yoavrotems
22b971a633
fixes-according-kube-cis1.4.1 ( #376 )
...
* Update master.yaml
* Update node.yaml
Fix 2.1.11 - got DEPRECATED
2.1.14 changed to be a set of options, would be fixed by https://github.com/aquasecurity/kube-bench/pull/367
* Update master.yaml
* Update node.yaml
change 2.1.11 Title, and state to not scored
2019-08-06 06:19:29 -07:00
Roberto Rojas
0422368615
issue #369 : fixes RotateKubeletServerCertificate tests in 1.13-json ( #371 )
2019-08-06 00:58:35 -07:00
mwwolters
893aa3588c
Updated check to pass if flag isn't set ( #375 )
2019-07-30 10:09:24 -07:00
Roberto Rojas
937bfc7b2e
issue #344 : Adds support for array comparison. Every element in the s… ( #367 )
...
* issue #344 : Adds support for array comparison. Every element in the source array must exist in the target array.
* issue #344 : Fixed typo and found if condition based on code review
* adds unit tests for valid_elements comparison
* removes spaces from split strings
2019-07-26 11:11:59 -07:00
Roberto Rojas
dab5e92bb5
Issue #363 : Adds Unit Tests for Test Comparisons ( #366 )
...
* issue #363 : starts unit tests for Test Comparison.
* issue #363 : Adds tests for "eq" operation
* changes test result message
* issue #363 : Adds tests for "noteq" operation
* issue #363 : Adds tests for "gt" operation
* issue #363 : Adds tests for "lt" operation
* issue #363 : Adds tests for "gte" operation
* issue #363 : Adds tests for "lte" operation
* issue #363 : Adds tests for "has" operation
* issue #363 : Adds tests for "nothave" operation
* issue #363 : Adds tests for "regex" operation
2019-07-17 10:08:11 -04:00
yoavrotems
7c97f6a490
Add codecov ( #336 )
...
* Update .gitignore
* Update .travis.yml
* Update makefile
* Update .travis.yml
* Update .travis.yml
* Update .travis.yml
* Update README.md
* Update README.md
* Update README.md
* Update makefile
* Update .travis.yml
2019-07-16 14:11:51 -04:00
Roberto Rojas
86e3456f33
issue #243 : Changes condition so that score: false tests are performed ( #357 )
...
* issue #243 : Changes condition so that score: false tests are performed
* issue #243 : Changes comments.
2019-07-13 08:05:29 +01:00
zilard
b86dd92c91
Issue #348 : Refactor get<Thing>Files into getFiles ( #359 )
...
* issue #348 : replace everywhere get<Thing>Files with getFiles
2019-07-13 07:48:24 +01:00
Roberto Rojas
c87c5cfb51
Fixes bugs on tests 2.1.4 and 2.1.5 - 1.13-json ( #365 )
...
* Adds bin_op to Test 2.1.4
* Adds bin_op to Test 2.1.5
2019-07-13 07:35:44 +01:00
Roberto Rojas
b649588f46
turns Go Module on ( #362 )
2019-07-12 14:12:59 +01:00
Liz Rice
cb3d876ced
Remove Darwin build from go-releaser ( #361 )
...
Should fix #360
2019-07-12 12:41:46 +01:00
Roberto Rojas
d43cdfdf01
Issue #355 : Adds Unit Tests for JSONPath Parse & Execute ( #358 )
...
* issue #335 : Adds json/yaml unmarshal Unit Tests.
* issue #335 : Adds jsonpath Unit Tests.
* issue #335 : Removes log package.
2019-07-12 07:09:27 +01:00
Roberto Rojas
3926ba3977
issue #337 : Adds comment for properties detected thru parsing command line. Fixed Audit for test 2.1.8 ( #354 )
2019-07-11 17:05:24 +01:00
Roberto Rojas
d127512ab9
issue #349 : changes test 2.2.8 ( #351 )
2019-07-10 15:54:09 +01:00
Roberto Rojas
336ca84998
fixes substitution variable (kubeletconf -> kubeletsvc). ( #350 )
2019-07-10 14:20:14 +01:00
zilard
d8528a1ec8
issue #234 : implement test 2.2.8 ( #343 )
...
* implement test 2.2.8
* Nit: correct indentation
The indentation looked a bit wonky due to spaces vs tabs; hopefully this corrects it
2019-07-10 10:43:15 +01:00
Roberto Rojas
a0bed18054
Adds json version of config for k8s 1.13 ( #342 )
2019-07-10 09:26:37 +01:00
Liz Rice
25b2c5da5a
Add comment about procps limitation ( #333 )
2019-07-08 22:29:37 +01:00
Liz Rice
08097d2211
Need credentials in order to run kubectl version ( #332 )
...
Without passing in kubeconfig credentials:
```bash
$ docker run --pid=host -v /etc:/etc:ro -v /var:/var:ro -v $(which kubectl):/usr/bin/kubectl -t lizrice/kube-bench:5e6cdfd master -v 1
I0628 16:52:06.591683 6099 util.go:367] Unable to get Kubernetes version from kubectl, using default version: 1.6
I0628 16:52:06.591822 6099 common.go:74] Using benchmark file: cfg/1.6/master.yaml
...
```
As updated in the README with this fix:
```bash
docker run --pid=host -v /etc:/etc:ro -v /var:/var:ro -v $(which kubectl):/usr/bin/kubectl -v ~/.kube:/.kube -e KUBECONFIG=/.kube/config -t lizrice/kube-bench:5e6cdfd master -v 1
I0628 16:53:26.784122 7224 util.go:131] No test file found for 1.14 - using tests for Kubernetes 1.13
I0628 16:53:26.784961 7224 common.go:228] Using config file: cfg/1.13/config.yaml
...
