1
0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-11-23 00:28:07 +00:00
Commit Graph

1069 Commits

Author SHA1 Message Date
James Ward
5f34058dc7 Support Linting YAML as part of Travis CI build (#554)
* add yamllint command to travis CI

installs and runs a linter across the YAML in the
project to ensure consistency in the written YAML.

this uses yamllint and the default yamllint config with
"truthy" and "line-length" disabled.

* run dos2unix on CRLF files

* YAMLLINT: remove trailing spaces

* YAMLLint: add YAML document start

* YAMLLint: too many spaces around bracket

* YAMLLint: fix indentation

* YAMLLint: remove duplicate key

* YAMLLint: newline at end of file

* YAMLLint: Too few spaces after comma

* YAMLLint: too many spaces after colon
2020-01-06 09:18:25 +00:00
Liz Rice
dc14cb14b0
Update tests for check states (#550)
- Tests that did not increase coverage and were redundant are removed.
- New tests reflecting the meaning of the state as explained in the
  README are added.

Co-authored-by: s-nirali <25746945+s-nirali@users.noreply.github.com>
2020-01-03 14:02:49 +00:00
Saurya Das
ca749ccb32 Adding a section for Azure Kubernetes Service (#495)
* Adding a section for Azure Kubernetes Service

steps to run kube bench on AKS worker nodes

* Update README.md

* Update README.md

Co-authored-by: Roberto Rojas <robertojrojas@gmail.com>
Co-authored-by: Liz Rice <liz@lizrice.com>
2019-12-20 12:17:00 +00:00
Zeid Marouf
299ab36a13 doc: fix ECR image build instructions for EKS mode (#531) 2019-12-20 12:00:38 +00:00
Roberto Rojas
9fc13ca02e
Fixes Issue #538 (#539)
* Adds openshift to autodetect node type

* detect okd node units

* OCP fixes
2019-12-13 11:04:58 -05:00
Roberto Rojas
13193d75b0
Fixes Issue #535 (#537)
* isEtcd should not run on openshift 3.10/3.11

* adds openssl

* fixed tests

* fixes bugs

* adds isEtcd tests
2019-12-13 10:09:30 -05:00
Roberto Rojas
62af68f3f5
fixes issue #536 (#540) 2019-12-12 16:51:35 -05:00
Huang Huang
4a07f87e6f Fix remediations about file permission (#534)
* Fix remediation of 2.2.3 in cis-1.3

* Fix remediation of 4.1.1 in cis-1.5
2019-12-10 13:57:07 -05:00
Mateus Caruccio
6e1c39237a Openshift configs (#526)
* Adds openshift to autodetect node type

* detect okd node units
2019-12-09 09:07:44 -05:00
Roberto Rojas
af976e6f50
Fixes Issue #494 - add tests for CIS 1.5 (#530)
* Initial commit.

* Add master and node config.

* Add section 5 of CIS 1.5.1.

* Split sections into section files

* Fix YAML issues.

* adds target translation

* adds target translation

* adds cis-1.5 mapping

* fixed tests

* fixes are per PR

* fixed intergration test

* integration kind test file to appropriate ks8 version

* fixed etcd text

* fixed README

* fixed text

* etcd: fixed grep path

* etcd: fixes

* fixed error message bug

* Update README.md

Co-Authored-By: Liz Rice <liz@lizrice.com>

* Update README.md

Co-Authored-By: Liz Rice <liz@lizrice.com>

* fixes as per PR review
2019-12-05 15:55:44 -05:00
Huang Huang
7015f4b4b5 Fix remediation of 2.2.3 (#527) 2019-12-04 07:06:50 -08:00
Liz Rice
f2caa1f0ec
Add run subcommand (#529)
* test: fix TestGetConfigFilePath

This test wasn't correctly creating the test file due to the wrong directory permissions on the temp file. This wasn't detected due to a lack of error checking.

Also, the code was only checking for file not exist rather than lack of permission to read file (or any other error).

The combination of these two things means the test wasn't checking what it thought it was checking, and passed more by luck than judgment.

