1
0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-11-26 01:49:28 +00:00
Commit Graph

954 Commits

Author SHA1 Message Date
Liz Rice
af0eadc792 Add a couple more tests for file permission checks 2017-08-15 18:34:07 +01:00
Liz Rice
549adf23bd Merge pull request #36 from ttousai/issue-25
Issue #25
2017-08-15 18:32:29 +01:00
Liz Rice
6b9f117f87 Allow for multiple words in executable names 2017-08-15 17:00:35 +01:00
Abubakr-Sadik Nii Nai Davis
086bb629db Add 640 to permission checks. 2017-08-15 15:56:37 +00:00
Abubakr-Sadik Nii Nai Davis
e6f2b4d4fe Add config checks for permissions stricter that 644 to definition files. 2017-08-15 15:47:01 +00:00
Liz Rice
34f8b8e980 Simplify verifying binaries and config files 2017-08-15 16:44:40 +01:00
Liz Rice
86d49b1b1a We don’t care whether the binaries are in our path or not, just whether they are running 2017-08-15 16:01:27 +01:00
Liz Rice
aee2081d73 Merge pull request #35 from aquasecurity/roadmap-1
Update README.md
2017-08-14 12:58:51 +01:00
Abubakr-Sadik Nii Nai Davis
7c7d477d78 Import os to fix issue in previous merge commit. 2017-08-12 19:10:31 +00:00
Abubakr-Sadik Nii Nai Davis
dddea28713 Merge branch 'master' into issue-25 2017-08-12 19:05:48 +00:00
Abubakr-Sadik Nii Nai Davis
0933fa420b Add new tests and clean up old tests. 2017-08-12 18:54:33 +00:00
Abubakr-Sadik Nii Nai Davis
d2fa9d35b6 Rewrite audit commands in the check definition that contain shell builtins
and modify text to command function to support this.

Shell builtins fail the binary command lookup test which result in a
WARN. Audit commands which include shell builtins must use the form:

   "/bin/sh -c 'sh-builtin arg'"

