1
0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-12-22 22:58:07 +00:00
Commit Graph

93 Commits

Author SHA1 Message Date
Abubakr-Sadik Nii Nai Davis
ed21839464 Add getServiceFiles function.
The CIS benchmark check for node checks 2 config files for kubelet:
  - kubelet config file (kubelet.conf)
  - kubelet systemd unitfile (10-kubeadm.conf)

The getServiceFiles function gets candidates for kubelet systemd
unitfile and returns valid untifiles.
2018-10-23 02:26:38 +00:00
bvwells
cc43fcbb7e Add link to CIS kubernetes benchmark 2018-08-10 20:55:02 +01:00
Liz Rice
ccc2b6c9ae Shouldn't need kubelet or kubectl if version specified 2018-07-26 12:03:09 +01:00
Liz Rice
9d0141871a Use new utility function for finding correct config files.
Improve order of message output
Remove unnecessary local variable
2018-06-29 12:20:29 +01:00
Liz Rice
344d2bfd24 Utility for getting the right config file for the Kubernetes version 2018-06-29 12:19:34 +01:00
Liz Rice
ecd14ed682 File substitutions should be a detailed log 2018-06-29 12:19:00 +01:00
Liz Rice
223ac14642 Don't override version specified on command line 2018-06-29 10:35:44 +01:00
Abubakr-Sadik Nii Nai Davis
6d237607fb Fix typo in help text. 2018-05-15 04:50:39 +00:00
Abubakr-Sadik Nii Nai Davis
5da707b8d6 Remove CIS benchmark version in tool title.
it has grown stale and is dependent on k8s version we are checking.
2018-05-15 04:23:39 +00:00
Jeppe Fihl-Pearson
39d94df81b Add tip about the --version flag to error output
If people are trying to use the Docker image to check their cluster, there's a
big likelyhood of them hitting the error message saying that either `kubectl`
or `kubelet` need to be found in order for `kube-bench` to be able to determine
the Kubernetes version in use.

This adds a tip that the version can be specified manually with the `--version`
flag which is a lot easier than having to make a new Docker image with the
right version of `kubelet`/`kubectl` in order for `kube-bench` to work.
2018-05-11 18:58:24 +01:00
Liz Rice
0b4872104d
Merge branch 'master' into feature/issue-107 2018-04-16 17:15:30 +01:00
Will Medlar
9469b1c124 Allow kubernetes version and config directory to be specified (resolves #107) 2018-04-12 15:01:58 -04:00
Abubakr-Sadik Nii Nai Davis
ade064006e Add extra output manipulation flags, --noremediations, --nosummary and
--noresults.

