1
0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-11-29 03:18:27 +00:00
Commit Graph

855 Commits

Author SHA1 Message Date
Roberto Rojas
9c6d4de860 Issue #421: Merges PR #422 with master (#523)
* Add kubeconfig location of kube-proxy for AKS

* Add job for AKS node

* Automate ca file permission check

* removed job-aks.yaml as other PRs added needed features

* fixed integration test due to merge changes
2019-11-27 15:30:29 +00:00
Roberto Rojas
e2f61fad13
Fixes issue #391: Replaced calling docker directly by using "make build-docker" (#522)
replaced calling docker directly by using "make build-docker"
2019-11-26 08:20:05 -08:00
Roberto Rojas
47c5661034
Fixes issue #439: Adds integration testing using KIND (#520)
* Fixes issue #439: Adds integration testing using KIND

* try integration tests

* started using ticker and timeouts

* trying built container image

* adds load image into KIND

* adds comparison

* fixes as per PR review
2019-11-16 09:39:47 -05:00
John Schnake
6ffd382711 Add option to output in JUnit format (#516)
If running these checks in a CI system it may be beneficial
to output in a more standardized format such as JUnit for
parsing by other tools in a consistent manner.

Fixes #460

Signed-off-by: John Schnake <jschnake@vmware.com>
2019-11-13 08:03:04 -05:00
Roberto Rojas
b92d30bd11 Fixes issue #517: Determines Kubernetes version using the REST API (#518)
* Fixes issue #517: Determines Kubernetes version using the REST API

* fixes

* fixes

* adds tests

* fixes

* added more tests

* kubernetes_version_test: Add a missing case for invalid certs

Signed-off-by: Simarpreet Singh <simar@linux.com>

* kubernetes_version_test: Remove un-needed casts

Signed-off-by: Simarpreet Singh <simar@linux.com>

* fixes as per PR review

* fixes as per PR review
2019-11-12 13:47:42 -08:00
Liz Rice
9a950d2d9a
docs: Note about not changing license etc (#514) 2019-11-06 16:44:14 +01:00
Jonathan Rau
51aa10e354 Update EKS Config & Create EKS Guide (#489)
* Change EKS Readme

* Fix readme formatting

* Update README.md

Co-Authored-By: Liz Rice <liz@lizrice.com>

* Update README.md

Co-Authored-By: Liz Rice <liz@lizrice.com>

* Update README.md
2019-11-06 07:34:43 +01:00
Sebastian Ehmann
56fa231376 Remove nil check (#493)
As the length of a nil slice is defined as 0, the nil check is
redundand. (suggested by golanci-lint/gosimple)
2019-11-05 20:23:31 -05:00
Sebastian Ehmann
09fb3c4fe4 Check error before deferring db.Close() (#491) 2019-11-05 20:17:03 -05:00
Sebastian Ehmann
b9be7daa4a Directly convert buffer to string (#492)
Using `buf.String()` instead of `fmt.Sprintf` is simpler
2019-11-05 20:07:41 -05:00
Liz Rice
d7b5422e8a Fix detection of encryption-provider-config (#513)
Fixes: https://github.com/aquasecurity/kube-bench/issues/420

Signed-off-by: Manuel Rüger <manuel@rueg.eu>
2019-11-05 19:45:40 -05:00
Soumyadeep Sinha
8e4da53006 Fixed some typos (#446)
* Fixed some typos

* Fixed some typos

* Fixed typo and capitalization of Kubernetes

* Update README.md

Co-Authored-By: Liz Rice <liz@lizrice.com>

* Update README.md

Co-Authored-By: Liz Rice <liz@lizrice.com>

* Update docs/README.md

Co-Authored-By: Liz Rice <liz@lizrice.com>

* Update docs/README.md

Co-Authored-By: Liz Rice <liz@lizrice.com>

* Update README.md

Co-Authored-By: Liz Rice <liz@lizrice.com>

* Update docs/README.md

Co-Authored-By: Liz Rice <liz@lizrice.com>

* docs: trivial, reinstate capital K

* docs: trivial, reinstate backticks

* docs: trivial, reinstate "in order" for clarity

* docs: trivial, reinstate capital K
2019-11-05 14:59:29 -08:00
Roberto Rojas
7ca438b618
Fixes Issue 269 - Numbering to use CIS Versions (#511)
* starting benchmark flag

* Revert "starting benchmark flag"

This reverts commit 58fc948626.

