Liz Rice
de12829923
Correct test to cope with multi-line ps output
2017-08-31 17:43:07 +01:00
Liz Rice
e4a89123e0
Move message about which config file we’re using into a log at the start
2017-08-31 17:38:11 +01:00
Liz Rice
8380ad1ef3
Better detection of running executables
2017-08-31 16:01:31 +01:00
Liz Rice
d637d8714a
Fix and add tests
2017-08-31 15:22:30 +01:00
Liz Rice
a3197f8efe
Reorder YAML to make a bit more sense. Allow for optional components, and a config file that we don’t think exists.
2017-08-31 14:45:16 +01:00
Liz Rice
e4b905e360
Log when there’s no substitution
2017-08-31 14:43:59 +01:00
Liz Rice
f5550fd8bd
Node type is now verified by looking for running binaries from a set of options
2017-08-31 14:43:35 +01:00
Liz Rice
6a5a62b278
Autodetect the binaries and config files from a set of options
2017-08-30 18:37:01 +01:00
Liz Rice
f5cef922cc
Functions and tests for finding binaries and config files
2017-08-30 18:01:53 +01:00
Liz Rice
7600dd9dd6
Make the ps / fakeps function global so we don’t have to pass it around so much
2017-08-30 17:51:28 +01:00
Liz Rice
0bc00e0036
Slightly more robust looking for running executables
2017-08-30 17:48:12 +01:00
Liz Rice
9114e139cf
Function to find which of a set of executables is running
2017-08-30 12:07:46 +01:00
Liz Rice
6b9f117f87
Allow for multiple words in executable names
2017-08-15 17:00:35 +01:00
Liz Rice
34f8b8e980
Simplify verifying binaries and config files
2017-08-15 16:44:40 +01:00
Liz Rice
86d49b1b1a
We don’t care whether the binaries are in our path or not, just whether they are running
2017-08-15 16:01:27 +01:00
Liz Rice
96c469669c
Use kubectl to check the kubernetes version
2017-08-11 17:59:57 +01:00
Liz Rice
2b4047a3c1
Merge pull request #28 from ttousai/errorhandling
...
Improve error handling.
2017-08-07 10:06:32 +01:00
Abubakr-Sadik Nii Nai Davis
7bb66dd2da
Rename warning printing functions.
...
printlnWarn: prints warning with a newline.
sprintWarn: returns an optionally contextualized warning string.
2017-08-06 16:59:03 +00:00
Abubakr-Sadik Nii Nai Davis
82c92e0078
Change function name to be clearer about the fact it returns a string.
2017-08-06 14:25:02 +00:00
Abubakr-Sadik Nii Nai Davis
f88de572f6
Improve error handling.
2017-07-25 00:34:07 +00:00
Abubakr-Sadik Nii Nai Davis
e08e069174
Update controls to CIS Kubernetes Benchmark v1.1.0
2017-07-24 17:30:13 +00:00
Abubakr-Sadik Nii Nai Davis
f589fd58e1
Add few modifications.
2017-07-13 01:01:18 +00:00
Abubakr-Sadik Nii Nai Davis
3d395994b0
Change environment variable prefix.
2017-07-13 00:24:57 +00:00
Abubakr-Sadik Nii Nai Davis
609c4ff01c
Move kubernetes binaries and config paths to kube-bench config.
2017-07-13 00:24:09 +00:00
Abubakr-Sadik Nii Nai Davis
2ee99eca64
Add support for various installation modes, hyperkube, kubeadm and kops.
...
Issue #17 .
2017-07-10 00:15:27 +00:00
Abubakr-Sadik Nii Nai Davis
bd53529387
Fix issue #16 about supporting verbosity.
2017-07-07 17:01:30 +00:00
Abubakr-Sadik Nii Nai Davis
06466d6573
Fix issue with kubernetes version check, where the master binary is
...
used for all modes including nodes and federated.
2017-07-06 18:31:18 +00:00
Abubakr-Sadik Nii Nai Davis
dbbafd54a5
Do not exit on command exit, print error message to stderr and continue.
2017-07-05 12:56:01 +00:00
Abubakr-Sadik Nii Nai Davis
6ee9bedfb8
Print verification warnings at only one point.
2017-07-04 16:53:39 +00:00
Abubakr-Sadik Nii Nai Davis
2119d119b0
Restore warning messages and dont quit on verification error.
2017-07-04 15:38:34 +00:00
Abubakr-Sadik Nii Nai Davis
d0d9900b29
Resolve issue #7 wait: error running audit command exit status 1.
...
This is caused by a command in the audit pipeline (for example
ps -ef | grep kube-apiserver) failing. The causes of this failure
in my testing is usually a missing config file.
Extensive refactor and correction in verification code to check for
config files and binaries.
Replace joncalhoun/pipes with implementation using exec.Cmds so errors
are visible and can be handled when audit pipeline commands fail.
Change some audit commands
from: ps -ef | grep <cmd> | grep -v
to: ps -C <something> -o comm,args --no-headers
which is simpler to work with.
2017-06-30 14:19:38 +00:00
Liz Rice
b4237ccb73
Better error handling when reading YAML files
2017-06-23 12:04:46 +01:00
Liz Rice
07750ea43a
Don't output message about config file if output format is JSON
2017-06-23 10:48:49 +01:00
Liz Rice
6340ee44c5
Don’t output warnings as text if we’re generating JSON output. Add error handling in a few missing cases. Some comment tidying.
2017-06-23 10:41:40 +01:00
Liz Rice
f6509b804e
Typo
2017-06-23 10:28:58 +01:00
Liz Rice
b36832e40c
Correct block-copy error in flanneld config directory
2017-06-23 09:58:46 +01:00
Liz Rice
1be52fb304
Add missing error output if JSON output can't be emitted
2017-06-23 09:40:53 +01:00
Liz Rice
0d6d3a03ef
Allow config file to be specified on the command line
2017-06-22 15:34:21 +01:00
Liz Rice
96364e3f29
Error if the config file can’t be found
2017-06-22 15:34:01 +01:00
Liz Rice
c07a8e2c81
Minor language improvement
2017-06-22 15:19:57 +01:00
jerbia
432651e85f
Added test 1.4.11 ( #8 )
2017-06-21 22:45:50 +03:00
Liz Rice
c3d67e0fee
Use colorPrint for config file info too
2017-06-20 11:10:11 +01:00
Liz Rice
b7a92799b9
Blue for info messages
2017-06-20 11:09:44 +01:00
Liz Rice
800c18ccf3
colorPrint for the output
...
Use the same format output for warnings even if they aren’t related to
a specific test ID
2017-06-20 09:54:17 +01:00
Liz Rice
dcd416a521
Executable name changes
...
Updates to travis file, readme and help text
2017-06-20 09:52:53 +01:00
Liz Rice
f123db14a9
Update import names and makefile for name change
2017-06-20 09:38:15 +01:00
Amir Jerbi
55fd838191
No need to run install.sh.
...
Simply clone the project, compile the go app and run ./cis_kubernetes
2017-06-20 00:03:46 +03:00
Liz Rice
26cc77ec1d
Get the tests working on deployments where file names may be different or not in path ( #1 )
...
* Replace the default help text
* Readme file, including the test config format documentation
* Typo
* Warn if config files / executables aren't found
* Ignore original name of executable (as per current README)
* Update tests to avoid failing on stat of a non-existant file
* Add a makefile for ease of build
2017-06-19 23:17:19 +03:00
Amir Jerbi
154a140f74
Initial commit
2017-06-19 17:01:57 +03:00