kube-bench

Commit Graph

Author	SHA1	Message	Date
Huang Huang	70988356c8	Support config files which use .yml file extension (#586 ) Co-authored-by: Roberto Rojas <robertojrojas@gmail.com>	4 years ago
Abubakr-Sadik Nii Nai Davis	d988b81540	CIS GKE 1.0.0 benchmark (#570 ) * Add initial commit for CIS GKE 1.0 benchmark * Update README with GKE instructions * Fix YAML linter issues * Set GKE benchmark k8s version to gke-1.0 * Add tests for gke-1.0 Co-authored-by: Roberto Rojas <robertojrojas@gmail.com>	4 years ago
Thorsten Schifferdecker	237f8cf818	fix small typo (#592 ) proykubeconfig -> proxykubeconfig	4 years ago
Huang Huang	65fb352e0e	Change to checking `--disable-admission-plugins` for cis-1.4-1.1.27 and cis-1.5-1.2.14 (#584 ) Fixes #582	4 years ago
LukasAuerbeck	037bb14729	added 444, 440, 400 and 000 file permission checks for all benchmarks (#563 ) Co-authored-by: Liz Rice <liz@lizrice.com>	4 years ago
mustafa-rean	89f8e454ba	Resolved bug in master.yml for cis-1.5 for the apiserverbin variable name (#567 ) Co-authored-by: Liz Rice <liz@lizrice.com>	4 years ago
Murali Paluru	48e33d33e5	fix mismatching checks, tests (#544 )	4 years ago
James Ward	5f34058dc7	Support Linting YAML as part of Travis CI build (#554 ) * add yamllint command to travis CI installs and runs a linter across the YAML in the project to ensure consistency in the written YAML. this uses yamllint and the default yamllint config with "truthy" and "line-length" disabled. * run dos2unix on CRLF files * YAMLLINT: remove trailing spaces * YAMLLint: add YAML document start * YAMLLint: too many spaces around bracket * YAMLLint: fix indentation * YAMLLint: remove duplicate key * YAMLLint: newline at end of file * YAMLLint: Too few spaces after comma * YAMLLint: too many spaces after colon	4 years ago
Roberto Rojas	13193d75b0	Fixes Issue #535 (#537 ) * isEtcd should not run on openshift 3.10/3.11 * adds openssl * fixed tests * fixes bugs * adds isEtcd tests	5 years ago
Huang Huang	4a07f87e6f	Fix remediations about file permission (#534 ) * Fix remediation of 2.2.3 in cis-1.3 * Fix remediation of 4.1.1 in cis-1.5	5 years ago
Mateus Caruccio	6e1c39237a	Openshift configs (#526 ) * Adds openshift to autodetect node type * detect okd node units	5 years ago
Roberto Rojas	af976e6f50	Fixes Issue #494 - add tests for CIS 1.5 (#530 ) * Initial commit. * Add master and node config. * Add section 5 of CIS 1.5.1. * Split sections into section files * Fix YAML issues. * adds target translation * adds target translation * adds cis-1.5 mapping * fixed tests * fixes are per PR * fixed intergration test * integration kind test file to appropriate ks8 version * fixed etcd text * fixed README * fixed text * etcd: fixed grep path * etcd: fixes * fixed error message bug * Update README.md Co-Authored-By: Liz Rice <liz@lizrice.com> * Update README.md Co-Authored-By: Liz Rice <liz@lizrice.com> * fixes as per PR review	5 years ago
Huang Huang	7015f4b4b5	Fix remediation of 2.2.3 (#527 )	5 years ago
Roberto Rojas	9c6d4de860	Issue #421 : Merges PR #422 with master (#523 ) * Add kubeconfig location of kube-proxy for AKS * Add job for AKS node * Automate ca file permission check * removed job-aks.yaml as other PRs added needed features * fixed integration test due to merge changes	5 years ago
Liz Rice	d7b5422e8a	Fix detection of encryption-provider-config (#513 ) Fixes: https://github.com/aquasecurity/kube-bench/issues/420 Signed-off-by: Manuel Rüger <manuel@rueg.eu>	5 years ago
