Maximilian Bischoff
e81b785bf8
Added missing "=" to master.yaml
...
In the remediation of 1.1.11 the flag --enable-admission-plugins was missing a =
6 years ago
Vladimir Dimov
645d23e1ec
fixing typos 2.1.15
6 years ago
Liz Rice
52d6ac717d
Merge pull request #181 from aquasecurity/config-file-location-mount
...
read config files from host /etc
6 years ago
Liz Rice
bdbbe41b69
Also /var
6 years ago
Liz Rice
ba9985047c
read config files from host /etc
...
I don't see how kube-bench can check the permissions on files unless it has access to them on the host, so I think we need to be mounting the /etc directory from the host
6 years ago
Liz Rice
5fe702edbe
Merge pull request #175 from aquasecurity/fix-2.1.8
...
Fix node check 2.1.8
6 years ago
Liz Rice
6e80b6477a
Merge branch 'master' into fix-2.1.8
6 years ago
Liz Rice
e1f5bb1ace
Merge pull request #173 from aquasecurity/fix-1.1.37
...
Fix check 1.1.37.
6 years ago
Liz Rice
6d8788071f
Merge branch 'master' into fix-2.1.8
6 years ago
Liz Rice
f42243e9b5
Merge branch 'master' into fix-1.1.37
6 years ago
Liz Rice
d004acdbba
Merge pull request #174 from johscheuer/correct-readme
...
Correct readme for 1.11 example
6 years ago
Abubakr-Sadik Nii Nai Davis
0a5358665e
By default --make-iptables-util-chain is true, so PASS if this flag is not set.
6 years ago
Abubakr-Sadik Nii Nai Davis
4f40a11e84
Change binary op from and to or.
6 years ago
Johannes M. Scheuermann
b3b3cb819a
Correct readme for 1.11 example
...
Signed-off-by: Johannes M. Scheuermann <joh.scheuer@gmail.com>
6 years ago
Abubakr-Sadik Nii Nai Davis
c0f56e966a
Fix check 1.1.37.
6 years ago
Liz Rice
ed7f6cf3fc
Merge pull request #171 from nickperry/master
...
Fixes https://github.com/aquasecurity/kube-bench/issues/170
6 years ago
Nick Perry
e083c8f0a3
Fixes https://github.com/aquasecurity/kube-bench/issues/170
...
Correcting the logic of 1.1.14 for Kubernetes 1.11.
6 years ago
Liz Rice
77481e8739
Merge pull request #169 from mikekim/fix-1.3.7
...
Fixing 1.3.7 on 1.11 master.
6 years ago
Liz Rice
48489637c5
Merge branch 'master' into fix-1.3.7
6 years ago
Liz Rice
15537cb42b
Merge pull request #168 from mikekim/fix-dollar-in-paths
...
Fixing checks 2.2.9 and 2.2.10 on 1.11 nodes.
6 years ago
Michal Jankowski
9988503223
Fixing 1.3.7 on 1.11 master.
...
With multiple test items operator defaults to "and". In case of 1.3.7
the tests check whether --address flag is either set to 127.0.0.1 or not
set at all. Those conditions cannot be met at the same time.
6 years ago
Michal Jankowski
5f254de415
Fixing checks 2.2.9 and 2.2.10 on 1.11 nodes.
...
Path to kubelet configuration was accidentally prefixed with a dollar
symbol (probably as a result of copying some other test that used
variable name).
After removing the dollar sign from paths both checks pass on conforming
deployment.
6 years ago
Liz Rice
64f4f638e9
Merge pull request #167 from aquasecurity/fix-issue-with-kubelet-config-and-unitfile-checks
...
Fix issue with kubelet config and unitfile checks
6 years ago
Abubakr-Sadik Nii Nai Davis
97623aea05
Update kubernetes node benchmark to check kubelet systemd unitfile.
...
Also clean up the config file for 1.11 a bit.
6 years ago
Abubakr-Sadik Nii Nai Davis
ed21839464
Add getServiceFiles function.
...
The CIS benchmark check for node checks 2 config files for kubelet:
- kubelet config file (kubelet.conf)
- kubelet systemd unitfile (10-kubeadm.conf)
The getServiceFiles function gets candidates for kubelet systemd
unitfile and returns valid untifiles.
6 years ago
Liz Rice
277ec9c823
Merge pull request #163 from noqcks/master
...
Update tests for Kubernetes 1.11 - thank you @noqcks!
6 years ago
Abubakr-Sadik Nii Nai Davis
b1369832bc
A few corrections to node tests. ( #2 )
...
* Add a few corrections.
* Add a few corrections to node test file.
6 years ago
Abubakr-Sadik Nii Nai Davis
934b4aef96
Add a few corrections. ( #1 )
6 years ago
noqcks
e85de9e8af
fix simple errors
6 years ago
noqcks
ded5aff482
update README
6 years ago
noqcks
b3a115963b
adding 1.11 config and node checks
6 years ago
noqcks
e5c05a97f7
updating README with 1.11 updates
6 years ago
noqcks
ba5ec8d4be
adding 1.11 master configuration
6 years ago
Liz Rice
d56afd4104
Merge pull request #159 from lukebond/master
...
Update README.md
6 years ago
Luke Bond
8894b1dc4f
Update README.md
...
Specify `-t` to get colour in the Docker output.
Added a note about mounting kubectl or kubelet to get the version.
6 years ago
Liz Rice
ff59938f94
Merge pull request #155 from bvwells/cis-benchmark-link
...
Add link to CIS kubernetes benchmark
6 years ago
bvwells
cc43fcbb7e
Add link to CIS kubernetes benchmark
6 years ago
Liz Rice
2f4f55a363
Merge pull request #149 from aquasecurity/itai_cis_results
...
Support actual result in json output.
6 years ago
Itai Ben-Natan
e9076233dd
Support actual result in json output.
...
This commit adds the actual value of the result
of the value which was returned by the test.
6 years ago
Liz Rice
b1e41d345f
Merge pull request #147 from aquasecurity/version-fix
...
Shouldn't need kubelet or kubectl if version specified
6 years ago
Liz Rice
ccc2b6c9ae
Shouldn't need kubelet or kubectl if version specified
6 years ago
Liz Rice
668a9e10ce
Merge pull request #141 from aquasecurity/version-default
...
Default version
6 years ago
Liz Rice
8c3bb62dd4
Merge pull request #140 from aquasecurity/manifest-extension
...
Inlcude .manifest extension config files for kops & kubespray
6 years ago
Liz Rice
9d0141871a
Use new utility function for finding correct config files.
...
Improve order of message output
Remove unnecessary local variable
6 years ago
Liz Rice
344d2bfd24
Utility for getting the right config file for the Kubernetes version
6 years ago
Liz Rice
ecd14ed682
File substitutions should be a detailed log
6 years ago
Liz Rice
223ac14642
Don't override version specified on command line
6 years ago
Liz Rice
c44e0db97b
Inlcude .manifest extension config files for kops & kubespray
6 years ago
Liz Rice
0bc004468b
Include .manifest extensions as an option for config files (as used by kops and kubespreay)
6 years ago
Liz Rice
83704a7d89
Merge pull request #134 from hutr/master
...
fix grep string for check 1.4.11 and 1.4.12
6 years ago