Borko
f213918552
Updated documentation with section on downloading and installing kube-bench on Linux. ( #716 )
...
Added section on manually downloading and installing kube-bench
4 years ago
Neha Viswanathan
82421e5838
retire cis 1.3 and 1.4 ( #693 )
4 years ago
yoavrotems
7280438eb5
Add cis 1.6 ( #678 )
...
* Add new cis version yamls
Add new cis version yamls
* Add new cis version yamls
* Add cis-1.6 to versions table
* support version mapping cis-1.6
* support version mapping cis-1.6
* Update controlplane.yaml
* Update etcd.yaml
* Update node.yaml
* Update policies.yaml
* Create job.data
* Create job-node.data
* Create job-master.data
* Create add-tls-kind.yaml
* Change node version to 1.15.0
* Add tests for cis-1.6
* Delete node_only.yaml
* Change tests 1.1.19-1.1.21
Change 1.1.19-1.1.21 because failing tests
* Update job.data
* Update job-master.data
* Update job-master.data
* Update job.data
* fix 1.2.35 remediation
tabs instead of spaces
* Update job-master.data
* Remove extra space
* Update job.data
* Create node_only.yaml
* Add tests for cis-1.6
Add tests for cis-1.6 and change some from 1,5 to 1.6
* Fix typo
* Add mapping for cis-1.6
* Remove extra space in 1.2.35 remediation
* Update job.data
* Update job-master.data
* Fix type 1.2.35
* Remove trailing spaces
* Remove trailing spaces
* Remove trailing spaces
* Remove trailing spaces
* Add version 1.19 kubernetes support
* Add version 1.19 kubernetes support
* Add version 1.19 kubernetes support
4 years ago
Liz Rice
1899f26bc1
Note about OpenShift OCP 4.* ( #700 )
...
- Add note about why we don't support OCP 4.*
- Move GKE & OpenShift sub-sections next to EKS and AKS
- Minor corrections
4 years ago
Huang Huang
456d9b62e2
Default log output to stderr ( #696 )
4 years ago
Liz Rice
a8a59d3bd8
docs: more clarification on output states ( #691 )
4 years ago
Huang Huang
2d548597ae
Support CIS v1.5.1 ( #673 )
4 years ago
Matthieu ANTOINE
ea4eaa6fd5
Fix supported targets for EKS benchmark ( #648 )
...
* Fix supported targets for EKS benchmark
* docs: heading at wrong level in README
* docs: remove duplicate TOC heading
* Fix invalid argument for gem install
Co-authored-by: Liz Rice <liz@lizrice.com>
4 years ago
Liz Rice
4e00954485
docs: add Troubleshooting ( #638 )
...
* docs: add Troubleshooting
Adding basic instructions for running with debug logs
* docs: remember --logtostderr
* docs: note about cfg requirement
Note that installing a binary release is not sufficient - you also need the config and test files
Fixes #613
4 years ago
Paavan
20ec5d14f2
added eks-1.0 cfg and modified job-eks.yaml for node checks ( #639 )
...
* added eks-1.0 cfg and modified job-eks.yaml for node checks
* fixed yamllint errors and README updates
4 years ago
Neha Viswanathan
2cf2876a10
Update `Running in an EKS cluster` documentation ( #621 )
...
Co-authored-by: Neha Viswanathan <nviswanathan@axway.com>
Co-authored-by: Liz Rice <liz@lizrice.com>
4 years ago
Craig Jellick
305283f9d4
Fix OpenShift table layout ( #612 )
...
Co-authored-by: Liz Rice <liz@lizrice.com>
4 years ago
Paul McCarthy
582ce02ce6
Removed references to `dep` from README.md ( #607 )
...
Looks like this project now uses Go modules so `dep` steps are not needed.
Co-authored-by: Liz Rice <liz@lizrice.com>
4 years ago
Liz Rice
7e87c980b2
docs: CIS benchmarks are not frequent ( #617 )
...
Correct misleading comment about anticipated CIS benchmarks for every Kubernetes release - bad assumption!
4 years ago
Liz Rice
7cd6b32ebb
docs: notes in README for common misunderstandings ( #602 )
...
Added a Please Note section to document common misunderstandings that often lead to incorrect issue filings
5 years ago
Liz Rice
451721a1cf
Add GKE into list of support tests ( #597 )
...
Also adds links to the Kubernetes benchmarks
Fixes #596
5 years ago
Abubakr-Sadik Nii Nai Davis
d988b81540
CIS GKE 1.0.0 benchmark ( #570 )
...
