Abubakr-Sadik Nii Nai Davis
f2e744bdcb
Reorganize benchmark checks into Kubernetes 1.7 and restore Kubernetes 1.6 benchmarks.
2017-09-15 19:38:09 +00:00
Liz Rice
a6036bcfcf
Corrections to config file substitutions. Use “kubernetes” as a fake component name so we can more easily substitute “kubernetesconf”
2017-08-31 17:39:48 +01:00
Liz Rice
a3197f8efe
Reorder YAML to make a bit more sense. Allow for optional components, and a config file that we don’t think exists.
2017-08-31 14:45:16 +01:00
Liz Rice
e4e41683c4
Update the config file
2017-08-30 18:36:00 +01:00
Abubakr-Sadik Nii Nai Davis
3e3aa0ed82
Change node check 2.1.6 to use operation noteq
instead of gt
.
...
Kubelet option --streaming-connection-idle-timeout expects a string
value which fails parsing to integer for greater than comparison.
The string "0" indicates no timeout and this is what we are checking
for.
2017-08-24 18:33:32 +00:00
Liz Rice
cf62def9fd
Better config file locations
2017-08-15 20:07:27 +01:00
Abubakr-Sadik Nii Nai Davis
086bb629db
Add 640 to permission checks.
2017-08-15 15:56:37 +00:00
Abubakr-Sadik Nii Nai Davis
e6f2b4d4fe
Add config checks for permissions stricter that 644 to definition files.
2017-08-15 15:47:01 +00:00
Abubakr-Sadik Nii Nai Davis
dddea28713
Merge branch 'master' into issue-25
2017-08-12 19:05:48 +00:00
Abubakr-Sadik Nii Nai Davis
d2fa9d35b6
Rewrite audit commands in the check definition that contain shell builtins
...
and modify text to command function to support this.
Shell builtins fail the binary command lookup test which result in a
WARN. Audit commands which include shell builtins must use the form:
"/bin/sh -c 'sh-builtin arg'"
So they are executed properly. Additionally Go will fail to execute
commands involving shell builtins if they are not in the above format.
2017-08-12 18:41:41 +00:00
Abubakr-Sadik Nii Nai Davis
9c07527069
Remove misleading comment about manual checks in node check definition.
2017-08-08 22:18:03 +01:00
Abubakr-Sadik Nii Nai Davis
c39516581b
Add master node manual check definitions.
2017-08-08 22:17:44 +01:00
Liz Rice
b5f4876138
Revert "Issue 19"
2017-08-08 22:00:06 +01:00
Liz Rice
cf5f025593
Merge branch 'master' into issue-19
2017-08-07 16:23:59 +01:00
Liz Rice
2b4047a3c1
Merge pull request #28 from ttousai/errorhandling
...
Improve error handling.
2017-08-07 10:06:32 +01:00
Abubakr-Sadik Nii Nai Davis
9c563b0987
Remove misleading comment about manual checks in node check definition.
2017-08-06 16:41:39 +00:00
Abubakr-Sadik Nii Nai Davis
29122b82ad
Add master node manual check definitions.
2017-08-06 16:14:41 +00:00
Abubakr-Sadik Nii Nai Davis
f88de572f6
Improve error handling.
2017-07-25 00:34:07 +00:00
Abubakr-Sadik Nii Nai Davis
e08e069174
Update controls to CIS Kubernetes Benchmark v1.1.0
2017-07-24 17:30:13 +00:00
Abubakr-Sadik Nii Nai Davis
609c4ff01c
Move kubernetes binaries and config paths to kube-bench config.
2017-07-13 00:24:09 +00:00
Abubakr-Sadik Nii Nai Davis
2ee99eca64
Add support for various installation modes, hyperkube, kubeadm and kops.
...
Issue #17 .
2017-07-10 00:15:27 +00:00
Liz Rice
3b93167c07
And now correct the flag and put it in the right place
2017-06-22 16:02:36 +01:00
Liz Rice
903f232dc1
Correct bad yaml indentation
2017-06-22 15:46:47 +01:00
jerbia
432651e85f
Added test 1.4.11 ( #8 )
2017-06-21 22:45:50 +03:00
Amir Jerbi
eefa0dfb61
Change check 1.15
...
Check is successful in case --kubelet-https is set to true OR missing
2017-06-20 13:29:58 +03:00
Liz Rice
1ad63cb4e6
Correct a block-copy mistake in one of the test configs
2017-06-20 11:12:36 +01:00
Amir Jerbi
55fd838191
No need to run install.sh.
...
Simply clone the project, compile the go app and run ./cis_kubernetes
2017-06-20 00:03:46 +03:00
Liz Rice
26cc77ec1d
Get the tests working on deployments where file names may be different or not in path ( #1 )
...
* Replace the default help text
* Readme file, including the test config format documentation
* Typo
* Warn if config files / executables aren't found
* Ignore original name of executable (as per current README)
* Update tests to avoid failing on stat of a non-existant file
* Add a makefile for ease of build
2017-06-19 23:17:19 +03:00
Amir Jerbi
154a140f74
Initial commit
2017-06-19 17:01:57 +03:00