These flags disable printing sections of the final output of kube-bench.
2018-04-10 20:01:47 +00:00
Liz Rice
728cb0765f Use 1.8 tests for k8s 1.9 and 1.10 2018-04-04 10:49:05 +01:00
Philippe ALEXANDRE
f091c8adea Remove the old lines of fmt.Sprintf in cmd/common.go 2018-03-27 15:33:01 +02:00
Philippe ALEXANDRE
d6c16f7563 Try to use kubelet when kubectl is unavailable 2018-03-23 09:29:17 +01:00
Philippe ALEXANDRE
c86d0ff81b Replace fmt.Sprintf by filepath.Join 2018-03-23 09:27:48 +01:00
Liz Rice
58b6358a02
Merge branch 'master' into u/jaxxstorm/golint 2018-01-30 19:46:44 +00:00
Lee Briggs
94a1f3c41f
Lint all code for golint tests 2018-01-11 10:01:58 -08:00
Abubakr-Sadik Nii Nai Davis
64aaef7997 Fixed expected return for getKubeVersion. 2017-11-28 17:47:57 +00:00
Abubakr-Sadik Nii Nai Davis
53eb720952 Merge branch 'master' into unnecessary-warning 2017-11-28 17:44:53 +00:00
Abubakr-Sadik Nii Nai Davis
04f044e3b9 Add support for merging general and kubernetes version specific config files.
This change unifies all config files, podspecs and unitfiles under
a single component configuration key; `config`.
2017-11-28 17:38:34 +00:00
Liz Rice
97485419e2 Can't run kubectl on Travis so I don't know how this test ever worked 2017-11-21 13:21:47 +00:00
Liz Rice
730871f330 Fix kubeVersion regex tests 2017-11-21 13:19:09 +00:00
Abubakr-Sadik Nii Nai Davis
c93c94b3f6 Fix version check regexp. 2017-11-21 12:20:02 +00:00
Abubakr-Sadik Nii Nai Davis
c60c459bc4 Fix bug causing kubectl version to always return default version. 2017-11-14 22:27:55 +00:00
Abubakr-Sadik Nii Nai Davis
42a1068964 Add default version if version check fails. 2017-11-13 15:25:34 +00:00
Abubakr-Sadik Nii Nai Davis
f90dd925b8 Exit kube-bench if we can't get valid kubernetes server version and
improve error messages.
2017-11-03 13:11:10 +00:00
Abubakr-Sadik Nii Nai Davis
31b5910a7f Remove unnecessary warnings about missing config files. 2017-11-03 10:41:01 +00:00
Steven Logue
909e6cc874 created database.go file and moved DB function into it 2017-11-01 10:15:31 -07:00
Liz Rice
1faeb55b67
Merge branch 'master' into master 2017-11-01 14:46:48 +00:00
Steven Logue
d79a2a5478 added support for saving scan results to pgsql 2017-10-31 13:08:46 -07:00
Abubakr-Sadik Nii Nai Davis
3dcc38d5c8 Fix issue with util test. 2017-10-24 12:45:38 +00:00
Abubakr-Sadik Nii Nai Davis
592dc81974 Remove unused variables. 2017-10-24 12:02:22 +00:00
Abubakr-Sadik Nii Nai Davis
cec1d9d6b3 Combine config reading functions into single function. 2017-10-24 12:01:02 +00:00
Abubakr-Sadik Nii Nai Davis
e227934c88 Add function to get unit files for kubernetes components. 2017-10-15 13:20:01 +00:00
Abubakr-Sadik Nii Nai Davis
6ce0c5bf60 Add function to get pod specs for kubernetes components. 2017-10-15 13:19:57 +00:00
Abubakr-Sadik Nii Nai Davis
018ad12a64 Log benchmark definition file at verbosity level 1. 2017-09-26 23:33:47 +00:00
Abubakr-Sadik Nii Nai Davis
73a37a0c16 Delete tests for verifyKubeVersion and support functions. 2017-09-26 23:24:44 +00:00
Abubakr-Sadik Nii Nai Davis
88a003090f Delete verifyKubeVersion support functions. 2017-09-26 23:23:34 +00:00
Abubakr-Sadik Nii Nai Davis
a95d083049 Remove call to verifyKubeVersion.
This functionality is fulfilled by getKubeVersion.
2017-09-26 23:20:28 +00:00
Abubakr-Sadik Nii Nai Davis
d9e1eee2cd Merge remote-tracking branch 'origin/master' into support for multiple
Kubernetes versions.
2017-09-20 00:39:30 +00:00
Abubakr-Sadik Nii Nai Davis
56fa20103a Add function to retrieve Kubernetes server version.
The server version is used to load the correct benchmark check
to run against the Kubernetes cluster.
2017-09-17 19:49:13 +00:00
Liz Rice
c4be4a1240 Remove installation flag and some other unused variables 2017-08-31 17:52:21 +01:00
Liz Rice
de12829923 Correct test to cope with multi-line ps output 2017-08-31 17:43:07 +01:00
Liz Rice
e4a89123e0 Move message about which config file we’re using into a log at the start 2017-08-31 17:38:11 +01:00
Liz Rice
8380ad1ef3 Better detection of running executables 2017-08-31 16:01:31 +01:00
Liz Rice
d637d8714a Fix and add tests 2017-08-31 15:22:30 +01:00
Liz Rice
a3197f8efe Reorder YAML to make a bit more sense. Allow for optional components, and a config file that we don’t think exists. 2017-08-31 14:45:16 +01:00
Liz Rice
e4b905e360 Log when there’s no substitution 2017-08-31 14:43:59 +01:00