arno/kube-bench
1
0
Fork 0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-11-29 11:28:14 +00:00
Code Issues Releases Wiki Activity
565 Commits 7 Branches 82 Tags 157 MiB
58fc948626
Commit Graph

121 Commits

Author SHA1 Message Date
Roberto J Rojas
58fc948626 starting benchmark flag 2019-10-14 09:46:31 -04:00
Abubakr-Sadik Nii Nai Davis
92df9cb36c Read kubernetes version from environment (#390) 
* Read kubernetes version from environment

Set kubernetes version to the value of the environment variable `KUBE_BENCH_VERSION` if it is defined and the flag `--version` is not specified on the kube-bench command line.

The command line flag `--version` takes precedence of the environment variable `KUBE_BENCH_VERSION` if both are defined.

* Add info about KUBE_BENCH_VERSION to README
 2019-08-27 09:04:11 +01:00
Abubakr-Sadik Nii Nai Davis
3fba5f4dac Fix version command failing because of missing config file it does not need. (#377) 
* Fix version command failing because of missing config file it does
not need.

* Fix typo

* Remove reference to github issue in comment
 2019-08-22 13:43:09 +01:00
zilard
b86dd92c91 Issue #348: Refactor get<Thing>Files into getFiles (#359) 
* issue #348: replace everywhere get<Thing>Files with getFiles
 2019-07-13 07:48:24 +01:00
zilard
d8528a1ec8 issue #234: implement test 2.2.8 (#343) 
* implement test 2.2.8

* Nit: correct indentation

The indentation looked a bit wonky due to spaces vs tabs; hopefully this corrects it
 2019-07-10 10:43:15 +01:00
Liz Rice
25b2c5da5a
Add comment about procps limitation (#333) 2019-07-08 22:29:37 +01:00
patelpayal
e6e6333e6d add glog flush to write the output to a file (#329) 
* add glog flush to write the output to a file

* add glog flush before exit on error and fix code comment
 2019-07-01 09:49:46 +01:00
Simarpreet Singh
3b7438e2f2
kube-bench: add version subcommand 
Signed-off-by: Simarpreet Singh <simar@linux.com>
 2019-06-12 01:41:09 -07:00
nshauli
e64f61fa7f Add --outputfile flag for writing json results to output file (#295) 2019-05-29 18:05:55 +03:00
Liz Rice
a8c69b57e8
Merge branch 'master' into config-improvements 2019-05-27 13:10:40 +02:00
Liz Rice
e33e44b676 Correct debug messages 2019-05-17 14:22:04 +01:00
Yoav Hizkiahou
3aa28c4c32 Printing the actual test result of failed tests - when a flag is raised 
fix #110
 2019-05-15 10:14:11 +03:00
Liz Rice
aebd35a5ab
Update copyright date 2019-05-02 18:15:31 -07:00
Daniel Pacak
5fb133cd02 Adjust the semantics of scored and unscored flags 2019-05-01 22:52:56 +02:00
Daniel Pacak
306e1960af Add flags to further filter CIS checks to run 2019-05-01 22:52:56 +02:00
Liz Rice
de623220e1
No need to load config just to check if components are running. 
This also allows for there to be no master.yaml file, for environments where such a thing doesn’t need to exist
 2019-04-11 18:34:22 +01:00
Liz Rice
596dae03d9
Don't assume master if 0 master binaries specified 2019-04-11 17:19:50 +01:00
Liz Rice
9246be924d
Merge branch 'master' into features/autodetect-nodetype 2019-03-13 20:36:19 -07:00
Cyril Tovena
5baf81a70a Adds master node detection and a root command that automatically detect checks to run. 
The root command will run node checks and if possible master checks.
I've also added some Makefile targets to improve local testing and improve the documentation.
 2019-03-12 19:32:05 -04:00
Abubakr-Sadik Nii Nai Davis
a88b0703d8 Add kubeconfig variable substitution for kubelet and proxy. 
There are checks for the kubeconfig for both kubelet and proxy which
the current kube-bench implementation does not check for properly.
kube-bench checks the wrong files.

This PR adds support for variable substitution for all the config file
types are that should be checked in the CIS benchmarks.

This PR also fixes a buggy in CIS 1.3.0 check 2.2.9, which checks for
ownership of the kubelet config file /var/lib/kubelet/config.yaml but
recommends changing ownership of kubelet kubeconfig file
/etc/kubernetes/kubelet.conf as remediation.
 2019-02-27 22:15:14 +00:00
nshauli
e93bfc1aac search for the kubelet binary when it is not in the path 2019-02-19 16:38:10 +02:00
Liz Rice
7626dc2705
Merge branch 'master' into bugfix-log-warnings-instead-of-print 2019-02-19 13:44:23 +00:00
Yoav Hizkiahou
082e9cf7e9 Bugfix: Logging warning instead of printing 
Made all the warnings to be logged and not printed, so when using the json flag the output will be only in json format.

fix #217
 2019-02-19 14:39:55 +02:00
Abubakr-Sadik Nii Nai Davis
911e9051dc Merge remote-tracking branch 'origin/master' into ocp-configs 2019-02-15 19:48:53 +00:00
Abubakr-Sadik Nii Nai Davis
e899e941f7 Add OCP 3.10 benchmarks. 2019-02-15 19:44:39 +00:00
Weston Steimel
42ed8628de Only get runningVersion if --version has not been provided 
Signed-off-by: Weston Steimel <weston.steimel@gmail.com>
 2019-02-15 19:43:13 +00:00
Yoav Hizkiahou
49f745af8e Support new check type - skip: 
If a check is marked with type "skip", it will be marked as Info.