* add getYamlFilesFromDir

* add getTestYamlFiles and test

* docs: Update master / node help text

* return path + filename from getYamlFilesFromDir

* subcommand run to run specific section files
2019-12-02 15:40:44 +00:00
Roberto Rojas
8780e5cb59 adds kube-bench version to docker build hook (#524) 2019-11-27 20:06:42 +00:00
gy741
230d286708 Use COPY instead of ADD in Dockerfile (#502) 2019-11-27 11:25:19 -05:00
Roberto Rojas
9c6d4de860 Issue #421: Merges PR #422 with master (#523)
* Add kubeconfig location of kube-proxy for AKS

* Add job for AKS node

* Automate ca file permission check

* removed job-aks.yaml as other PRs added needed features

* fixed integration test due to merge changes
2019-11-27 15:30:29 +00:00
Roberto Rojas
e2f61fad13
Fixes issue #391: Replaced calling docker directly by using "make build-docker" (#522)
replaced calling docker directly by using "make build-docker"
2019-11-26 08:20:05 -08:00
Roberto Rojas
47c5661034
Fixes issue #439: Adds integration testing using KIND (#520)
* Fixes issue #439: Adds integration testing using KIND

* try integration tests

* started using ticker and timeouts

* trying built container image

* adds load image into KIND

* adds comparison

* fixes as per PR review
2019-11-16 09:39:47 -05:00
John Schnake
6ffd382711 Add option to output in JUnit format (#516)
If running these checks in a CI system it may be beneficial
to output in a more standardized format such as JUnit for
parsing by other tools in a consistent manner.

Fixes #460

Signed-off-by: John Schnake <jschnake@vmware.com>
2019-11-13 08:03:04 -05:00
Roberto Rojas
b92d30bd11 Fixes issue #517: Determines Kubernetes version using the REST API (#518)
* Fixes issue #517: Determines Kubernetes version using the REST API

* fixes

* fixes

* adds tests

* fixes

* added more tests

* kubernetes_version_test: Add a missing case for invalid certs

Signed-off-by: Simarpreet Singh <simar@linux.com>

* kubernetes_version_test: Remove un-needed casts

Signed-off-by: Simarpreet Singh <simar@linux.com>

* fixes as per PR review

* fixes as per PR review
2019-11-12 13:47:42 -08:00
Liz Rice
9a950d2d9a
docs: Note about not changing license etc (#514) 2019-11-06 16:44:14 +01:00
Jonathan Rau
51aa10e354 Update EKS Config & Create EKS Guide (#489)
* Change EKS Readme

* Fix readme formatting

* Update README.md

Co-Authored-By: Liz Rice <liz@lizrice.com>

* Update README.md

Co-Authored-By: Liz Rice <liz@lizrice.com>

* Update README.md
2019-11-06 07:34:43 +01:00
Sebastian Ehmann
56fa231376 Remove nil check (#493)
As the length of a nil slice is defined as 0, the nil check is
redundand. (suggested by golanci-lint/gosimple)
2019-11-05 20:23:31 -05:00
Sebastian Ehmann
09fb3c4fe4 Check error before deferring db.Close() (#491) 2019-11-05 20:17:03 -05:00
Sebastian Ehmann
b9be7daa4a Directly convert buffer to string (#492)
Using `buf.String()` instead of `fmt.Sprintf` is simpler
2019-11-05 20:07:41 -05:00
Liz Rice
d7b5422e8a Fix detection of encryption-provider-config (#513)
Fixes: https://github.com/aquasecurity/kube-bench/issues/420

Signed-off-by: Manuel Rüger <manuel@rueg.eu>
2019-11-05 19:45:40 -05:00
Soumyadeep Sinha
8e4da53006 Fixed some typos (#446)
* Fixed some typos

