice
08097d2211
Need credentials in order to run kubectl version (#332)
Without passing in kubeconfig credentials:

```bash
$ docker run --pid=host -v /etc:/etc:ro -v /var:/var:ro -v $(which kubectl):/usr/bin/kubectl -t lizrice/kube-bench:5e6cdfd master -v 1
I0628 16:52:06.591683    6099 util.go:367] Unable to get Kubernetes version from kubectl, using default version: 1.6
I0628 16:52:06.591822    6099 common.go:74] Using benchmark file: cfg/1.6/master.yaml
...
```
As updated in the README with this fix:

```bash
docker run --pid=host -v /etc:/etc:ro -v /var:/var:ro -v $(which kubectl):/usr/bin/kubectl -v ~/.kube:/.kube -e KUBECONFIG=/.kube/config -t lizrice/kube-bench:5e6cdfd master -v 1
I0628 16:53:26.784122    7224 util.go:131] No test file found for 1.14 - using tests for Kubernetes 1.13
I0628 16:53:26.784961    7224 common.go:228] Using config file: cfg/1.13/config.yaml
...
```
2019-07-08 22:22:48 +01:00
Liz Rice
9a900db021
docs: update WIP to draft (#324) 2019-07-03 08:27:28 +01:00
patelpayal
e6e6333e6d add glog flush to write the output to a file (#329)
* add glog flush to write the output to a file

* add glog flush before exit on error and fix code comment
2019-07-01 09:49:46 +01:00
Manuel Rüger
5e6cdfdb0e Detect kube-controller in CMD (#326)
If kube-controller-manager is getting detected by older versions of
procps, it will only be detected if we're looking for kube-controller
(15 chars)

NOTE: "The command name is not the same as the command line. Previous versions of
       procps and the kernel truncated this command name to 15
       characters. This limitation is no longer present in both. If
       you depended on matching only 15 characters, you may no longer
       get a match."
2019-06-28 16:58:23 +01:00
patelpayal
e066ec69dd fix go.mod dependency (#330) 2019-06-28 09:48:52 +01:00
Manuel Rüger
f7e3257e3c Go modules / Alpine 3.10 update / Remove binary (#322)
* Remove binary that was accidentally added

911e9051dc

* Dockerfile: Update to alpine 3.10

* Switch to go 1.12 and go modules
2019-06-26 11:58:51 +01:00
Liz Rice
086df3dda1
Merge pull request #321 from simar7/remove-extra-whitespaces
cfg: remove erroneous whitespaces in yaml
2019-06-26 11:26:39 +01:00
Simarpreet Singh
dddc42f046
cfg: remove erroneous whitespaces in yaml
Signed-off-by: Simarpreet Singh <simar@linux.com>
2019-06-25 07:18:46 -07:00
Liz Rice
07dfeb8e27
Merge pull request #319 from aquasecurity/contributing
Add github issue creation instructions.
2019-06-25 14:51:32 +01:00
Liz Rice
0ab09a85e8
Add pull requests section
Add pull requests section
Include instructions for kube-bench version
Other small wording changes
2019-06-25 14:44:02 +01:00
Abubakr-Sadik Nii Nai Davis
7affbc83d8 Add github issue creation instructions. 2019-06-24 20:33:24 +00:00
Liz Rice
ea7400aa4b
Merge pull request #301 from wwwil/op-regex
Add regex compare op
2019-06-19 12:10:29 +02:00
Liz Rice
5e3ff51fa9
Merge branch 'master' into op-regex 2019-06-19 11:43:39 +02:00
Liz Rice
c379df19b0
Merge pull request #316 from cpt-redbeard/master
Adding OCP 3.11
2019-06-18 07:40:18 -07:00
pthomson
2275eea93f Adding OCP 3.11
Adding OCP 3.11
2019-06-17 13:44:35 -04:00
Liz Rice
ec9779f56e
Merge pull request #313 from simar7/add-kube-bench-version
kube-bench: add version subcommand
2019-06-17 02:27:27 -07:00
Simarpreet Singh
3b7438e2f2
kube-bench: add version subcommand
Signed-off-by: Simarpreet Singh <simar@linux.com>
2019-06-12 01:41:09 -07:00
Liz Rice
c76369fe2c
Add missing quote 2019-06-10 20:29:58 -07:00
Liz Rice
7f2e9b5231
Merge branch 'master' into op-regex 2019-06-11 04:28:03 +01:00
Liz Rice
1d7449db34
Merge pull request #309 from simar7/fix-ocp-3.10-yaml
ocp-3.10: Fix malformed yaml and improve TestControls_RunChecks
2019-06-11 04:27:25 +01:00
Simarpreet Singh
5df39eed02
ocp-3.10: Fix malformed yaml and improve TestControls_RunChecks
This improves the TestControls_RunChecks() test by making
more comprehensive assertions on a more fully fledged input yaml

