arno/kube-bench
1
0
Fork 0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-11-22 08:08:07 +00:00
Code Issues Releases Wiki Activity
603 Commits 4 Branches 82 Tags 157 MiB
47c5661034
Commit Graph

603 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Roberto Rojas
47c5661034
Fixes issue #439: Adds integration testing using KIND (#520) 
* Fixes issue #439: Adds integration testing using KIND

* try integration tests

* started using ticker and timeouts

* trying built container image

* adds load image into KIND

* adds comparison

* fixes as per PR review
 2019-11-16 09:39:47 -05:00
John Schnake
6ffd382711 Add option to output in JUnit format (#516) 
If running these checks in a CI system it may be beneficial
to output in a more standardized format such as JUnit for
parsing by other tools in a consistent manner.

Fixes #460

Signed-off-by: John Schnake <jschnake@vmware.com>
 2019-11-13 08:03:04 -05:00
Roberto Rojas
b92d30bd11 Fixes issue #517: Determines Kubernetes version using the REST API (#518) 
* Fixes issue #517: Determines Kubernetes version using the REST API

* fixes

* fixes

* adds tests

* fixes

* added more tests

* kubernetes_version_test: Add a missing case for invalid certs

Signed-off-by: Simarpreet Singh <simar@linux.com>

* kubernetes_version_test: Remove un-needed casts

Signed-off-by: Simarpreet Singh <simar@linux.com>

* fixes as per PR review

* fixes as per PR review
 2019-11-12 13:47:42 -08:00
Liz Rice
9a950d2d9a
docs: Note about not changing license etc (#514) 2019-11-06 16:44:14 +01:00
Jonathan Rau
51aa10e354 Update EKS Config & Create EKS Guide (#489) 
* Change EKS Readme

* Fix readme formatting

* Update README.md

Co-Authored-By: Liz Rice <liz@lizrice.com>

* Update README.md

Co-Authored-By: Liz Rice <liz@lizrice.com>

* Update README.md
 2019-11-06 07:34:43 +01:00
Sebastian Ehmann
56fa231376 Remove nil check (#493) 
As the length of a nil slice is defined as 0, the nil check is
redundand. (suggested by golanci-lint/gosimple)
 2019-11-05 20:23:31 -05:00
Sebastian Ehmann
09fb3c4fe4 Check error before deferring db.Close() (#491) 2019-11-05 20:17:03 -05:00
Sebastian Ehmann
b9be7daa4a Directly convert buffer to string (#492) 
Using `buf.String()` instead of `fmt.Sprintf` is simpler
 2019-11-05 20:07:41 -05:00
Liz Rice
d7b5422e8a Fix detection of encryption-provider-config (#513) 
Fixes: https://github.com/aquasecurity/kube-bench/issues/420

Signed-off-by: Manuel Rüger <manuel@rueg.eu>
 2019-11-05 19:45:40 -05:00
Soumyadeep Sinha
8e4da53006 Fixed some typos (#446) 
* Fixed some typos

* Fixed some typos

* Fixed typo and capitalization of Kubernetes

* Update README.md

Co-Authored-By: Liz Rice <liz@lizrice.com>

* Update README.md

Co-Authored-By: Liz Rice <liz@lizrice.com>

* Update docs/README.md

Co-Authored-By: Liz Rice <liz@lizrice.com>

* Update docs/README.md

Co-Authored-By: Liz Rice <liz@lizrice.com>

* Update README.md

Co-Authored-By: Liz Rice <liz@lizrice.com>

* Update docs/README.md

Co-Authored-By: Liz Rice <liz@lizrice.com>

* docs: trivial, reinstate capital K

* docs: trivial, reinstate backticks

* docs: trivial, reinstate "in order" for clarity

* docs: trivial, reinstate capital K
 2019-11-05 14:59:29 -08:00
Roberto Rojas
7ca438b618
Fixes Issue 269 - Numbering to use CIS Versions (#511) 
* starting benchmark flag

* Revert "starting benchmark flag"

This reverts commit 58fc948626.

* fixes issue #269

* add more unit tests

* fix bug

* Update cmd/common.go

Co-Authored-By: Liz Rice <liz@lizrice.com>

* fixes as per PR review

* fixes as per PR review

* adds more tests

* fixed tests

* changes as per PR Review

* changes as per PR Review

* updated README

* Update README.md

Co-Authored-By: Liz Rice <liz@lizrice.com>

* Update README.md

Co-Authored-By: Liz Rice <liz@lizrice.com>

* Update README.md

Co-Authored-By: Liz Rice <liz@lizrice.com>

* Update README.md

Co-Authored-By: Liz Rice <liz@lizrice.com>

* changes are per PR review
 2019-11-05 16:31:27 -05:00
mwwolters
8276e521d4 Changed 1.3.3 to check that --use-service-account-credentials isn't set to false, but the flag is set (#442) 2019-11-05 21:29:16 +01:00
Roberto Rojas
d5a02f7cb4
Fixes Issue #331: Changes the Error Message When Programs are Missing (#497) 
* changed error description for missing kubectl/kubelet execs

