* Run audit as shell script instead of as single line command
* Rename runExecCommands to runAudit
* Fix tests
Co-authored-by: Liz Rice <liz@lizrice.com>
* Remove unnecessary whitespaces
* Fix a typo
* Add integration tests for cis 1.3 and cis 1.5
* Change the timeout of integration tests from 600s to 1200s
* Avoid repeated codes
We're now following the normal behaviour of glog, which means specifying --logtostderr to get the output written to screen. See https://godoc.org/github.com/golang/glog
* Add option to do bitwise and between two value in order to compare permissions
* Update test.go
Removed self debug note
* Update test_test.go
FIx typo
* Update test.go
* Update test.go
Switched between max and requested value, because accidentally assigned them oppositely and remove old function relate to octal base
* Update test_test.go
* Update test_test.go
* Update check.go
Added new warn_reason value which gives a brief explanation about why the not scored tests failed
* Update common.go
Changed when a not scored test fails because it has a wrong syntax audit command or just running something that can't be run the print the failure. but if the test just fails because it doesn't line up with the cis hardening recommendations then print the remediation text.
* Update check/check.go
fix typo
Co-Authored-By: Liz Rice <liz@lizrice.com>
* Update check.go
* Update common.go
* Update check.go
added back os.Exit(1) to exitWithError
* Update job-master.data
Change some tests output to fit warn reason. (No change to the summary)
* Update job-node.data
Changed some tests output to fit warn reason. (No change to the summary)
* Update job.data
Change some tests output to fit warn reason. (No change to the summary)
* Update common.go
Keep to old way to print manual test output
Co-authored-by: Liz Rice <liz@lizrice.com>
Co-authored-by: Roberto Rojas <robertojrojas@gmail.com>
goreleaser updated and got some functions deprecated.
• ARCHIVES
• DEPRECATED: `archive` should not be used anymore, check https://goreleaser.com/deprecations#archive for more info.
• LINUX PACKAGES WITH NFPM
• DEPRECATED: `nfpm` should not be used anymore, check https://goreleaser.com/deprecations#nfpm for more info.
Co-authored-by: Liz Rice <liz@lizrice.com>
Co-authored-by: Roberto Rojas <robertojrojas@gmail.com>
* add yamllint command to travis CI
installs and runs a linter across the YAML in the
project to ensure consistency in the written YAML.
this uses yamllint and the default yamllint config with
"truthy" and "line-length" disabled.
* run dos2unix on CRLF files
* YAMLLINT: remove trailing spaces
* YAMLLint: add YAML document start
* YAMLLint: too many spaces around bracket
* YAMLLint: fix indentation
* YAMLLint: remove duplicate key
* YAMLLint: newline at end of file
* YAMLLint: Too few spaces after comma
* YAMLLint: too many spaces after colon
- Tests that did not increase coverage and were redundant are removed.
- New tests reflecting the meaning of the state as explained in the
README are added.
Co-authored-by: s-nirali <25746945+s-nirali@users.noreply.github.com>
* Adding a section for Azure Kubernetes Service
steps to run kube bench on AKS worker nodes
* Update README.md
* Update README.md
Co-authored-by: Roberto Rojas <robertojrojas@gmail.com>
Co-authored-by: Liz Rice <liz@lizrice.com>
* test: fix TestGetConfigFilePath
This test wasn't correctly creating the test file due to the wrong directory permissions on the temp file. This wasn't detected due to a lack of error checking.
Also, the code was only checking for file not exist rather than lack of permission to read file (or any other error).
The combination of these two things means the test wasn't checking what it thought it was checking, and passed more by luck than judgment.
* add getYamlFilesFromDir
* add getTestYamlFiles and test
* docs: Update master / node help text
* return path + filename from getYamlFilesFromDir
* subcommand run to run specific section files
* Add kubeconfig location of kube-proxy for AKS
* Add job for AKS node
* Automate ca file permission check
* removed job-aks.yaml as other PRs added needed features
* fixed integration test due to merge changes