Roberto Rojas	7ca438b618	Fixes Issue 269 - Numbering to use CIS Versions (#511 ) * starting benchmark flag * Revert "starting benchmark flag" This reverts commit `58fc948626`. * fixes issue #269 * add more unit tests * fix bug * Update cmd/common.go Co-Authored-By: Liz Rice <liz@lizrice.com> * fixes as per PR review * fixes as per PR review * adds more tests * fixed tests * changes as per PR Review * changes as per PR Review * updated README * Update README.md Co-Authored-By: Liz Rice <liz@lizrice.com> * Update README.md Co-Authored-By: Liz Rice <liz@lizrice.com> * Update README.md Co-Authored-By: Liz Rice <liz@lizrice.com> * Update README.md Co-Authored-By: Liz Rice <liz@lizrice.com> * changes are per PR review	5 years ago
mwwolters	8276e521d4	Changed 1.3.3 to check that --use-service-account-credentials isn't set to false, but the flag is set (#442 )	5 years ago
Roberto Rojas	13fe1cdfb8	Fixes issue #501 : specifying absolute path for both ps and cat (#508 ) * fixes issue #501 * specify abolute path for ps and cat	5 years ago
Kevin W Monroe	04946a48fb	add snap component paths to default config (#414 )	5 years ago
Prem Kumar	01ee110ac4	Fix repetitive flags in some ocp-3.11 tests (#462 ) * fix flag repetition in ocp-3.11/node.yaml * fix flag repetition in ocp-3.11/master.yaml	5 years ago
Arpit Pandey	ce0137a31a	Fix few typos (#469 )	5 years ago
Simarpreet Singh	d77eab2234	master.yaml: Add --audit-policy-file check for 1.1.37. (#440 ) * master.yaml: Add --audit-policy-file check for 1.1.37. Signed-off-by: Simarpreet Singh <simar@linux.com> * fix-177: fix line endings Signed-off-by: Simarpreet Singh <simar@linux.com>	5 years ago
Simarpreet Singh	d12a45bba9	Properly initialize viper library when checking for master components (#434 ) * common_test: Add a failing test to show the SISEGV Signed-off-by: Simarpreet Singh <simar@linux.com> * common: Go green by fixing isMaster() to instantiate viper Signed-off-by: Simarpreet Singh <simar@linux.com> * common: Inject a seam for getBinariesFunc to be patched-in. Also adds additional tests to showcase unhappy behaviors. Signed-off-by: Simarpreet Singh <simar@linux.com> * common_test: Rename TestIsMaster() Signed-off-by: Simarpreet Singh <simar@linux.com> * common: init viper with master config Signed-off-by: Simarpreet Singh <simar@linux.com> * common: Add a pre-check if valid yaml is passed but doesn't include master. Also adds additional tests to showcase unhappy behaviors. Signed-off-by: Simarpreet Singh <simar@linux.com> * mod: Upgrade viper to v1.4.0 Signed-off-by: Simarpreet Singh <simar@linux.com> * common: Refactor node only yaml to a file Signed-off-by: Simarpreet Singh <simar@linux.com> * common: Log when master components are not found Signed-off-by: Simarpreet Singh <simar@linux.com> * common_test: Refactor subtests into a table Signed-off-by: Simarpreet Singh <simar@linux.com>	5 years ago
Roberto Rojas	a6ee61fd08	Fixes issue #289 : removed versions prior to 1.11 (#429 ) * removed version prior to 1.11 * removed references to kubernetes versions prior to 1.11	5 years ago
Roberto Rojas	3aa41db166	Issue #353 : Merges JSON and Exec Params files (#426 ) * starts fixes #353 * new approach to minize duplications * applied merged yaml files for v1.11 and v1.13 * yaml files json/params merged * fixes to remove double quotes from numbers and booleans * fixed bug * fixed certificate check * removed -json files * changes based on PR review * Update check/check_test.go Yay more tests! Co-Authored-By: Liz Rice <liz@lizrice.com> * changes as PR review * fixed bug when scored check is missing tests * attempt to improve the code * fixed list breaks * removes handleError function * Update check/check.go Accepting suggested log level. Co-Authored-By: Liz Rice <liz@lizrice.com>	5 years ago
Roberto Rojas	c22f81610d	removes federated (#431 )	5 years ago