```
2019-07-08 22:22:48 +01:00
Liz Rice
9a900db021
docs: update WIP to draft ( #324 )
2019-07-03 08:27:28 +01:00
patelpayal
e6e6333e6d
add glog flush to write the output to a file ( #329 )
...
* add glog flush to write the output to a file
* add glog flush before exit on error and fix code comment
2019-07-01 09:49:46 +01:00
Manuel Rüger
5e6cdfdb0e
Detect kube-controller in CMD ( #326 )
...
If kube-controller-manager is getting detected by older versions of
procps, it will only be detected if we're looking for kube-controller
(15 chars)
NOTE: "The command name is not the same as the command line. Previous versions of
procps and the kernel truncated this command name to 15
characters. This limitation is no longer present in both. If
you depended on matching only 15 characters, you may no longer
get a match."
2019-06-28 16:58:23 +01:00
patelpayal
e066ec69dd
fix go.mod dependency ( #330 )
2019-06-28 09:48:52 +01:00
Manuel Rüger
f7e3257e3c
Go modules / Alpine 3.10 update / Remove binary ( #322 )
...
* Remove binary that was accidentally added
911e9051dc
* Dockerfile: Update to alpine 3.10
* Switch to go 1.12 and go modules
2019-06-26 11:58:51 +01:00
Liz Rice
086df3dda1
Merge pull request #321 from simar7/remove-extra-whitespaces
...
cfg: remove erroneous whitespaces in yaml
2019-06-26 11:26:39 +01:00
Simarpreet Singh
dddc42f046
cfg: remove erroneous whitespaces in yaml
...
Signed-off-by: Simarpreet Singh <simar@linux.com>
2019-06-25 07:18:46 -07:00
Liz Rice
07dfeb8e27
Merge pull request #319 from aquasecurity/contributing
...
Add github issue creation instructions.
2019-06-25 14:51:32 +01:00
Liz Rice
0ab09a85e8
Add pull requests section
...
Add pull requests section
Include instructions for kube-bench version
Other small wording changes
2019-06-25 14:44:02 +01:00
Abubakr-Sadik Nii Nai Davis
7affbc83d8
Add github issue creation instructions.
2019-06-24 20:33:24 +00:00
Liz Rice
ea7400aa4b
Merge pull request #301 from wwwil/op-regex
...
Add regex compare op
2019-06-19 12:10:29 +02:00
Liz Rice
5e3ff51fa9
Merge branch 'master' into op-regex
2019-06-19 11:43:39 +02:00
Liz Rice
c379df19b0
Merge pull request #316 from cpt-redbeard/master
...
Adding OCP 3.11
2019-06-18 07:40:18 -07:00
pthomson
2275eea93f
Adding OCP 3.11
...
Adding OCP 3.11
2019-06-17 13:44:35 -04:00
Liz Rice
ec9779f56e
Merge pull request #313 from simar7/add-kube-bench-version
...
kube-bench: add version subcommand
2019-06-17 02:27:27 -07:00
Simarpreet Singh
3b7438e2f2
kube-bench: add version subcommand
...
Signed-off-by: Simarpreet Singh <simar@linux.com>
2019-06-12 01:41:09 -07:00
Liz Rice
c76369fe2c
Add missing quote
2019-06-10 20:29:58 -07:00
Liz Rice
7f2e9b5231
Merge branch 'master' into op-regex
2019-06-11 04:28:03 +01:00
Liz Rice
1d7449db34
Merge pull request #309 from simar7/fix-ocp-3.10-yaml
...
ocp-3.10: Fix malformed yaml and improve TestControls_RunChecks
2019-06-11 04:27:25 +01:00
Simarpreet Singh
5df39eed02
ocp-3.10: Fix malformed yaml and improve TestControls_RunChecks
...
This improves the TestControls_RunChecks() test by making
more comprehensive assertions on a more fully fledged input yaml
Fixes: https://github.com/aquasecurity/kube-bench/issues/304
Signed-off-by: Simarpreet Singh <simar@linux.com>
2019-06-10 13:39:43 -07:00
wwwil
7efa7b2c35
Add regex to list of compare ops
2019-06-05 15:29:40 +01:00
wwwil
83c7536c8a
Add tests for regex test op
2019-06-05 15:29:15 +01:00
Liz Rice
46baf8f8b5
Merge pull request #296 from aquasecurity/Config-doc
...
Document version-specific config files
2019-06-05 12:52:32 +02:00
Liz Rice
4f79d62149
Merge branch 'master' into Config-doc
2019-06-05 12:45:27 +02:00
Liz Rice
268fafd495
Merge pull request #300 from danielsagi/add_kubelet_config_path
...
Added another kubelet config file to node:kubelet:confs
2019-06-05 12:45:07 +02:00
Liz Rice
bab1237a44
Merge branch 'master' into add_kubelet_config_path
2019-06-05 12:27:07 +02:00
Liz Rice
d44f865ef3
Merge pull request #256 from aquasecurity/fix-235
...
Rationalize and document config
2019-06-05 12:07:17 +02:00
Liz Rice
e3da299e0c
Merge branch 'master' into fix-235
2019-06-05 11:42:13 +02:00
Liz Rice
81f0d9c6e3
Merge branch 'master' into Config-doc
2019-06-05 11:41:15 +02:00
Liz Rice
312cdb1c6d
Merge pull request #297 from aquasecurity/Openshift-executables
...
Update openshift executables
2019-06-05 11:40:56 +02:00
Liz Rice
0f12dca76d
Merge branch 'master' into Openshift-executables
2019-06-05 11:29:42 +02:00