* Fixed some typos

* Fixed typo and capitalization of Kubernetes

* Update README.md

Co-Authored-By: Liz Rice <liz@lizrice.com>

* Update README.md

Co-Authored-By: Liz Rice <liz@lizrice.com>

* Update docs/README.md

Co-Authored-By: Liz Rice <liz@lizrice.com>

* Update docs/README.md

Co-Authored-By: Liz Rice <liz@lizrice.com>

* Update README.md

Co-Authored-By: Liz Rice <liz@lizrice.com>

* Update docs/README.md

Co-Authored-By: Liz Rice <liz@lizrice.com>

* docs: trivial, reinstate capital K

* docs: trivial, reinstate backticks

* docs: trivial, reinstate "in order" for clarity

* docs: trivial, reinstate capital K
2019-11-05 14:59:29 -08:00
Roberto Rojas
7ca438b618
Fixes Issue 269 - Numbering to use CIS Versions (#511)
* starting benchmark flag

* Revert "starting benchmark flag"

This reverts commit 58fc948626.

* fixes issue #269

* add more unit tests

* fix bug

* Update cmd/common.go

Co-Authored-By: Liz Rice <liz@lizrice.com>

* fixes as per PR review

* fixes as per PR review

* adds more tests

* fixed tests

* changes as per PR Review

* changes as per PR Review

* updated README

* Update README.md

Co-Authored-By: Liz Rice <liz@lizrice.com>

* Update README.md

Co-Authored-By: Liz Rice <liz@lizrice.com>

* Update README.md

Co-Authored-By: Liz Rice <liz@lizrice.com>

* Update README.md

Co-Authored-By: Liz Rice <liz@lizrice.com>

* changes are per PR review
2019-11-05 16:31:27 -05:00
mwwolters
8276e521d4 Changed 1.3.3 to check that --use-service-account-credentials isn't set to false, but the flag is set (#442) 2019-11-05 21:29:16 +01:00
Roberto Rojas
d5a02f7cb4
Fixes Issue #331: Changes the Error Message When Programs are Missing (#497)
* changed error description for missing kubectl/kubelet execs

* adds function to generate error message for missing components

* adds function to generate error message for missing components

* adds function to generate error message for missing components

* Update cmd/util.go

Co-Authored-By: Liz Rice <liz@lizrice.com>

* Update cmd/util.go

Co-Authored-By: Liz Rice <liz@lizrice.com>

* Update cmd/util.go

Co-Authored-By: Liz Rice <liz@lizrice.com>

* Update cmd/util.go

Co-Authored-By: Liz Rice <liz@lizrice.com>

* Update cmd/util.go

Co-Authored-By: Liz Rice <liz@lizrice.com>

* fixed error message

* changes are per PR review
2019-11-05 10:44:57 -05:00
Roberto Rojas
13fe1cdfb8 Fixes issue #501: specifying absolute path for both ps and cat (#508)
* fixes issue #501

* specify abolute path for ps and cat
2019-11-01 13:10:52 +00:00
Nando Theessen
91bd47f296 Fixes job-eks.yaml to not fail on startup (#461) 2019-10-25 20:31:57 -04:00
Kevin W Monroe
04946a48fb add snap component paths to default config (#414) 2019-10-25 20:19:56 -04:00
Prem Kumar
01ee110ac4 Fix repetitive flags in some ocp-3.11 tests (#462)
* fix flag repetition in ocp-3.11/node.yaml

* fix flag repetition in ocp-3.11/master.yaml
2019-10-25 20:12:56 -04:00
michizhou
b0abc74350 Fixed documentation errors (#450) 2019-10-25 11:58:41 -07:00
DarthSett
bea820bdfe Improve CONTRIBUTING.md (#483)
Fixed the grammar as per the issue [#472 ](https://github.com/aquasecurity/kube-bench/issues/472)
2019-10-24 14:20:22 -07:00
Arpit Pandey
ce0137a31a Fix few typos (#469) 2019-10-24 14:05:13 -07:00
Saiyam Pathak
39d9ef9d37 usr-bin volume mount not required (#424)
usr-bin volume mount not required as using kubelet version in command
2019-10-24 14:49:33 +01:00
Alexey Pyltsyn
7a2cc3f554 Improve docs (#437) 2019-10-24 09:15:29 +01:00
Sidhya Tikku
bf383ec1f7 Added .DS_Store and thumbs.db to .gitignore (#463)
* Delete .DS_Store

* Update .gitignore
2019-10-24 09:04:13 +01:00
PARAM MITTAL
5f647d6a36 Fix typo in Contributing file (#471) 2019-10-24 08:57:32 +01:00
John Schnake
2657c2f96f Use newer kind load docker-image command (#459)
Updates the logic for `kind-push` in the makefile to use
the new, simple command provided by kind.

