Roberto Rojas
9c6d4de860
Issue #421 : Merges PR #422 with master ( #523 )
...
* Add kubeconfig location of kube-proxy for AKS
* Add job for AKS node
* Automate ca file permission check
* removed job-aks.yaml as other PRs added needed features
* fixed integration test due to merge changes
2019-11-27 15:30:29 +00:00
Liz Rice
d7b5422e8a
Fix detection of encryption-provider-config ( #513 )
...
Fixes: https://github.com/aquasecurity/kube-bench/issues/420
Signed-off-by: Manuel Rüger <manuel@rueg.eu>
2019-11-05 19:45:40 -05:00
Roberto Rojas
7ca438b618
Fixes Issue 269 - Numbering to use CIS Versions ( #511 )
...
* starting benchmark flag
* Revert "starting benchmark flag"
This reverts commit 58fc948626
.
* fixes issue #269
* add more unit tests
* fix bug
* Update cmd/common.go
Co-Authored-By: Liz Rice <liz@lizrice.com>
* fixes as per PR review
* fixes as per PR review
* adds more tests
* fixed tests
* changes as per PR Review
* changes as per PR Review
* updated README
* Update README.md
Co-Authored-By: Liz Rice <liz@lizrice.com>
* Update README.md
Co-Authored-By: Liz Rice <liz@lizrice.com>
* Update README.md
Co-Authored-By: Liz Rice <liz@lizrice.com>
* Update README.md
Co-Authored-By: Liz Rice <liz@lizrice.com>
* changes are per PR review
2019-11-05 16:31:27 -05:00
mwwolters
8276e521d4
Changed 1.3.3 to check that --use-service-account-credentials isn't set to false, but the flag is set ( #442 )
2019-11-05 21:29:16 +01:00
Roberto Rojas
13fe1cdfb8
Fixes issue #501 : specifying absolute path for both ps and cat ( #508 )
...
* fixes issue #501
* specify abolute path for ps and cat
2019-11-01 13:10:52 +00:00
Kevin W Monroe
04946a48fb
add snap component paths to default config ( #414 )
2019-10-25 20:19:56 -04:00
Prem Kumar
01ee110ac4
Fix repetitive flags in some ocp-3.11 tests ( #462 )
...
* fix flag repetition in ocp-3.11/node.yaml
* fix flag repetition in ocp-3.11/master.yaml
2019-10-25 20:12:56 -04:00
Arpit Pandey
ce0137a31a
Fix few typos ( #469 )
2019-10-24 14:05:13 -07:00
Simarpreet Singh
d77eab2234
master.yaml: Add --audit-policy-file check for 1.1.37. ( #440 )
...
* master.yaml: Add --audit-policy-file check for 1.1.37.
Signed-off-by: Simarpreet Singh <simar@linux.com>
* fix-177: fix line endings
Signed-off-by: Simarpreet Singh <simar@linux.com>
2019-10-18 13:23:23 -07:00
Simarpreet Singh
d12a45bba9
Properly initialize viper library when checking for master components ( #434 )
...
* common_test: Add a failing test to show the SISEGV
Signed-off-by: Simarpreet Singh <simar@linux.com>
* common: Go green by fixing isMaster() to instantiate viper
Signed-off-by: Simarpreet Singh <simar@linux.com>
* common: Inject a seam for getBinariesFunc to be patched-in.
Also adds additional tests to showcase unhappy behaviors.
Signed-off-by: Simarpreet Singh <simar@linux.com>
* common_test: Rename TestIsMaster()
Signed-off-by: Simarpreet Singh <simar@linux.com>
* common: init viper with master config
Signed-off-by: Simarpreet Singh <simar@linux.com>
* common: Add a pre-check if valid yaml is passed but doesn't include master.
Also adds additional tests to showcase unhappy behaviors.
Signed-off-by: Simarpreet Singh <simar@linux.com>
* mod: Upgrade viper to v1.4.0
Signed-off-by: Simarpreet Singh <simar@linux.com>
* common: Refactor node only yaml to a file
Signed-off-by: Simarpreet Singh <simar@linux.com>
* common: Log when master components are not found
Signed-off-by: Simarpreet Singh <simar@linux.com>
* common_test: Refactor subtests into a table
Signed-off-by: Simarpreet Singh <simar@linux.com>
2019-10-14 11:15:08 -04:00
Roberto Rojas
a6ee61fd08
Fixes issue #289 : removed versions prior to 1.11 ( #429 )
...
