1
0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-12-03 21:38:15 +00:00
Commit Graph

98 Commits

Author SHA1 Message Date
Liz Rice
0d57a9dff3
Update copyright date 2019-05-02 18:13:25 -07:00
Daniel Pacak
5fb133cd02 Adjust the semantics of scored and unscored flags 2019-05-01 22:52:56 +02:00
Daniel Pacak
306e1960af Add flags to further filter CIS checks to run 2019-05-01 22:52:56 +02:00
Liz Rice
902a10f1c7
Just have one path for both json and yaml 2019-04-11 17:09:33 +01:00
Liz Rice
9b034024a7
Complete merge where test numbers changes 2019-04-11 10:21:19 +01:00
Liz Rice
c887794807
Merge branch 'master' into feature/json-config 2019-04-11 10:03:07 +01:00
Abubakr-Sadik Nii Nai Davis
4b8a7ffbe1 Add ":" as a valid flag-value separator for tests
This is useful for checking values in YAML (possibly JSON) kubernetes config files.
2019-04-10 22:47:26 +00:00
Florent Delannoy
4d3144ca21 Support JSON and YAML configuration
Support new configuration options besides --flags:
- JSON file through `jsonpath`
- YAML file through `yamlpath`

These new options are fully backwards-compatible with the existing
tests.

Added a new profile, 1.11-json, that expects a JSON kubelet
configuration file and scores accordingly. This profile is compatible
with EKS.
2019-03-21 12:13:31 +00:00
Liz Rice
cd231106cc
Improve comment
Tests could easily be marked "skip" because the user doesn't want to run them in their environment, and in this common case the set of tests will be non-nil
2019-02-18 08:46:26 +00:00
Liz Rice
db962a0ad9
Fix merge of skip check 2019-02-18 08:40:57 +00:00
Abubakr-Sadik Nii Nai Davis
911e9051dc Merge remote-tracking branch 'origin/master' into ocp-configs 2019-02-15 19:48:53 +00:00
Abubakr-Sadik Nii Nai Davis
e899e941f7 Add OCP 3.10 benchmarks. 2019-02-15 19:44:39 +00:00
Yoav Hizkiahou
49f745af8e Support new check type - skip:
If a check is marked with type "skip", it will be marked as Info.

Support scored property:
If a check is not scored and is not marked with type skip, it will be marked as Warn.
2019-01-29 19:05:12 +02:00
Itai Ben-Natan
e9076233dd Support actual result in json output.
This commit adds the actual value of the result
of the value which was returned by the test.
2018-07-30 14:19:18 +00:00
Philippe ALEXANDRE
7b61cf60fe Add strings.ToLower ... 2018-05-15 11:52:49 +02:00
Philippe ALEXANDRE
c4e7487ba7 Do case insensitive comparaison for booleans - Fix #125 2018-05-15 11:48:49 +02:00
nazemu
017a9836ce Result structure changes
Changes to the json structure and field names
2017-11-29 19:04:05 +02:00
Steven Logue
d79a2a5478 added support for saving scan results to pgsql 2017-10-31 13:08:46 -07:00
Abubakr-Sadik Nii Nai Davis
d9e1eee2cd Merge remote-tracking branch 'origin/master' into support for multiple
Kubernetes versions.
2017-09-20 00:39:30 +00:00
Abubakr-Sadik Nii Nai Davis
8ea0892437 Update controls to support multiple Kubernetes versions. 2017-09-17 00:09:02 +00:00
Liz Rice
e8579ade6c Add tests for #50 2017-09-13 15:32:33 +01:00
Juned Memon
44994ced33 Fixed issue of The controls for master - admission control showing wrong status #49 2017-09-13 04:31:43 +05:30
Liz Rice
0e9c11ebd5 Remove empty error messages that manifested as "%s" 2017-08-31 14:41:52 +01:00
Liz Rice
af0eadc792 Add a couple more tests for file permission checks 2017-08-15 18:34:07 +01:00
Abubakr-Sadik Nii Nai Davis
7c7d477d78 Import os to fix issue in previous merge commit. 2017-08-12 19:10:31 +00:00
Abubakr-Sadik Nii Nai Davis
dddea28713 Merge branch 'master' into issue-25 2017-08-12 19:05:48 +00:00
Abubakr-Sadik Nii Nai Davis
0933fa420b Add new tests and clean up old tests. 2017-08-12 18:54:33 +00:00
Abubakr-Sadik Nii Nai Davis
d2fa9d35b6 Rewrite audit commands in the check definition that contain shell builtins
and modify text to command function to support this.