Fixes #458
2019-10-23 12:15:02 -07:00
Mohan Sha
b009520ea3 Added table of contents for navigation (#455) 2019-10-23 19:08:04 +01:00
Nikita Titov
146de15c2e removed deprecated field in Travis config (#452) 2019-10-23 18:45:10 +01:00
Simarpreet Singh
d77eab2234
master.yaml: Add --audit-policy-file check for 1.1.37. (#440)
* master.yaml: Add --audit-policy-file check for 1.1.37.

Signed-off-by: Simarpreet Singh <simar@linux.com>

* fix-177: fix line endings

Signed-off-by: Simarpreet Singh <simar@linux.com>
2019-10-18 13:23:23 -07:00
Itay Shakury
3964377a80
add contribution guidelines (#454) 2019-10-16 17:51:33 +03:00
Liz Rice
1b49050974 docs: Clarify the meaning of WARN state (#430)
* docs: Clarify the meaning of WARN state

* Update README.md
2019-10-15 10:04:18 -04:00
Simarpreet Singh
d12a45bba9 Properly initialize viper library when checking for master components (#434)
* common_test: Add a failing test to show the SISEGV

Signed-off-by: Simarpreet Singh <simar@linux.com>

* common: Go green by fixing isMaster() to instantiate viper

Signed-off-by: Simarpreet Singh <simar@linux.com>

* common: Inject a seam for getBinariesFunc to be patched-in.

Also adds additional tests to showcase unhappy behaviors.

Signed-off-by: Simarpreet Singh <simar@linux.com>

* common_test: Rename TestIsMaster()

Signed-off-by: Simarpreet Singh <simar@linux.com>

* common: init viper with master config

Signed-off-by: Simarpreet Singh <simar@linux.com>

* common: Add a pre-check if valid yaml is passed but doesn't include master.

Also adds additional tests to showcase unhappy behaviors.

Signed-off-by: Simarpreet Singh <simar@linux.com>

* mod: Upgrade viper to v1.4.0

Signed-off-by: Simarpreet Singh <simar@linux.com>

* common: Refactor node only yaml to a file

Signed-off-by: Simarpreet Singh <simar@linux.com>

* common: Log  when master components are not found

Signed-off-by: Simarpreet Singh <simar@linux.com>

* common_test: Refactor subtests into a table

Signed-off-by: Simarpreet Singh <simar@linux.com>
2019-10-14 11:15:08 -04:00
Roberto Rojas
a6ee61fd08
Fixes issue #289: removed versions prior to 1.11 (#429)
* removed version prior to 1.11

* removed references to kubernetes versions prior to 1.11
2019-10-14 10:52:43 -04:00
Roberto Rojas
3aa41db166
Issue #353: Merges JSON and Exec Params files (#426)
* starts fixes #353

* new approach to minize duplications

* applied merged yaml files for v1.11 and v1.13

* yaml files json/params merged

* fixes to remove double quotes from numbers and booleans

* fixed bug

* fixed certificate check

* removed -json files

* changes based on PR review

* Update check/check_test.go

Yay more tests!

Co-Authored-By: Liz Rice <liz@lizrice.com>

* changes as PR review

* fixed bug when scored check is missing tests

* attempt to improve the code

* fixed list breaks

* removes handleError function

* Update check/check.go

Accepting suggested log level.

Co-Authored-By: Liz Rice <liz@lizrice.com>
2019-10-14 10:37:10 -04:00
Roberto Rojas
c22f81610d
removes federated (#431) 2019-10-12 19:00:26 -04:00