Abubakr-Sadik Nii Nai Davis
086bb629db
Add 640 to permission checks.
7 years ago
Abubakr-Sadik Nii Nai Davis
e6f2b4d4fe
Add config checks for permissions stricter that 644 to definition files.
7 years ago
Liz Rice
34f8b8e980
Simplify verifying binaries and config files
7 years ago
Liz Rice
86d49b1b1a
We don’t care whether the binaries are in our path or not, just whether they are running
7 years ago
Liz Rice
aee2081d73
Merge pull request #35 from aquasecurity/roadmap-1
...
Update README.md
7 years ago
Abubakr-Sadik Nii Nai Davis
7c7d477d78
Import os to fix issue in previous merge commit.
7 years ago
Abubakr-Sadik Nii Nai Davis
dddea28713
Merge branch 'master' into issue-25
7 years ago
Abubakr-Sadik Nii Nai Davis
0933fa420b
Add new tests and clean up old tests.
7 years ago
Abubakr-Sadik Nii Nai Davis
d2fa9d35b6
Rewrite audit commands in the check definition that contain shell builtins
...
and modify text to command function to support this.
Shell builtins fail the binary command lookup test which result in a
WARN. Audit commands which include shell builtins must use the form:
"/bin/sh -c 'sh-builtin arg'"
So they are executed properly. Additionally Go will fail to execute
commands involving shell builtins if they are not in the above format.
7 years ago
Liz Rice
4e17e3b3d5
Update README.md
7 years ago
Liz Rice
45cf25e007
Merge pull request #34 from aquasecurity/kubectl-version
...
Use kubectl to check the kubernetes version
7 years ago
Liz Rice
96c469669c
Use kubectl to check the kubernetes version
7 years ago
Liz Rice
50cce99daf
Merge pull request #33 from aquasecurity/owners
...
Create OWNERS
7 years ago
Liz Rice
dee64c30ae
Create OWNERS
7 years ago
Liz Rice
0bbc867396
Merge pull request #32 from aquasecurity/issue-19-2
...
Issue 19, take 2
7 years ago
Liz Rice
767e8eb835
Sorting out the bad merge
7 years ago
Abubakr-Sadik Nii Nai Davis
9c07527069
Remove misleading comment about manual checks in node check definition.
7 years ago
Abubakr-Sadik Nii Nai Davis
c39516581b
Add master node manual check definitions.
7 years ago
Abubakr-Sadik Nii Nai Davis
09ca739dc0
Add check type manual.
...
Results of manual checks are forced to WARN to inform users to check manually.
7 years ago
Liz Rice
16fbf084e9
Merge pull request #31 from aquasecurity/revert-30-issue-19
...
Revert "Issue 19"
7 years ago
Liz Rice
b5f4876138
Revert "Issue 19"
7 years ago
Liz Rice
ffeb33defd
Merge pull request #30 from ttousai/issue-19
...
Issue 19
7 years ago
Liz Rice
cf5f025593
Merge branch 'master' into issue-19
7 years ago
Liz Rice
2b4047a3c1
Merge pull request #28 from ttousai/errorhandling
...
Improve error handling.
7 years ago
Abubakr-Sadik Nii Nai Davis
7bb66dd2da
Rename warning printing functions.
...
printlnWarn: prints warning with a newline.
sprintWarn: returns an optionally contextualized warning string.
7 years ago
Abubakr-Sadik Nii Nai Davis
9c563b0987
Remove misleading comment about manual checks in node check definition.
7 years ago
Abubakr-Sadik Nii Nai Davis
29122b82ad
Add master node manual check definitions.
7 years ago
Abubakr-Sadik Nii Nai Davis
43c1470c0e
Add check type manual.
...
Results of manual checks are forced to WARN to inform users to check manually.
7 years ago
Abubakr-Sadik Nii Nai Davis
82c92e0078
Change function name to be clearer about the fact it returns a string.
7 years ago
Liz Rice
1c58dfefbb
Revert "Add Docker build & push to Travis job" - it's already being built on Docker Hub!
...
This reverts commit b339a753b5
.
7 years ago
Liz Rice
b339a753b5
Add Docker build & push to Travis job
7 years ago
Liz Rice
21b7d8d9d6
Merge pull request #24 from ttousai/issue-19
...
Update controls to CIS Kubernetes Benchmark v1.1.0
7 years ago
Abubakr-Sadik Nii Nai Davis
f88de572f6
Improve error handling.
7 years ago
Abubakr-Sadik Nii Nai Davis
e08e069174
Update controls to CIS Kubernetes Benchmark v1.1.0
7 years ago
Liz Rice
34dd31970a
Update README about installation flag
7 years ago
Liz Rice
a6a784f55f
Merge pull request #18 from ttousai/issue-17
...
Issues #17 , #16
7 years ago
Abubakr-Sadik Nii Nai Davis
f589fd58e1
Add few modifications.
7 years ago
Abubakr-Sadik Nii Nai Davis
3d395994b0
Change environment variable prefix.
7 years ago
Abubakr-Sadik Nii Nai Davis
609c4ff01c
Move kubernetes binaries and config paths to kube-bench config.
7 years ago
Abubakr-Sadik Nii Nai Davis
2ee99eca64
Add support for various installation modes, hyperkube, kubeadm and kops.
...
Issue #17 .
7 years ago
Abubakr-Sadik Nii Nai Davis
bd53529387
Fix issue #16 about supporting verbosity.
7 years ago
Abubakr-Sadik Nii Nai Davis
06466d6573
Fix issue with kubernetes version check, where the master binary is
...
used for all modes including nodes and federated.
7 years ago
Liz Rice
6d26814cf6
Merge pull request #14 from ttousai/issue-7
...
Resolve issue #7 wait: error running audit command exit status 1.
7 years ago
Abubakr-Sadik Nii Nai Davis
dbbafd54a5
Do not exit on command exit, print error message to stderr and continue.
7 years ago
Abubakr-Sadik Nii Nai Davis
b1a76360e7
Do not clutter the output with error messages from commands in the audit pipeline.
7 years ago
Abubakr-Sadik Nii Nai Davis
6ee9bedfb8
Print verification warnings at only one point.
7 years ago
Abubakr-Sadik Nii Nai Davis
2119d119b0
Restore warning messages and dont quit on verification error.
7 years ago
Abubakr-Sadik Nii Nai Davis
e6479afd01
Reset audit commands to ps -ef ... closer to benchmark.
7 years ago
Abubakr-Sadik Nii Nai Davis
e61dcabdfb
Remove extraneous debug commands.
7 years ago
Abubakr-Sadik Nii Nai Davis
d0d9900b29
Resolve issue #7 wait: error running audit command exit status 1.
...
This is caused by a command in the audit pipeline (for example
ps -ef | grep kube-apiserver) failing. The causes of this failure
in my testing is usually a missing config file.
Extensive refactor and correction in verification code to check for
config files and binaries.
Replace joncalhoun/pipes with implementation using exec.Cmds so errors
are visible and can be handled when audit pipeline commands fail.
Change some audit commands
from: ps -ef | grep <cmd> | grep -v
to: ps -C <something> -o comm,args --no-headers
which is simpler to work with.
7 years ago