Shell builtins fail the binary command lookup test which result in a
WARN. Audit commands which include shell builtins must use the form:

   "/bin/sh -c 'sh-builtin arg'"

So they are executed properly. Additionally Go will fail to execute
commands involving shell builtins if they are not in the above format.
2017-08-12 18:41:41 +00:00
Liz Rice
767e8eb835 Sorting out the bad merge 2017-08-08 22:22:47 +01:00
Abubakr-Sadik Nii Nai Davis
09ca739dc0 Add check type manual.
Results of manual checks are forced to WARN to inform users to check manually.
2017-08-08 22:17:37 +01:00
Liz Rice
b5f4876138 Revert "Issue 19" 2017-08-08 22:00:06 +01:00
Liz Rice
cf5f025593 Merge branch 'master' into issue-19 2017-08-07 16:23:59 +01:00
Liz Rice
2b4047a3c1 Merge pull request #28 from ttousai/errorhandling
Improve error handling.
2017-08-07 10:06:32 +01:00
Abubakr-Sadik Nii Nai Davis
43c1470c0e Add check type manual.
Results of manual checks are forced to WARN to inform users to check manually.
2017-08-06 15:29:55 +00:00
Abubakr-Sadik Nii Nai Davis
f88de572f6 Improve error handling. 2017-07-25 00:34:07 +00:00
Abubakr-Sadik Nii Nai Davis
e08e069174 Update controls to CIS Kubernetes Benchmark v1.1.0 2017-07-24 17:30:13 +00:00
Abubakr-Sadik Nii Nai Davis
f589fd58e1 Add few modifications. 2017-07-13 01:01:18 +00:00
Abubakr-Sadik Nii Nai Davis
2ee99eca64 Add support for various installation modes, hyperkube, kubeadm and kops.
Issue #17.
2017-07-10 00:15:27 +00:00
Abubakr-Sadik Nii Nai Davis
bd53529387 Fix issue #16 about supporting verbosity. 2017-07-07 17:01:30 +00:00
Abubakr-Sadik Nii Nai Davis
dbbafd54a5 Do not exit on command exit, print error message to stderr and continue. 2017-07-05 12:56:01 +00:00
Abubakr-Sadik Nii Nai Davis
b1a76360e7 Do not clutter the output with error messages from commands in the audit pipeline. 2017-07-04 17:04:43 +00:00
Abubakr-Sadik Nii Nai Davis
e61dcabdfb Remove extraneous debug commands. 2017-06-30 14:56:23 +00:00
Abubakr-Sadik Nii Nai Davis
d0d9900b29 Resolve issue #7 wait: error running audit command exit status 1.
This is caused by a command in the audit pipeline (for example
ps -ef | grep kube-apiserver) failing. The causes of this failure
in my testing is usually a missing config file.

Extensive refactor and correction in verification code to check for
config files and binaries.

Replace joncalhoun/pipes with implementation using exec.Cmds so errors
are visible and can be handled when audit pipeline commands fail.

Change some audit commands
from: ps -ef | grep <cmd> | grep -v
to:   ps -C <something> -o comm,args --no-headers

which is simpler to work with.
2017-06-30 14:19:38 +00:00
Liz Rice
e8df4aa512 Add test to validate the YAML files 2017-06-23 12:05:07 +01:00
Liz Rice
b4237ccb73 Better error handling when reading YAML files 2017-06-23 12:04:46 +01:00
Liz Rice
800c18ccf3 colorPrint for the output
Use the same format output for warnings even if they aren’t related to
a specific test ID
2017-06-20 09:54:17 +01:00
Liz Rice
26cc77ec1d Get the tests working on deployments where file names may be different or not in path (#1)
* Replace the default help text

* Readme file, including the test config format documentation

* Typo

* Warn if config files / executables aren't found

* Ignore original name of executable (as per current README)

* Update tests to avoid failing on stat of a non-existant file

* Add a makefile for ease of build
2017-06-19 23:17:19 +03:00
Amir Jerbi
154a140f74 Initial commit 2017-06-19 17:01:57 +03:00