* Add initial commit for CIS GKE 1.0 benchmark
* Update README with GKE instructions
* Fix YAML linter issues
* Set GKE benchmark k8s version to gke-1.0
* Add tests for gke-1.0
Co-authored-by: Roberto Rojas <robertojrojas@gmail.com>
5 years ago
Huang Huang
17cd104788
Fixes issue #574 : change the PATH in container ( #577 )
...
* Fixes issue #574 : change the PATH in container
And change to use `/usr/local/mount-from-host/bin` as mount path.
Fixes #574
* Fix integration tests
5 years ago
Murali Paluru
b677c86868
remove always true for logtostderr ( #548 )
...
* remove always true for logtostderr
* update README for log collection instructions
Co-authored-by: Liz Rice <liz@lizrice.com>
5 years ago
Saurya Das
ca749ccb32
Adding a section for Azure Kubernetes Service ( #495 )
...
* Adding a section for Azure Kubernetes Service
steps to run kube bench on AKS worker nodes
* Update README.md
* Update README.md
Co-authored-by: Roberto Rojas <robertojrojas@gmail.com>
Co-authored-by: Liz Rice <liz@lizrice.com>
5 years ago
Zeid Marouf
299ab36a13
doc: fix ECR image build instructions for EKS mode ( #531 )
5 years ago
Roberto Rojas
af976e6f50
Fixes Issue #494 - add tests for CIS 1.5 ( #530 )
...
* Initial commit.
* Add master and node config.
* Add section 5 of CIS 1.5.1.
* Split sections into section files
* Fix YAML issues.
* adds target translation
* adds target translation
* adds cis-1.5 mapping
* fixed tests
* fixes are per PR
* fixed intergration test
* integration kind test file to appropriate ks8 version
* fixed etcd text
* fixed README
* fixed text
* etcd: fixed grep path
* etcd: fixes
* fixed error message bug
* Update README.md
Co-Authored-By: Liz Rice <liz@lizrice.com>
* Update README.md
Co-Authored-By: Liz Rice <liz@lizrice.com>
* fixes as per PR review
5 years ago
Jonathan Rau
51aa10e354
Update EKS Config & Create EKS Guide ( #489 )
...
* Change EKS Readme
* Fix readme formatting
* Update README.md
Co-Authored-By: Liz Rice <liz@lizrice.com>
* Update README.md
Co-Authored-By: Liz Rice <liz@lizrice.com>
* Update README.md
5 years ago
Soumyadeep Sinha
8e4da53006
Fixed some typos ( #446 )
...
* Fixed some typos
* Fixed some typos
* Fixed typo and capitalization of Kubernetes
* Update README.md
Co-Authored-By: Liz Rice <liz@lizrice.com>
* Update README.md
Co-Authored-By: Liz Rice <liz@lizrice.com>
* Update docs/README.md
Co-Authored-By: Liz Rice <liz@lizrice.com>
* Update docs/README.md
Co-Authored-By: Liz Rice <liz@lizrice.com>
* Update README.md
Co-Authored-By: Liz Rice <liz@lizrice.com>
* Update docs/README.md
Co-Authored-By: Liz Rice <liz@lizrice.com>
* docs: trivial, reinstate capital K
* docs: trivial, reinstate backticks
* docs: trivial, reinstate "in order" for clarity
* docs: trivial, reinstate capital K
5 years ago
Roberto Rojas
7ca438b618
Fixes Issue 269 - Numbering to use CIS Versions ( #511 )
...
* starting benchmark flag
* Revert "starting benchmark flag"
This reverts commit 58fc948626
.
* fixes issue #269
* add more unit tests
* fix bug
* Update cmd/common.go
Co-Authored-By: Liz Rice <liz@lizrice.com>
* fixes as per PR review
* fixes as per PR review
* adds more tests
* fixed tests
* changes as per PR Review
* changes as per PR Review
* updated README
* Update README.md
Co-Authored-By: Liz Rice <liz@lizrice.com>
* Update README.md
Co-Authored-By: Liz Rice <liz@lizrice.com>
* Update README.md
Co-Authored-By: Liz Rice <liz@lizrice.com>
* Update README.md
Co-Authored-By: Liz Rice <liz@lizrice.com>
* changes are per PR review
5 years ago
Alexey Pyltsyn
7a2cc3f554
Improve docs ( #437 )
5 years ago
Mohan Sha
b009520ea3
Added table of contents for navigation ( #455 )
5 years ago
Itay Shakury
3964377a80
add contribution guidelines ( #454 )
5 years ago
Liz Rice
1b49050974
docs: Clarify the meaning of WARN state ( #430 )
...