* adds function to generate error message for missing components

* adds function to generate error message for missing components

* adds function to generate error message for missing components

* Update cmd/util.go

Co-Authored-By: Liz Rice <liz@lizrice.com>

* Update cmd/util.go

Co-Authored-By: Liz Rice <liz@lizrice.com>

* Update cmd/util.go

Co-Authored-By: Liz Rice <liz@lizrice.com>

* Update cmd/util.go

Co-Authored-By: Liz Rice <liz@lizrice.com>

* Update cmd/util.go

Co-Authored-By: Liz Rice <liz@lizrice.com>

* fixed error message

* changes are per PR review
 2019-11-05 10:44:57 -05:00
Roberto Rojas
13fe1cdfb8 Fixes issue #501: specifying absolute path for both ps and cat (#508) 
* fixes issue #501

* specify abolute path for ps and cat
 2019-11-01 13:10:52 +00:00
Nando Theessen
91bd47f296 Fixes job-eks.yaml to not fail on startup (#461) 2019-10-25 20:31:57 -04:00
Kevin W Monroe
04946a48fb add snap component paths to default config (#414) 2019-10-25 20:19:56 -04:00
Prem Kumar
01ee110ac4 Fix repetitive flags in some ocp-3.11 tests (#462) 
* fix flag repetition in ocp-3.11/node.yaml

* fix flag repetition in ocp-3.11/master.yaml
 2019-10-25 20:12:56 -04:00
michizhou
b0abc74350 Fixed documentation errors (#450) 2019-10-25 11:58:41 -07:00
DarthSett
bea820bdfe Improve CONTRIBUTING.md (#483) 
Fixed the grammar as per the issue [#472 ](https://github.com/aquasecurity/kube-bench/issues/472)
 2019-10-24 14:20:22 -07:00
Arpit Pandey
ce0137a31a Fix few typos (#469) 2019-10-24 14:05:13 -07:00
Saiyam Pathak
39d9ef9d37 usr-bin volume mount not required (#424) 
usr-bin volume mount not required as using kubelet version in command
 2019-10-24 14:49:33 +01:00
Alexey Pyltsyn
7a2cc3f554 Improve docs (#437) 2019-10-24 09:15:29 +01:00
Sidhya Tikku
bf383ec1f7 Added .DS_Store and thumbs.db to .gitignore (#463) 
* Delete .DS_Store

* Update .gitignore
 2019-10-24 09:04:13 +01:00
PARAM MITTAL
5f647d6a36 Fix typo in Contributing file (#471) 2019-10-24 08:57:32 +01:00
John Schnake
2657c2f96f Use newer kind load docker-image command (#459) 
Updates the logic for `kind-push` in the makefile to use
the new, simple command provided by kind.

Fixes #458
 2019-10-23 12:15:02 -07:00
Mohan Sha
b009520ea3 Added table of contents for navigation (#455) 2019-10-23 19:08:04 +01:00
Nikita Titov
146de15c2e removed deprecated field in Travis config (#452) 2019-10-23 18:45:10 +01:00
Simarpreet Singh
d77eab2234
master.yaml: Add --audit-policy-file check for 1.1.37. (#440) 
* master.yaml: Add --audit-policy-file check for 1.1.37.

Signed-off-by: Simarpreet Singh <simar@linux.com>

* fix-177: fix line endings

Signed-off-by: Simarpreet Singh <simar@linux.com>
 2019-10-18 13:23:23 -07:00
Itay Shakury
3964377a80
add contribution guidelines (#454) 2019-10-16 17:51:33 +03:00
Liz Rice
1b49050974 docs: Clarify the meaning of WARN state (#430) 
* docs: Clarify the meaning of WARN state

* Update README.md
 2019-10-15 10:04:18 -04:00
Simarpreet Singh
d12a45bba9 Properly initialize viper library when checking for master components (#434) 
* common_test: Add a failing test to show the SISEGV

Signed-off-by: Simarpreet Singh <simar@linux.com>

* common: Go green by fixing isMaster() to instantiate viper

Signed-off-by: Simarpreet Singh <simar@linux.com>

* common: Inject a seam for getBinariesFunc to be patched-in.

Also adds additional tests to showcase unhappy behaviors.