yoavrotems	89afda1f63	Add [Manual test] to remediation in all the manual tests (#435 )	5 years ago
Simarpreet Singh	37f626dce6	cfg: Make proxy checks optional (#436 ) Signed-off-by: Simarpreet Singh <simar@linux.com>	5 years ago
Roberto Rojas	41e0ae77de	changes to use the "op: valid_elements" operation to manage list of items (#402 )	5 years ago
yoavrotems	ea9089bd42	update the yaml according (#410 ) The update is from the new cis version 1.4.1. like been done in https://github.com/aquasecurity/kube-bench/issues/370	5 years ago
Roberto Rojas	ec3b1076c0	Fixes issue #407 (#409 ) * fixes issue #407 * fixes issue #407	5 years ago
Roberto Rojas	13dfa15ad6	Fixes Issue #396 - Replaces $kubeletconf for $kubeletsvc (#399 ) * fixes issue #396 * reverts remediation text change * changes to 1.11-json and 1.13-json as per PR review * Tiny typo	5 years ago
Liz Rice	a2466da4b0	Correct 1.1.13 to match CIS spec (#406 ) Text should say Not Scored	5 years ago
Roberto Rojas	7a53806863	fixes issue #346 by explicitly only checking read-only property (#404 )	5 years ago
yoavrotems	4b5a877f1f	Remove some tests from been manual (#398 ) * Remove some tests from been manual * Remove some tests from been manual	5 years ago
Roberto Rojas	f343d36862	hyperkube v1.15 renamed "proxy" to "kube-proxy" (#400 )	5 years ago
Roberto Rojas	3e5d02e920	fixes issue #386 (#397 ) * fixes issue #386 * Correct typo	5 years ago
Abubakr-Sadik Nii Nai Davis	a3b8ba58ad	Fix error converting from string to integer (#392 ) Replace the `gt` with `eq` for string comparison of kube-bench check 2.1.6 in `cfg/1.6/node.yaml`.	5 years ago
Patrick Lieberg	0d81ef10d5	Update config.yaml to add Azure AKS file locations for kubelet (#383 ) * testing Azure config locations * "Updated default config.yaml to incorporate Azure AKS file locations for kubelet" * "Adjusted order of new lines. Removed unneeded lines."	5 years ago
mwwolters	787bf6ca4d	Updated check to pass if flag isn't set (#379 )	5 years ago
Liz Rice	f8b2f6c841	Correct 1.4.21 text (#356 ) 1.4.21 is about the PKI key file not the certificate	5 years ago
yoavrotems	136e9cd731	Remove federated from ocp (#381 ) * Delete federated.yaml There is no federated tests in ocp * Delete federated.yaml There are no federated tests in OCP	5 years ago
Efrat Levitan	b8a463f051	Correction to 1.13 and 1.13-json test 2.1.5 (#380 )	5 years ago
yoavrotems	22b971a633	fixes-according-kube-cis1.4.1 (#376 ) * Update master.yaml * Update node.yaml Fix 2.1.11 - got DEPRECATED 2.1.14 changed to be a set of options, would be fixed by https://github.com/aquasecurity/kube-bench/pull/367 * Update master.yaml * Update node.yaml change 2.1.11 Title, and state to not scored	5 years ago
Roberto Rojas	0422368615	issue #369 : fixes RotateKubeletServerCertificate tests in 1.13-json (#371 )	5 years ago
mwwolters	893aa3588c	Updated check to pass if flag isn't set (#375 )	5 years ago
Roberto Rojas	937bfc7b2e	issue #344 : Adds support for array comparison. Every element in the s… (#367 ) * issue #344: Adds support for array comparison. Every element in the source array must exist in the target array. * issue #344: Fixed typo and found if condition based on code review * adds unit tests for valid_elements comparison * removes spaces from split strings	5 years ago
Roberto Rojas	c87c5cfb51	Fixes bugs on tests 2.1.4 and 2.1.5 - 1.13-json (#365 ) * Adds bin_op to Test 2.1.4 * Adds bin_op to Test 2.1.5	5 years ago
Roberto Rojas	3926ba3977	issue #337 : Adds comment for properties detected thru parsing command line. Fixed Audit for test 2.1.8 (#354 )	5 years ago
Roberto Rojas	d127512ab9	issue #349 : changes test 2.2.8 (#351 )	5 years ago

1 2 3 4

173 Commits (06303f6a7a9f78a6ec5405e615d342277fe57ce6)