* fixes issue #269

* add more unit tests

* fix bug

* Update cmd/common.go

Co-Authored-By: Liz Rice <liz@lizrice.com>

* fixes as per PR review

* fixes as per PR review

* adds more tests

* fixed tests

* changes as per PR Review

* changes as per PR Review

* updated README

* Update README.md

Co-Authored-By: Liz Rice <liz@lizrice.com>

* Update README.md

Co-Authored-By: Liz Rice <liz@lizrice.com>

* Update README.md

Co-Authored-By: Liz Rice <liz@lizrice.com>

* Update README.md

Co-Authored-By: Liz Rice <liz@lizrice.com>

* changes are per PR review
2019-11-05 16:31:27 -05:00
mwwolters
8276e521d4 Changed 1.3.3 to check that --use-service-account-credentials isn't set to false, but the flag is set (#442) 2019-11-05 21:29:16 +01:00
Roberto Rojas
d5a02f7cb4
Fixes Issue #331: Changes the Error Message When Programs are Missing (#497)
* changed error description for missing kubectl/kubelet execs

* adds function to generate error message for missing components

* adds function to generate error message for missing components

* adds function to generate error message for missing components

* Update cmd/util.go

Co-Authored-By: Liz Rice <liz@lizrice.com>

* Update cmd/util.go

Co-Authored-By: Liz Rice <liz@lizrice.com>

* Update cmd/util.go

Co-Authored-By: Liz Rice <liz@lizrice.com>

* Update cmd/util.go

Co-Authored-By: Liz Rice <liz@lizrice.com>

* Update cmd/util.go

Co-Authored-By: Liz Rice <liz@lizrice.com>

* fixed error message

* changes are per PR review
2019-11-05 10:44:57 -05:00
Roberto Rojas
13fe1cdfb8 Fixes issue #501: specifying absolute path for both ps and cat (#508)
* fixes issue #501

* specify abolute path for ps and cat
2019-11-01 13:10:52 +00:00
Nando Theessen
91bd47f296 Fixes job-eks.yaml to not fail on startup (#461) 2019-10-25 20:31:57 -04:00
Kevin W Monroe
04946a48fb add snap component paths to default config (#414) 2019-10-25 20:19:56 -04:00
Prem Kumar
01ee110ac4 Fix repetitive flags in some ocp-3.11 tests (#462)
* fix flag repetition in ocp-3.11/node.yaml

* fix flag repetition in ocp-3.11/master.yaml
2019-10-25 20:12:56 -04:00
michizhou
b0abc74350 Fixed documentation errors (#450) 2019-10-25 11:58:41 -07:00
DarthSett
bea820bdfe Improve CONTRIBUTING.md (#483)
Fixed the grammar as per the issue [#472 ](https://github.com/aquasecurity/kube-bench/issues/472)
2019-10-24 14:20:22 -07:00
Arpit Pandey
ce0137a31a Fix few typos (#469) 2019-10-24 14:05:13 -07:00
Saiyam Pathak
39d9ef9d37 usr-bin volume mount not required (#424)
usr-bin volume mount not required as using kubelet version in command
2019-10-24 14:49:33 +01:00
Alexey Pyltsyn
7a2cc3f554 Improve docs (#437) 2019-10-24 09:15:29 +01:00
Sidhya Tikku
bf383ec1f7 Added .DS_Store and thumbs.db to .gitignore (#463)
* Delete .DS_Store

* Update .gitignore
2019-10-24 09:04:13 +01:00
PARAM MITTAL
5f647d6a36 Fix typo in Contributing file (#471) 2019-10-24 08:57:32 +01:00
John Schnake
2657c2f96f Use newer kind load docker-image command (#459)
Updates the logic for `kind-push` in the makefile to use
the new, simple command provided by kind.

Fixes #458
2019-10-23 12:15:02 -07:00
Mohan Sha
b009520ea3 Added table of contents for navigation (#455) 2019-10-23 19:08:04 +01:00
Nikita Titov
146de15c2e removed deprecated field in Travis config (#452) 2019-10-23 18:45:10 +01:00
Simarpreet Singh
d77eab2234
master.yaml: Add --audit-policy-file check for 1.1.37. (#440)
* master.yaml: Add --audit-policy-file check for 1.1.37.

Signed-off-by: Simarpreet Singh <simar@linux.com>

* fix-177: fix line endings

Signed-off-by: Simarpreet Singh <simar@linux.com>
2019-10-18 13:23:23 -07:00
Itay Shakury
3964377a80
add contribution guidelines (#454) 2019-10-16 17:51:33 +03:00
Liz Rice
1b49050974 docs: Clarify the meaning of WARN state (#430)
* docs: Clarify the meaning of WARN state

* Update README.md
2019-10-15 10:04:18 -04:00
Simarpreet Singh
d12a45bba9 Properly initialize viper library when checking for master components (#434)
* common_test: Add a failing test to show the SISEGV

Signed-off-by: Simarpreet Singh <simar@linux.com>

* common: Go green by fixing isMaster() to instantiate viper

Signed-off-by: Simarpreet Singh <simar@linux.com>

* common: Inject a seam for getBinariesFunc to be patched-in.

