Liz Rice
d712db47a2
Only find flags on the process we really want
6 years ago
yoavrotems
82150fdc63
add new config files from the new CIS Kubernetes Benchmark
...
there is a new update at CIS_Kubernetes_Benchmark_v1.4.0 for Kubernetes 1.13
6 years ago
Liz Rice
c824daeb15
Merge pull request #222 from nshauli/search_for_kubelet_binary_when_not_in_path
...
search for the kubelet binary when it is not in the path
6 years ago
nshauli
e93bfc1aac
search for the kubelet binary when it is not in the path
6 years ago
Liz Rice
da09e6513a
Merge pull request #218 from yoavAqua/bugfix-log-warnings-instead-of-print
...
Bugfix: Logging warning instead of printing
6 years ago
Liz Rice
7626dc2705
Merge branch 'master' into bugfix-log-warnings-instead-of-print
6 years ago
Yoav Hizkiahou
082e9cf7e9
Bugfix: Logging warning instead of printing
...
Made all the warnings to be logged and not printed, so when using the json flag the output will be only in json format.
fix #217
6 years ago
Liz Rice
2d4c7e8b42
Merge pull request #212 from aquasecurity/ocp-configs
...
OCP benchmarks and configs
6 years ago
Liz Rice
cd231106cc
Improve comment
...
Tests could easily be marked "skip" because the user doesn't want to run them in their environment, and in this common case the set of tests will be non-nil
6 years ago
Liz Rice
db962a0ad9
Fix merge of skip check
6 years ago
Abubakr-Sadik Nii Nai Davis
911e9051dc
Merge remote-tracking branch 'origin/master' into ocp-configs
6 years ago
Abubakr-Sadik Nii Nai Davis
e899e941f7
Add OCP 3.10 benchmarks.
6 years ago
Weston Steimel
42ed8628de
Only get runningVersion if --version has not been provided
...
Signed-off-by: Weston Steimel <weston.steimel@gmail.com>
6 years ago
Liz Rice
dc8dcfbf8c
Merge pull request #211 from yoavAqua/support-skip-flag
...
Type skip and not scored checks
6 years ago
Yoav Hizkiahou
49f745af8e
Support new check type - skip:
...
If a check is marked with type "skip", it will be marked as Info.
Support scored property:
If a check is not scored and is not marked with type skip, it will be marked as Warn.
6 years ago
Liz Rice
ba437d500a
Merge pull request #206 from westonsteimel/no_runningversion_if_version_set
...
Only get runningVersion if --version has not been provided
6 years ago
Weston Steimel
42f4152058
Only get runningVersion if --version has not been provided
...
Signed-off-by: Weston Steimel <weston.steimel@gmail.com>
6 years ago
Liz Rice
8dabb7dc37
Merge pull request #201 from aquasecurity/yam-comment
...
Comment why we mount /usr/bin
6 years ago
Liz Rice
f2062e81a1
Comment why /usr/bin is mounted
6 years ago
Liz Rice
528bcfbffe
Update job-node.yaml
6 years ago
Liz Rice
3422b9102f
Add comment for why /usr/bin is mounted
6 years ago
Liz Rice
86b126ad2b
Create NOTICE ( #199 )
...
* Create NOTICE
* Update NOTICE
6 years ago
Liz Rice
827945f7fb
Merge pull request #200 from spuder/patch-1
...
warn osx limitation
6 years ago
Liz Rice
79427e185e
Merge branch 'master' into patch-1
6 years ago
Liz Rice
6b9ceae9d4
True for Windows too
6 years ago
Liz Rice
fbd6eb8ff5
Merge pull request #198 from aquasecurity/mount-volumes
...
For #197 - create job YAML files that mount host volumes as needed
6 years ago
Spencer Owen
2a9a02f25b
warn osx limitation
6 years ago
Liz Rice
8021610e46
For #197 - create job YAML files that mount host volumes as needed
6 years ago
Liz Rice
2eef3e8ad2
Merge pull request #193 from maxbischoff/patch-1
...
Changed 1.1.14 to not fail when flag is not set
6 years ago
Maximilian Bischoff
791fbba9e7
Changed 1.1.14 to not fail when flag is not set
...
Added another test item that checks whether --disable-admission-plugins is not set and an "or" bin_op.
This causes check 1.1.14 to be successful when the flag is not set, while still failing when the flag is set and includes the value NamespaceLifecycle
6 years ago
Liz Rice
f6cab11357
Merge pull request #187 from martinmosegaard/doc-kubectl-host-pid
...
Document limitation of running with kubectl
6 years ago
Liz Rice
9f2899027e
Merge branch 'master' into doc-kubectl-host-pid
6 years ago
Liz Rice
313fe038f6
Merge pull request #188 from martinmosegaard/rm-space-tls-cipher
...
Remove spaces in remediation command for tls-cipher-suites
6 years ago
Liz Rice
2d721ed4ad
Merge branch 'master' into rm-space-tls-cipher
6 years ago
Liz Rice
799b928054
Merge pull request #189 from Congelli501/patch-1
...
Typo: trailing whitespace for rule text
6 years ago
Liz Rice
3a662b3ff6
Merge branch 'master' into doc-kubectl-host-pid
6 years ago
Liz Rice
f902b30110
Merge branch 'master' into rm-space-tls-cipher
6 years ago
Liz Rice
b52a88214f
Merge branch 'master' into patch-1
6 years ago
Liz Rice
bfdd921f3d
Merge pull request #190 from Congelli501/patch-2
...
Advise the use to mount /etc & /var read only for docker usage
6 years ago
Colin GILLE
af7ad90477
Advise the use to mount /etc & /var read only for docker usage
6 years ago
Colin GILLE
ffe7ffb3d3
Type: trailing whitespace for rule text
6 years ago
Martin Mosegaard Amdisen
fd120d0adf
Remove spaces in remediation command for tls-cipher-suites
...
Makes it easier to copy-paste the remediation. Matches the other occurences
of tls-cipher-suites in the configuration.
6 years ago
Martin Mosegaard Amdisen
ba03d8f64b
Document limitation of running with kubectl
...
Once the master node recommended check:
1.1.12 Ensure that the admission control plugin DenyEscalatingExec is set
has been followed, it is no longer possible to run kube-bench itself using kubectl.
6 years ago
Liz Rice
21f7902288
Merge pull request #183 from s1lv3r40/master
...
Fixing Node Check - 2.1.15 typos
6 years ago
Liz Rice
26e28b8897
Merge branch 'master' into master
6 years ago
Liz Rice
ae1812b4db
Merge pull request #185 from maxbischoff/patch-1
...
Added missing "=" to master.yaml
6 years ago
Liz Rice
1534a4aea8
Merge branch 'master' into patch-1
6 years ago
Liz Rice
28a57ff1a3
Merge branch 'master' into master
6 years ago
Liz Rice
41fe066039
Merge pull request #186 from seslattery/seslattery-patch-1
...
Fix typo on README.md
6 years ago
Sean Slattery
5ca498cd50
Fix typo on README.md
6 years ago