* removed version prior to 1.11
* removed references to kubernetes versions prior to 1.11
2019-10-14 10:52:43 -04:00
Roberto Rojas
3aa41db166
Issue #353 : Merges JSON and Exec Params files ( #426 )
...
* starts fixes #353
* new approach to minize duplications
* applied merged yaml files for v1.11 and v1.13
* yaml files json/params merged
* fixes to remove double quotes from numbers and booleans
* fixed bug
* fixed certificate check
* removed -json files
* changes based on PR review
* Update check/check_test.go
Yay more tests!
Co-Authored-By: Liz Rice <liz@lizrice.com>
* changes as PR review
* fixed bug when scored check is missing tests
* attempt to improve the code
* fixed list breaks
* removes handleError function
* Update check/check.go
Accepting suggested log level.
Co-Authored-By: Liz Rice <liz@lizrice.com>
2019-10-14 10:37:10 -04:00
Roberto Rojas
c22f81610d
removes federated ( #431 )
2019-10-12 19:00:26 -04:00
yoavrotems
89afda1f63
Add [Manual test] to remediation in all the manual tests ( #435 )
2019-10-09 16:26:02 +01:00
Simarpreet Singh
37f626dce6
cfg: Make proxy checks optional ( #436 )
...
Signed-off-by: Simarpreet Singh <simar@linux.com>
2019-10-08 11:53:39 +01:00
Roberto Rojas
41e0ae77de
changes to use the "op: valid_elements" operation to manage list of items ( #402 )
2019-09-03 13:36:47 +01:00
yoavrotems
ea9089bd42
update the yaml according ( #410 )
...
The update is from the new cis version 1.4.1.
like been done in https://github.com/aquasecurity/kube-bench/issues/370
2019-09-02 16:40:45 +01:00
Roberto Rojas
ec3b1076c0
Fixes issue #407 ( #409 )
...
* fixes issue #407
* fixes issue #407
2019-08-30 17:33:14 +01:00
Roberto Rojas
13dfa15ad6
Fixes Issue #396 - Replaces $kubeletconf for $kubeletsvc ( #399 )
...
* fixes issue #396
* reverts remediation text change
* changes to 1.11-json and 1.13-json as per PR review
* Tiny typo
2019-08-30 15:21:41 +01:00
Liz Rice
a2466da4b0
Correct 1.1.13 to match CIS spec ( #406 )
...
Text should say Not Scored
2019-08-30 15:10:30 +01:00
Roberto Rojas
7a53806863
fixes issue #346 by explicitly only checking read-only property ( #404 )
2019-08-30 08:56:48 +01:00
yoavrotems
4b5a877f1f
Remove some tests from been manual ( #398 )
...
* Remove some tests from been manual
* Remove some tests from been manual
2019-08-29 08:54:29 +01:00
Roberto Rojas
f343d36862
hyperkube v1.15 renamed "proxy" to "kube-proxy" ( #400 )
2019-08-28 16:53:48 +01:00
Roberto Rojas
3e5d02e920
fixes issue #386 ( #397 )
...
* fixes issue #386
* Correct typo
2019-08-28 09:27:56 +01:00
Abubakr-Sadik Nii Nai Davis
a3b8ba58ad
Fix error converting from string to integer ( #392 )
...
Replace the `gt` with `eq` for string comparison of kube-bench check 2.1.6 in `cfg/1.6/node.yaml`.
2019-08-23 16:15:21 +01:00
Patrick Lieberg
0d81ef10d5
Update config.yaml to add Azure AKS file locations for kubelet ( #383 )
...
* testing Azure config locations
* "Updated default config.yaml to incorporate Azure AKS file locations for kubelet"
* "Adjusted order of new lines. Removed unneeded lines."
2019-08-22 14:52:34 +01:00
mwwolters
787bf6ca4d
Updated check to pass if flag isn't set ( #379 )
2019-08-09 18:24:20 +01:00
Liz Rice
f8b2f6c841
Correct 1.4.21 text ( #356 )
...
1.4.21 is about the PKI key file not the certificate
2019-08-07 17:17:21 +01:00
yoavrotems
136e9cd731
Remove federated from ocp ( #381 )
...
* Delete federated.yaml
There is no federated tests in ocp
* Delete federated.yaml
There are no federated tests in OCP
2019-08-07 16:52:04 +01:00
Efrat Levitan
b8a463f051
Correction to 1.13 and 1.13-json test 2.1.5 ( #380 )
2019-08-07 03:33:09 -07:00
yoavrotems
22b971a633
fixes-according-kube-cis1.4.1 ( #376 )
...