Fixes: https://github.com/aquasecurity/kube-bench/issues/304

Signed-off-by: Simarpreet Singh <simar@linux.com>
2019-06-10 13:39:43 -07:00
wwwil
7efa7b2c35 Add regex to list of compare ops 2019-06-05 15:29:40 +01:00
wwwil
83c7536c8a Add tests for regex test op 2019-06-05 15:29:15 +01:00
Liz Rice
46baf8f8b5
Merge pull request #296 from aquasecurity/Config-doc
Document version-specific config files
2019-06-05 12:52:32 +02:00
Liz Rice
4f79d62149
Merge branch 'master' into Config-doc 2019-06-05 12:45:27 +02:00
Liz Rice
268fafd495
Merge pull request #300 from danielsagi/add_kubelet_config_path
Added another kubelet config file to node:kubelet:confs
2019-06-05 12:45:07 +02:00
Liz Rice
bab1237a44
Merge branch 'master' into add_kubelet_config_path 2019-06-05 12:27:07 +02:00
Liz Rice
d44f865ef3
Merge pull request #256 from aquasecurity/fix-235
Rationalize and document config
2019-06-05 12:07:17 +02:00
Liz Rice
e3da299e0c
Merge branch 'master' into fix-235 2019-06-05 11:42:13 +02:00
Liz Rice
81f0d9c6e3
Merge branch 'master' into Config-doc 2019-06-05 11:41:15 +02:00
Liz Rice
312cdb1c6d
Merge pull request #297 from aquasecurity/Openshift-executables
Update openshift executables
2019-06-05 11:40:56 +02:00
Liz Rice
0f12dca76d
Merge branch 'master' into Openshift-executables 2019-06-05 11:29:42 +02:00
Liz Rice
87820b9775
Remove duplicate versions section
That info is important enough that it needs to stay in the main README.
I also changed the file title
2019-06-05 10:28:11 +01:00
Abubakr-Sadik Nii Nai Davis
85849a3c1f Add detailed kube-bench config documentation. 2019-06-04 22:25:24 +00:00
Daniel Sagi
43caaab00a added another kubelet config file to paths, in the main config yaml file. default location for gke cluster 2019-06-04 17:16:05 +03:00
wwwil
e4f0f470ee Add regex op to test 2019-06-04 11:38:17 +01:00
Liz Rice
5efb3e3b00
Merge pull request #298 from 030/191-master-node-doc
[GH-191] explained that master nodes cannot be inspected in managed k8s
2019-06-01 17:26:26 +01:00
Liz Rice
27df1f60ed
Clarification about worker nodes in managed k8s
Because we don’t want to put people off running kube-bench altogether in these environments
2019-06-01 18:17:09 +02:00
030
9d0e3491a0 [GH-191] explained that master nodes cannot be inspected in managed k8s 2019-06-01 16:40:50 +02:00
Liz Rice
9d577d94b4
Update openshift executables 2019-05-30 23:04:44 +01:00
Liz Rice
df3577519c
Document version-specific config files
Values in the version-specific files override the main file
2019-05-30 22:55:48 +01:00
nshauli
e64f61fa7f Add --outputfile flag for writing json results to output file (#295) 2019-05-29 18:05:55 +03:00
Liz Rice
5e80f41066
Merge pull request #292 from aquasecurity/config-improvements
Config improvements
2019-05-28 10:00:34 +02:00
Liz Rice
a8c69b57e8
Merge branch 'master' into config-improvements 2019-05-27 13:10:40 +02:00
Liz Rice
ff6443e279
Merge pull request #284 from yoavAqua/expected-result
Genereate expected result automatically for each test
2019-05-26 18:06:27 +02:00
Yoav Hizkiahou
ddb677bc69 Generate expected result by strings join 2019-05-26 10:15:00 +03:00
Yoav Hizkiahou
d1c3e3163b Genereate expected result automatically for each test 2019-05-26 10:14:25 +03:00
Liz Rice
53ef773944
Merge pull request #281 from yoavAqua/bugfix-no-actual-result
The check's actual result property is now set to be the audit command…
2019-05-24 13:22:42 +02:00
Liz Rice
31019c44da
Merge branch 'master' into bugfix-no-actual-result 2019-05-24 13:18:34 +02:00
Liz Rice
ff427f8b0c
Merge pull request #282 from yoavAqua/print-actual-result-of-failed-tests
Printing the actual test result of failed tests - when a flag is raised
2019-05-19 17:33:30 +01:00