Support scored property:
If a check is not scored and is not marked with type skip, it will be marked as Warn.
 2019-01-29 19:05:12 +02:00
Weston Steimel
42f4152058
Only get runningVersion if --version has not been provided 
Signed-off-by: Weston Steimel <weston.steimel@gmail.com>
 2019-01-24 00:34:09 +00:00
Abubakr-Sadik Nii Nai Davis
ed21839464 Add getServiceFiles function. 
The CIS benchmark check for node checks 2 config files for kubelet:
  - kubelet config file (kubelet.conf)
  - kubelet systemd unitfile (10-kubeadm.conf)

The getServiceFiles function gets candidates for kubelet systemd
unitfile and returns valid untifiles.
 2018-10-23 02:26:38 +00:00
bvwells
cc43fcbb7e Add link to CIS kubernetes benchmark 2018-08-10 20:55:02 +01:00
Liz Rice
ccc2b6c9ae Shouldn't need kubelet or kubectl if version specified 2018-07-26 12:03:09 +01:00
Liz Rice
9d0141871a Use new utility function for finding correct config files. 
Improve order of message output
Remove unnecessary local variable
 2018-06-29 12:20:29 +01:00
Liz Rice
344d2bfd24 Utility for getting the right config file for the Kubernetes version 2018-06-29 12:19:34 +01:00
Liz Rice
ecd14ed682 File substitutions should be a detailed log 2018-06-29 12:19:00 +01:00
Liz Rice
223ac14642 Don't override version specified on command line 2018-06-29 10:35:44 +01:00
Abubakr-Sadik Nii Nai Davis
6d237607fb Fix typo in help text. 2018-05-15 04:50:39 +00:00
Abubakr-Sadik Nii Nai Davis
5da707b8d6 Remove CIS benchmark version in tool title. 
it has grown stale and is dependent on k8s version we are checking.
 2018-05-15 04:23:39 +00:00
Jeppe Fihl-Pearson
39d94df81b Add tip about the --version flag to error output 
If people are trying to use the Docker image to check their cluster, there's a
big likelyhood of them hitting the error message saying that either `kubectl`
or `kubelet` need to be found in order for `kube-bench` to be able to determine
the Kubernetes version in use.

This adds a tip that the version can be specified manually with the `--version`
flag which is a lot easier than having to make a new Docker image with the
right version of `kubelet`/`kubectl` in order for `kube-bench` to work.
 2018-05-11 18:58:24 +01:00
Liz Rice
0b4872104d
Merge branch 'master' into feature/issue-107 2018-04-16 17:15:30 +01:00
Will Medlar
9469b1c124 Allow kubernetes version and config directory to be specified (resolves #107) 2018-04-12 15:01:58 -04:00
Abubakr-Sadik Nii Nai Davis
ade064006e Add extra output manipulation flags, --noremediations, --nosummary and 
--noresults.

These flags disable printing sections of the final output of kube-bench.
 2018-04-10 20:01:47 +00:00
Liz Rice
728cb0765f Use 1.8 tests for k8s 1.9 and 1.10 2018-04-04 10:49:05 +01:00
Philippe ALEXANDRE
f091c8adea Remove the old lines of fmt.Sprintf in cmd/common.go 2018-03-27 15:33:01 +02:00
Philippe ALEXANDRE
d6c16f7563 Try to use kubelet when kubectl is unavailable 2018-03-23 09:29:17 +01:00
Philippe ALEXANDRE
c86d0ff81b Replace fmt.Sprintf by filepath.Join 2018-03-23 09:27:48 +01:00
Liz Rice
58b6358a02
Merge branch 'master' into u/jaxxstorm/golint 2018-01-30 19:46:44 +00:00
Lee Briggs
94a1f3c41f
Lint all code for golint tests 2018-01-11 10:01:58 -08:00
Abubakr-Sadik Nii Nai Davis
64aaef7997 Fixed expected return for getKubeVersion. 2017-11-28 17:47:57 +00:00
Abubakr-Sadik Nii Nai Davis
53eb720952 Merge branch 'master' into unnecessary-warning 2017-11-28 17:44:53 +00:00
Abubakr-Sadik Nii Nai Davis
04f044e3b9 Add support for merging general and kubernetes version specific config files. 
This change unifies all config files, podspecs and unitfiles under
a single component configuration key; `config`.
 2017-11-28 17:38:34 +00:00