Also adds additional tests to showcase unhappy behaviors.

Signed-off-by: Simarpreet Singh <simar@linux.com>

* common_test: Rename TestIsMaster()

Signed-off-by: Simarpreet Singh <simar@linux.com>

* common: init viper with master config

Signed-off-by: Simarpreet Singh <simar@linux.com>

* common: Add a pre-check if valid yaml is passed but doesn't include master.

Also adds additional tests to showcase unhappy behaviors.

Signed-off-by: Simarpreet Singh <simar@linux.com>

* mod: Upgrade viper to v1.4.0

Signed-off-by: Simarpreet Singh <simar@linux.com>

* common: Refactor node only yaml to a file

Signed-off-by: Simarpreet Singh <simar@linux.com>

* common: Log  when master components are not found

Signed-off-by: Simarpreet Singh <simar@linux.com>

* common_test: Refactor subtests into a table

Signed-off-by: Simarpreet Singh <simar@linux.com>
2019-10-14 11:15:08 -04:00
Roberto Rojas
a6ee61fd08
Fixes issue #289: removed versions prior to 1.11 (#429)
* removed version prior to 1.11

* removed references to kubernetes versions prior to 1.11
2019-10-14 10:52:43 -04:00
Roberto Rojas
3aa41db166
Issue #353: Merges JSON and Exec Params files (#426)
* starts fixes #353

* new approach to minize duplications

* applied merged yaml files for v1.11 and v1.13

* yaml files json/params merged

* fixes to remove double quotes from numbers and booleans

* fixed bug

* fixed certificate check

* removed -json files

* changes based on PR review

* Update check/check_test.go

Yay more tests!

Co-Authored-By: Liz Rice <liz@lizrice.com>

* changes as PR review

* fixed bug when scored check is missing tests

* attempt to improve the code

* fixed list breaks

* removes handleError function

* Update check/check.go

Accepting suggested log level.

Co-Authored-By: Liz Rice <liz@lizrice.com>
2019-10-14 10:37:10 -04:00
Roberto Rojas
c22f81610d
removes federated (#431) 2019-10-12 19:00:26 -04:00
Roberto Rojas
91dfeb7577
passes KUBEBENCH_VERSION down to Dockerfile (#428) 2019-10-12 18:53:17 -04:00
Roberto Rojas
4416e46967
Adds Unit Tests for check/toNumeric (#401)
* fixes issue #364

* fixed unit test error text
2019-10-12 18:46:19 -04:00
James George
050145f6b3 docs: minor tweak (#438) 2019-10-11 15:47:10 +01:00
yoavrotems
89afda1f63 Add [Manual test] to remediation in all the manual tests (#435) 2019-10-09 16:26:02 +01:00
Simarpreet Singh
37f626dce6 cfg: Make proxy checks optional (#436)
Signed-off-by: Simarpreet Singh <simar@linux.com>
2019-10-08 11:53:39 +01:00
Liz Rice
16beb3e616
docs: note that you may need to be root (#412) 2019-09-21 15:07:16 +01:00
yoavrotems
27261d1d32 Change Kind version (#411)
Something with the old version was crashing. now using the most recent one 1.15.3 is working.
2019-09-03 13:42:07 +01:00
Roberto Rojas
41e0ae77de changes to use the "op: valid_elements" operation to manage list of items (#402) 2019-09-03 13:36:47 +01:00
yoavrotems
ea9089bd42 update the yaml according (#410)
The update is from the new cis version 1.4.1.
like been done in https://github.com/aquasecurity/kube-bench/issues/370
2019-09-02 16:40:45 +01:00
Roberto Rojas
ec3b1076c0 Fixes issue #407 (#409)
* fixes issue #407

* fixes issue #407
2019-08-30 17:33:14 +01:00
Roberto Rojas
13dfa15ad6 Fixes Issue #396 - Replaces $kubeletconf for $kubeletsvc (#399)
* fixes issue #396

* reverts remediation text change

* changes to 1.11-json and 1.13-json as per PR review

* Tiny typo
2019-08-30 15:21:41 +01:00
Liz Rice
a2466da4b0
Correct 1.1.13 to match CIS spec (#406)
Text should say Not Scored
2019-08-30 15:10:30 +01:00
Liz Rice
d0d4e95d93
Updated version support (#385)
Strictly, we don't have the changes in 1.13-json but we do have them in 1.13
2019-08-30 12:09:11 +01:00
Roberto Rojas
7a53806863 fixes issue #346 by explicitly only checking read-only property (#404) 2019-08-30 08:56:48 +01:00