* Update master.yaml
* Update node.yaml
Fix 2.1.11 - got DEPRECATED
2.1.14 changed to be a set of options, would be fixed by https://github.com/aquasecurity/kube-bench/pull/367
* Update master.yaml
* Update node.yaml
change 2.1.11 Title, and state to not scored
2019-08-06 06:19:29 -07:00
Roberto Rojas
0422368615
issue #369 : fixes RotateKubeletServerCertificate tests in 1.13-json ( #371 )
2019-08-06 00:58:35 -07:00
mwwolters
893aa3588c
Updated check to pass if flag isn't set ( #375 )
2019-07-30 10:09:24 -07:00
Roberto Rojas
937bfc7b2e
issue #344 : Adds support for array comparison. Every element in the s… ( #367 )
...
* issue #344 : Adds support for array comparison. Every element in the source array must exist in the target array.
* issue #344 : Fixed typo and found if condition based on code review
* adds unit tests for valid_elements comparison
* removes spaces from split strings
2019-07-26 11:11:59 -07:00
Roberto Rojas
c87c5cfb51
Fixes bugs on tests 2.1.4 and 2.1.5 - 1.13-json ( #365 )
...
* Adds bin_op to Test 2.1.4
* Adds bin_op to Test 2.1.5
2019-07-13 07:35:44 +01:00
Roberto Rojas
3926ba3977
issue #337 : Adds comment for properties detected thru parsing command line. Fixed Audit for test 2.1.8 ( #354 )
2019-07-11 17:05:24 +01:00
Roberto Rojas
d127512ab9
issue #349 : changes test 2.2.8 ( #351 )
2019-07-10 15:54:09 +01:00
Roberto Rojas
336ca84998
fixes substitution variable (kubeletconf -> kubeletsvc). ( #350 )
2019-07-10 14:20:14 +01:00
zilard
d8528a1ec8
issue #234 : implement test 2.2.8 ( #343 )
...
* implement test 2.2.8
* Nit: correct indentation
The indentation looked a bit wonky due to spaces vs tabs; hopefully this corrects it
2019-07-10 10:43:15 +01:00
Roberto Rojas
a0bed18054
Adds json version of config for k8s 1.13 ( #342 )
2019-07-10 09:26:37 +01:00
Manuel Rüger
5e6cdfdb0e
Detect kube-controller in CMD ( #326 )
...
If kube-controller-manager is getting detected by older versions of
procps, it will only be detected if we're looking for kube-controller
(15 chars)
NOTE: "The command name is not the same as the command line. Previous versions of
procps and the kernel truncated this command name to 15
characters. This limitation is no longer present in both. If
you depended on matching only 15 characters, you may no longer
get a match."
2019-06-28 16:58:23 +01:00
Simarpreet Singh
dddc42f046
cfg: remove erroneous whitespaces in yaml
...
Signed-off-by: Simarpreet Singh <simar@linux.com>
2019-06-25 07:18:46 -07:00
pthomson
2275eea93f
Adding OCP 3.11
...
Adding OCP 3.11
2019-06-17 13:44:35 -04:00
Simarpreet Singh
5df39eed02
ocp-3.10: Fix malformed yaml and improve TestControls_RunChecks
...
This improves the TestControls_RunChecks() test by making
more comprehensive assertions on a more fully fledged input yaml
Fixes: https://github.com/aquasecurity/kube-bench/issues/304
Signed-off-by: Simarpreet Singh <simar@linux.com>
2019-06-10 13:39:43 -07:00
Liz Rice
bab1237a44
Merge branch 'master' into add_kubelet_config_path
2019-06-05 12:27:07 +02:00
Daniel Sagi
43caaab00a
added another kubelet config file to paths, in the main config yaml file. default location for gke cluster
2019-06-04 17:16:05 +03:00
Liz Rice
9d577d94b4
Update openshift executables
2019-05-30 23:04:44 +01:00
Liz Rice
12e48297a6
Config file improvements
...
Correct defaults in main config.yaml file
Remove unnecessary overrides in version-specific config.yaml
2019-05-17 14:21:42 +01:00
Liz Rice
02d5654cc1
Correct 1.1.14 in 1.13/master.yaml
2019-05-14 19:37:44 +01:00
Liz Rice
caf3fbd0a0
Moving more config into master config file
2019-05-13 18:20:57 +01:00