* docs: Clarify the meaning of WARN state
* Update README.md
5 years ago
Roberto Rojas
a6ee61fd08
Fixes issue #289 : removed versions prior to 1.11 ( #429 )
...
* removed version prior to 1.11
* removed references to kubernetes versions prior to 1.11
5 years ago
James George
050145f6b3
docs: minor tweak ( #438 )
5 years ago
Liz Rice
16beb3e616
docs: note that you may need to be root ( #412 )
5 years ago
Liz Rice
d0d4e95d93
Updated version support ( #385 )
...
Strictly, we don't have the changes in 1.13-json but we do have them in 1.13
5 years ago
Abubakr-Sadik Nii Nai Davis
92df9cb36c
Read kubernetes version from environment ( #390 )
...
* Read kubernetes version from environment
Set kubernetes version to the value of the environment variable `KUBE_BENCH_VERSION` if it is defined and the flag `--version` is not specified on the kube-bench command line.
The command line flag `--version` takes precedence of the environment variable `KUBE_BENCH_VERSION` if both are defined.
* Add info about KUBE_BENCH_VERSION to README
5 years ago
Abubakr-Sadik Nii Nai Davis
2e27d681f7
Remove duplicate documentation. ( #373 )
...
* Remove duplicate documentation.
* Add test configuration header back in main README.
* Add missing regex operator in docs/README.
* Fix incorrect description of configuration options bins, confs etc.
* Move description of version auto-detection to main README.
* Use 1.13 in examples since cfg/1.12 doesn't exist
* Remove duplicate sentence about regex
This sentence is now in the docs/README
* Add link to the docs for test YAML definitions
5 years ago
yoavrotems
7c97f6a490
Add codecov ( #336 )
...
* Update .gitignore
* Update .travis.yml
* Update makefile
* Update .travis.yml
* Update .travis.yml
* Update .travis.yml
* Update README.md
* Update README.md
* Update README.md
* Update makefile
* Update .travis.yml
5 years ago
Liz Rice
08097d2211
Need credentials in order to run kubectl version ( #332 )
...
Without passing in kubeconfig credentials:
```bash
$ docker run --pid=host -v /etc:/etc:ro -v /var:/var:ro -v $(which kubectl):/usr/bin/kubectl -t lizrice/kube-bench:5e6cdfd master -v 1
I0628 16:52:06.591683 6099 util.go:367] Unable to get Kubernetes version from kubectl, using default version: 1.6
I0628 16:52:06.591822 6099 common.go:74] Using benchmark file: cfg/1.6/master.yaml
...
```
As updated in the README with this fix:
```bash
docker run --pid=host -v /etc:/etc:ro -v /var:/var:ro -v $(which kubectl):/usr/bin/kubectl -v ~/.kube:/.kube -e KUBECONFIG=/.kube/config -t lizrice/kube-bench:5e6cdfd master -v 1
I0628 16:53:26.784122 7224 util.go:131] No test file found for 1.14 - using tests for Kubernetes 1.13
I0628 16:53:26.784961 7224 common.go:228] Using config file: cfg/1.13/config.yaml
...
```
5 years ago
Liz Rice
9a900db021
docs: update WIP to draft ( #324 )
5 years ago
Liz Rice
0ab09a85e8
Add pull requests section
...
Add pull requests section
Include instructions for kube-bench version
Other small wording changes
5 years ago
Abubakr-Sadik Nii Nai Davis
7affbc83d8
Add github issue creation instructions.
5 years ago
Liz Rice
c76369fe2c
Add missing quote
5 years ago
Liz Rice
7f2e9b5231
Merge branch 'master' into op-regex
5 years ago
wwwil
7efa7b2c35
Add regex to list of compare ops
5 years ago
Liz Rice
81f0d9c6e3
Merge branch 'master' into Config-doc
5 years ago
Liz Rice
27df1f60ed
Clarification about worker nodes in managed k8s
...
Because we don’t want to put people off running kube-bench altogether in these environments
5 years ago
030
9d0e3491a0
[GH-191] explained that master nodes cannot be inspected in managed k8s
5 years ago
Liz Rice
df3577519c
Document version-specific config files
...
Values in the version-specific files override the main file
5 years ago
Liz Rice
a800ac6ccc
Merge branch 'master' into json-config
6 years ago
Liz Rice
ceb44583dd
Tidy up a couple of things
6 years ago
Liz Rice
f9d0f4acc1
Add OCP info into the README
6 years ago