So they are executed properly. Additionally Go will fail to execute
commands involving shell builtins if they are not in the above format.
2017-08-12 18:41:41 +00:00
Liz Rice
4e17e3b3d5 Update README.md 2017-08-11 18:24:53 +01:00
Liz Rice
45cf25e007 Merge pull request #34 from aquasecurity/kubectl-version
Use kubectl to check the kubernetes version
2017-08-11 18:05:31 +01:00
Liz Rice
96c469669c Use kubectl to check the kubernetes version 2017-08-11 17:59:57 +01:00
Liz Rice
50cce99daf Merge pull request #33 from aquasecurity/owners
Create OWNERS
2017-08-11 16:09:23 +01:00
Liz Rice
dee64c30ae Create OWNERS 2017-08-11 16:06:44 +01:00
Liz Rice
0bbc867396 Merge pull request #32 from aquasecurity/issue-19-2
Issue 19, take 2
2017-08-08 22:26:22 +01:00
Liz Rice
767e8eb835 Sorting out the bad merge 2017-08-08 22:22:47 +01:00
Abubakr-Sadik Nii Nai Davis
9c07527069 Remove misleading comment about manual checks in node check definition. 2017-08-08 22:18:03 +01:00
Abubakr-Sadik Nii Nai Davis
c39516581b Add master node manual check definitions. 2017-08-08 22:17:44 +01:00
Abubakr-Sadik Nii Nai Davis
09ca739dc0 Add check type manual.
Results of manual checks are forced to WARN to inform users to check manually.
2017-08-08 22:17:37 +01:00
Liz Rice
16fbf084e9 Merge pull request #31 from aquasecurity/revert-30-issue-19
Revert "Issue 19"
2017-08-08 22:00:43 +01:00
Liz Rice
b5f4876138 Revert "Issue 19" 2017-08-08 22:00:06 +01:00
Liz Rice
ffeb33defd Merge pull request #30 from ttousai/issue-19
Issue 19
2017-08-07 16:24:08 +01:00
Liz Rice
cf5f025593 Merge branch 'master' into issue-19 2017-08-07 16:23:59 +01:00
Liz Rice
2b4047a3c1 Merge pull request #28 from ttousai/errorhandling
Improve error handling.
2017-08-07 10:06:32 +01:00
Abubakr-Sadik Nii Nai Davis
7bb66dd2da Rename warning printing functions.
printlnWarn: prints warning with a newline.
sprintWarn: returns an optionally contextualized warning string.
2017-08-06 16:59:03 +00:00
Abubakr-Sadik Nii Nai Davis
9c563b0987 Remove misleading comment about manual checks in node check definition. 2017-08-06 16:41:39 +00:00
Abubakr-Sadik Nii Nai Davis
29122b82ad Add master node manual check definitions. 2017-08-06 16:14:41 +00:00
Abubakr-Sadik Nii Nai Davis
43c1470c0e Add check type manual.
Results of manual checks are forced to WARN to inform users to check manually.
2017-08-06 15:29:55 +00:00
Abubakr-Sadik Nii Nai Davis
82c92e0078 Change function name to be clearer about the fact it returns a string. 2017-08-06 14:25:02 +00:00
Liz Rice
1c58dfefbb Revert "Add Docker build & push to Travis job" - it's already being built on Docker Hub!
This reverts commit b339a753b5.
2017-08-03 16:05:27 +01:00
Liz Rice
b339a753b5 Add Docker build & push to Travis job 2017-08-03 15:53:49 +01:00
Liz Rice
21b7d8d9d6 Merge pull request #24 from ttousai/issue-19
Update controls to CIS Kubernetes Benchmark v1.1.0
2017-07-25 09:05:29 +01:00
Abubakr-Sadik Nii Nai Davis
f88de572f6 Improve error handling. 2017-07-25 00:34:07 +00:00
Abubakr-Sadik Nii Nai Davis
e08e069174 Update controls to CIS Kubernetes Benchmark v1.1.0 2017-07-24 17:30:13 +00:00
Liz Rice
34dd31970a Update README about installation flag 2017-07-20 17:33:21 +01:00
Liz Rice
a6a784f55f Merge pull request #18 from ttousai/issue-17
Issues #17, #16
2017-07-17 18:25:53 +01:00
Abubakr-Sadik Nii Nai Davis
f589fd58e1 Add few modifications. 2017-07-13 01:01:18 +00:00
Abubakr-Sadik Nii Nai Davis
3d395994b0 Change environment variable prefix. 2017-07-13 00:24:57 +00:00
Abubakr-Sadik Nii Nai Davis
609c4ff01c Move kubernetes binaries and config paths to kube-bench config. 2017-07-13 00:24:09 +00:00
Abubakr-Sadik Nii Nai Davis
2ee99eca64 Add support for various installation modes, hyperkube, kubeadm and kops.
Issue #17.
2017-07-10 00:15:27 +00:00
Abubakr-Sadik Nii Nai Davis
bd53529387 Fix issue #16 about supporting verbosity. 2017-07-07 17:01:30 +00:00
Abubakr-Sadik Nii Nai Davis
06466d6573 Fix issue with kubernetes version check, where the master binary is
used for all modes including nodes and federated.
2017-07-06 18:31:18 +00:00
Liz Rice
6d26814cf6 Merge pull request #14 from ttousai/issue-7
Resolve issue #7 wait: error running audit command exit status 1.
2017-07-05 16:37:02 +01:00
Abubakr-Sadik Nii Nai Davis
dbbafd54a5 Do not exit on command exit, print error message to stderr and continue. 2017-07-05 12:56:01 +00:00
Abubakr-Sadik Nii Nai Davis
b1a76360e7 Do not clutter the output with error messages from commands in the audit pipeline. 2017-07-04 17:04:43 +00:00
Abubakr-Sadik Nii Nai Davis
6ee9bedfb8 Print verification warnings at only one point. 2017-07-04 16:53:39 +00:00
Abubakr-Sadik Nii Nai Davis
2119d119b0 Restore warning messages and dont quit on verification error. 2017-07-04 15:38:34 +00:00