Maximilian Bischoff
791fbba9e7
Changed 1.1.14 to not fail when flag is not set
...
Added another test item that checks whether --disable-admission-plugins is not set and an "or" bin_op.
This causes check 1.1.14 to be successful when the flag is not set, while still failing when the flag is set and includes the value NamespaceLifecycle
6 years ago
Liz Rice
2d721ed4ad
Merge branch 'master' into rm-space-tls-cipher
6 years ago
Colin GILLE
ffe7ffb3d3
Type: trailing whitespace for rule text
6 years ago
Martin Mosegaard Amdisen
fd120d0adf
Remove spaces in remediation command for tls-cipher-suites
...
Makes it easier to copy-paste the remediation. Matches the other occurences
of tls-cipher-suites in the configuration.
6 years ago
Liz Rice
26e28b8897
Merge branch 'master' into master
6 years ago
Maximilian Bischoff
e81b785bf8
Added missing "=" to master.yaml
...
In the remediation of 1.1.11 the flag --enable-admission-plugins was missing a =
6 years ago
Vladimir Dimov
645d23e1ec
fixing typos 2.1.15
6 years ago
Liz Rice
6e80b6477a
Merge branch 'master' into fix-2.1.8
6 years ago
Abubakr-Sadik Nii Nai Davis
0a5358665e
By default --make-iptables-util-chain is true, so PASS if this flag is not set.
6 years ago
Abubakr-Sadik Nii Nai Davis
4f40a11e84
Change binary op from and to or.
6 years ago
Abubakr-Sadik Nii Nai Davis
c0f56e966a
Fix check 1.1.37.
6 years ago
Nick Perry
e083c8f0a3
Fixes https://github.com/aquasecurity/kube-bench/issues/170
...
Correcting the logic of 1.1.14 for Kubernetes 1.11.
6 years ago
Liz Rice
48489637c5
Merge branch 'master' into fix-1.3.7
6 years ago
Michal Jankowski
9988503223
Fixing 1.3.7 on 1.11 master.
...
With multiple test items operator defaults to "and". In case of 1.3.7
the tests check whether --address flag is either set to 127.0.0.1 or not
set at all. Those conditions cannot be met at the same time.
6 years ago
Michal Jankowski
5f254de415
Fixing checks 2.2.9 and 2.2.10 on 1.11 nodes.
...
Path to kubelet configuration was accidentally prefixed with a dollar
symbol (probably as a result of copying some other test that used
variable name).
After removing the dollar sign from paths both checks pass on conforming
deployment.
6 years ago
Abubakr-Sadik Nii Nai Davis
97623aea05
Update kubernetes node benchmark to check kubelet systemd unitfile.
...
Also clean up the config file for 1.11 a bit.
6 years ago
Abubakr-Sadik Nii Nai Davis
b1369832bc
A few corrections to node tests. ( #2 )
...
* Add a few corrections.
* Add a few corrections to node test file.
6 years ago
Abubakr-Sadik Nii Nai Davis
934b4aef96
Add a few corrections. ( #1 )
6 years ago
noqcks
e85de9e8af
fix simple errors
6 years ago
noqcks
b3a115963b
adding 1.11 config and node checks
6 years ago
noqcks
ba5ec8d4be
adding 1.11 master configuration
6 years ago
Liz Rice
c44e0db97b
Inlcude .manifest extension config files for kops & kubespray
6 years ago
Liz Rice
024b7ed396
Merge branch 'master' into master
6 years ago
Julien Garcia Gonzalez
2073e08363
update 2.2.4 rules
6 years ago
Julien Garcia Gonzalez
db096c9f51
Rule node 2.2.4 is not correct
6 years ago
hutr
d736d10f90
fix sed string for 1.4.12
6 years ago
hutr
50a3725ff2
Merge branch 'master' into master
6 years ago
hutr
468f5fac6e
changes for 1.4.11 and 1.4.2
...
added tests: for 1.4.11 and removed grep -v grep for both
6 years ago
Erwan Miran
182e9b5e01
Addition of missing audit field in 2.2.6 node item
6 years ago
hutr
e4100a4435
fixed grep string for 1.4.11 and 1.4.22
...
check 1.4.11 and 1.4.22 FAIL even when permissions is correct.
6 years ago
Abubakr-Sadik Nii Nai Davis
b10b2bd22e
Merge branch 'master' into fix-typo
6 years ago
Abubakr-Sadik Nii Nai Davis
aa9da13226
Fix a bunch of typos.
6 years ago
Liz Rice
1935c952d6
--request-timeout is a duration
6 years ago
Lee Briggs
d464ab5639
Wrong configuration file
7 years ago
Lee Briggs
165444df60
Test fixes for 1.8
7 years ago
Liz Rice
4b1b2b8762
Merge branch 'master' into master
7 years ago
Liz Rice
fc4fe38bc2
Merge branch 'master' into unnecessary-warning
7 years ago
Konstantin Semenov
961dbeb2b5
Correct sed regex
7 years ago
Konstantinos Karampogias
8fc6904093
Improve etcd data directory extraction
...
- If data-dir is not the last argument, the remaining arguments
are captured preventing the correct checking.
Signed-off-by: Konstantin Semenov <ksemenov@pivotal.io>
7 years ago
Abubakr-Sadik Nii Nai Davis
7fcfb0cf30
Fix issue with etcd checks failing because of using " " instead of "=" to specify value.
...
This issue affects master checks 1.4.11 and 1.4.12.
7 years ago
Abubakr-Sadik Nii Nai Davis
53eb720952
Merge branch 'master' into unnecessary-warning
7 years ago
Abubakr-Sadik Nii Nai Davis
04f044e3b9
Add support for merging general and kubernetes version specific config files.
...
This change unifies all config files, podspecs and unitfiles under
a single component configuration key; `config`.
7 years ago
Liz Rice
d52e326147
Correct test config file typo
7 years ago
Liz Rice
2eb261b94f
Remove odd spacing and line breaks from test config files
7 years ago
Abubakr-Sadik Nii Nai Davis
e227934c88
Add function to get unit files for kubernetes components.
7 years ago
Abubakr-Sadik Nii Nai Davis
6ce0c5bf60
Add function to get pod specs for kubernetes components.
7 years ago
Abubakr-Sadik Nii Nai Davis
8e758bb5e0
Update federated definitions.
7 years ago
Abubakr-Sadik Nii Nai Davis
82e325f96e
Update 1.8 node definition.
7 years ago
Abubakr-Sadik Nii Nai Davis
04f21d1887
Update 1.8 master definition.
7 years ago
Abubakr-Sadik Nii Nai Davis
7663dc87ee
Copy 1.7 benchmark as 1.8.
7 years ago