Liz Rice
596dae03d9
Don't assume master if 0 master binaries specified
6 years ago
Liz Rice
9246be924d
Merge branch 'master' into features/autodetect-nodetype
6 years ago
Cyril Tovena
5baf81a70a
Adds master node detection and a root command that automatically detect checks to run.
...
The root command will run node checks and if possible master checks.
I've also added some Makefile targets to improve local testing and improve the documentation.
6 years ago
Abubakr-Sadik Nii Nai Davis
a88b0703d8
Add kubeconfig variable substitution for kubelet and proxy.
...
There are checks for the kubeconfig for both kubelet and proxy which
the current kube-bench implementation does not check for properly.
kube-bench checks the wrong files.
This PR adds support for variable substitution for all the config file
types are that should be checked in the CIS benchmarks.
This PR also fixes a buggy in CIS 1.3.0 check 2.2.9, which checks for
ownership of the kubelet config file /var/lib/kubelet/config.yaml but
recommends changing ownership of kubelet kubeconfig file
/etc/kubernetes/kubelet.conf as remediation.
6 years ago
Abubakr-Sadik Nii Nai Davis
911e9051dc
Merge remote-tracking branch 'origin/master' into ocp-configs
6 years ago
Abubakr-Sadik Nii Nai Davis
e899e941f7
Add OCP 3.10 benchmarks.
6 years ago
Weston Steimel
42ed8628de
Only get runningVersion if --version has not been provided
...
Signed-off-by: Weston Steimel <weston.steimel@gmail.com>
6 years ago
Yoav Hizkiahou
49f745af8e
Support new check type - skip:
...
If a check is marked with type "skip", it will be marked as Info.
Support scored property:
If a check is not scored and is not marked with type skip, it will be marked as Warn.
6 years ago
Weston Steimel
42f4152058
Only get runningVersion if --version has not been provided
...
Signed-off-by: Weston Steimel <weston.steimel@gmail.com>
6 years ago
Abubakr-Sadik Nii Nai Davis
ed21839464
Add getServiceFiles function.
...
The CIS benchmark check for node checks 2 config files for kubelet:
- kubelet config file (kubelet.conf)
- kubelet systemd unitfile (10-kubeadm.conf)
The getServiceFiles function gets candidates for kubelet systemd
unitfile and returns valid untifiles.
6 years ago
Liz Rice
ccc2b6c9ae
Shouldn't need kubelet or kubectl if version specified
6 years ago
Liz Rice
9d0141871a
Use new utility function for finding correct config files.
...
Improve order of message output
Remove unnecessary local variable
6 years ago
Liz Rice
223ac14642
Don't override version specified on command line
6 years ago
Liz Rice
0b4872104d
Merge branch 'master' into feature/issue-107
7 years ago
Will Medlar
9469b1c124
Allow kubernetes version and config directory to be specified ( resolves #107 )
7 years ago
Abubakr-Sadik Nii Nai Davis
ade064006e
Add extra output manipulation flags, --noremediations, --nosummary and
...
--noresults.
These flags disable printing sections of the final output of kube-bench.
7 years ago
Liz Rice
728cb0765f
Use 1.8 tests for k8s 1.9 and 1.10
7 years ago
Philippe ALEXANDRE
f091c8adea
Remove the old lines of fmt.Sprintf in cmd/common.go
7 years ago
Philippe ALEXANDRE
c86d0ff81b
Replace fmt.Sprintf by filepath.Join
7 years ago
Liz Rice
58b6358a02
Merge branch 'master' into u/jaxxstorm/golint
7 years ago
Lee Briggs
94a1f3c41f
Lint all code for golint tests
7 years ago
Abubakr-Sadik Nii Nai Davis
64aaef7997
Fixed expected return for getKubeVersion.
7 years ago
Abubakr-Sadik Nii Nai Davis
04f044e3b9
Add support for merging general and kubernetes version specific config files.
...
This change unifies all config files, podspecs and unitfiles under
a single component configuration key; `config`.
7 years ago
Liz Rice
730871f330
Fix kubeVersion regex tests
7 years ago
Abubakr-Sadik Nii Nai Davis
f90dd925b8
Exit kube-bench if we can't get valid kubernetes server version and
...
improve error messages.
7 years ago
Steven Logue
909e6cc874
created database.go file and moved DB function into it
7 years ago
Liz Rice
1faeb55b67
Merge branch 'master' into master
7 years ago
Steven Logue
d79a2a5478
added support for saving scan results to pgsql
7 years ago
Abubakr-Sadik Nii Nai Davis
592dc81974
Remove unused variables.
7 years ago
Abubakr-Sadik Nii Nai Davis
cec1d9d6b3
Combine config reading functions into single function.
7 years ago
Abubakr-Sadik Nii Nai Davis
e227934c88
Add function to get unit files for kubernetes components.
7 years ago
Abubakr-Sadik Nii Nai Davis
6ce0c5bf60
Add function to get pod specs for kubernetes components.
7 years ago
Abubakr-Sadik Nii Nai Davis
018ad12a64
Log benchmark definition file at verbosity level 1.
7 years ago
Abubakr-Sadik Nii Nai Davis
a95d083049
Remove call to verifyKubeVersion.
...
This functionality is fulfilled by getKubeVersion.
7 years ago
Abubakr-Sadik Nii Nai Davis
d9e1eee2cd
Merge remote-tracking branch 'origin/master' into support for multiple
...
Kubernetes versions.
7 years ago
Abubakr-Sadik Nii Nai Davis
56fa20103a
Add function to retrieve Kubernetes server version.
...
The server version is used to load the correct benchmark check
to run against the Kubernetes cluster.
7 years ago
Liz Rice
e4a89123e0
Move message about which config file we’re using into a log at the start
7 years ago
Liz Rice
a3197f8efe
Reorder YAML to make a bit more sense. Allow for optional components, and a config file that we don’t think exists.
7 years ago
Liz Rice
f5550fd8bd
Node type is now verified by looking for running binaries from a set of options
7 years ago
Liz Rice
6a5a62b278
Autodetect the binaries and config files from a set of options
7 years ago
Liz Rice
7600dd9dd6
Make the ps / fakeps function global so we don’t have to pass it around so much
7 years ago
Liz Rice
6b9f117f87
Allow for multiple words in executable names
7 years ago
Liz Rice
34f8b8e980
Simplify verifying binaries and config files
7 years ago
Liz Rice
96c469669c
Use kubectl to check the kubernetes version
7 years ago
Liz Rice
2b4047a3c1
Merge pull request #28 from ttousai/errorhandling
...
Improve error handling.
7 years ago
Abubakr-Sadik Nii Nai Davis
f88de572f6
Improve error handling.
7 years ago
Abubakr-Sadik Nii Nai Davis
e08e069174
Update controls to CIS Kubernetes Benchmark v1.1.0
7 years ago
Abubakr-Sadik Nii Nai Davis
609c4ff01c
Move kubernetes binaries and config paths to kube-bench config.
7 years ago
Abubakr-Sadik Nii Nai Davis
2ee99eca64
Add support for various installation modes, hyperkube, kubeadm and kops.
...
Issue #17 .
7 years ago
Abubakr-Sadik Nii Nai Davis
bd53529387
Fix issue #16 about supporting verbosity.
7 years ago