Signed-off-by: Simarpreet Singh <simar@linux.com>

* common_test: Rename TestIsMaster()

Signed-off-by: Simarpreet Singh <simar@linux.com>

* common: init viper with master config

Signed-off-by: Simarpreet Singh <simar@linux.com>

* common: Add a pre-check if valid yaml is passed but doesn't include master.

Also adds additional tests to showcase unhappy behaviors.

Signed-off-by: Simarpreet Singh <simar@linux.com>

* mod: Upgrade viper to v1.4.0

Signed-off-by: Simarpreet Singh <simar@linux.com>

* common: Refactor node only yaml to a file

Signed-off-by: Simarpreet Singh <simar@linux.com>

* common: Log  when master components are not found

Signed-off-by: Simarpreet Singh <simar@linux.com>

* common_test: Refactor subtests into a table

Signed-off-by: Simarpreet Singh <simar@linux.com>
 2019-10-14 11:15:08 -04:00
Roberto Rojas
a6ee61fd08
Fixes issue #289: removed versions prior to 1.11 (#429) 
* removed version prior to 1.11

* removed references to kubernetes versions prior to 1.11
 2019-10-14 10:52:43 -04:00
Roberto Rojas
3aa41db166
Issue #353: Merges JSON and Exec Params files (#426) 
* starts fixes #353

* new approach to minize duplications

* applied merged yaml files for v1.11 and v1.13

* yaml files json/params merged

* fixes to remove double quotes from numbers and booleans

* fixed bug

* fixed certificate check

* removed -json files

* changes based on PR review

* Update check/check_test.go

Yay more tests!

Co-Authored-By: Liz Rice <liz@lizrice.com>

* changes as PR review

* fixed bug when scored check is missing tests

* attempt to improve the code

* fixed list breaks

* removes handleError function

* Update check/check.go

Accepting suggested log level.

Co-Authored-By: Liz Rice <liz@lizrice.com>
 2019-10-14 10:37:10 -04:00
Roberto Rojas
c22f81610d
removes federated (#431) 2019-10-12 19:00:26 -04:00
Roberto Rojas
91dfeb7577
passes KUBEBENCH_VERSION down to Dockerfile (#428) 2019-10-12 18:53:17 -04:00
Roberto Rojas
4416e46967
Adds Unit Tests for check/toNumeric (#401) 
* fixes issue #364

* fixed unit test error text
 2019-10-12 18:46:19 -04:00
James George
050145f6b3 docs: minor tweak (#438) 2019-10-11 15:47:10 +01:00
yoavrotems
89afda1f63 Add [Manual test] to remediation in all the manual tests (#435) 2019-10-09 16:26:02 +01:00
Simarpreet Singh
37f626dce6 cfg: Make proxy checks optional (#436) 
Signed-off-by: Simarpreet Singh <simar@linux.com>
 2019-10-08 11:53:39 +01:00
Liz Rice
16beb3e616
docs: note that you may need to be root (#412) 2019-09-21 15:07:16 +01:00
yoavrotems
27261d1d32 Change Kind version (#411) 
Something with the old version was crashing. now using the most recent one 1.15.3 is working.
 2019-09-03 13:42:07 +01:00
Roberto Rojas
41e0ae77de changes to use the "op: valid_elements" operation to manage list of items (#402) 2019-09-03 13:36:47 +01:00
yoavrotems
ea9089bd42 update the yaml according (#410) 
The update is from the new cis version 1.4.1.
like been done in https://github.com/aquasecurity/kube-bench/issues/370
 2019-09-02 16:40:45 +01:00
Roberto Rojas
ec3b1076c0 Fixes issue #407 (#409) 
* fixes issue #407

* fixes issue #407
 2019-08-30 17:33:14 +01:00
Roberto Rojas
13dfa15ad6 Fixes Issue #396 - Replaces $kubeletconf for $kubeletsvc (#399) 
* fixes issue #396

* reverts remediation text change

* changes to 1.11-json and 1.13-json as per PR review

* Tiny typo
 2019-08-30 15:21:41 +01:00
Liz Rice
a2466da4b0
Correct 1.1.13 to match CIS spec (#406) 
Text should say Not Scored
 2019-08-30 15:10:30 +01:00
Liz Rice
d0d4e95d93
Updated version support (#385) 
Strictly, we don't have the changes in 1.13-json but we do have them in 1.13
 2019-08-30 12:09:11 +01:00
Roberto Rojas
7a53806863 fixes issue #346 by explicitly only checking read-only property (#404) 2019-08-30 08:56:48 +01:00
yoavrotems
4b5a877f1f Remove some tests from been manual (#398) 
* Remove some tests from been manual

* Remove some tests from been manual
 2019-08-29 08:54:29 +01:00
Roberto Rojas
f343d36862 hyperkube v1.15 renamed "proxy" to "kube-proxy" (#400) 2019-08-28 16:53:48 +01:00