1
0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-11-26 01:49:28 +00:00
Commit Graph

672 Commits

Author SHA1 Message Date
Roberto Rojas
a6ee61fd08
Fixes issue #289: removed versions prior to 1.11 (#429)
* removed version prior to 1.11

* removed references to kubernetes versions prior to 1.11
2019-10-14 10:52:43 -04:00
Roberto Rojas
3aa41db166
Issue #353: Merges JSON and Exec Params files (#426)
* starts fixes #353

* new approach to minize duplications

* applied merged yaml files for v1.11 and v1.13

* yaml files json/params merged

* fixes to remove double quotes from numbers and booleans

* fixed bug

* fixed certificate check

* removed -json files

* changes based on PR review

* Update check/check_test.go

Yay more tests!

Co-Authored-By: Liz Rice <liz@lizrice.com>

* changes as PR review

* fixed bug when scored check is missing tests

* attempt to improve the code

* fixed list breaks

* removes handleError function

* Update check/check.go

Accepting suggested log level.

Co-Authored-By: Liz Rice <liz@lizrice.com>
2019-10-14 10:37:10 -04:00
Roberto Rojas
c22f81610d
removes federated (#431) 2019-10-12 19:00:26 -04:00
Roberto Rojas
91dfeb7577
passes KUBEBENCH_VERSION down to Dockerfile (#428) 2019-10-12 18:53:17 -04:00
Roberto Rojas
4416e46967
Adds Unit Tests for check/toNumeric (#401)
* fixes issue #364

* fixed unit test error text
2019-10-12 18:46:19 -04:00
James George
050145f6b3 docs: minor tweak (#438) 2019-10-11 15:47:10 +01:00
yoavrotems
89afda1f63 Add [Manual test] to remediation in all the manual tests (#435) 2019-10-09 16:26:02 +01:00
Simarpreet Singh
37f626dce6 cfg: Make proxy checks optional (#436)
Signed-off-by: Simarpreet Singh <simar@linux.com>
2019-10-08 11:53:39 +01:00
Liz Rice
16beb3e616
docs: note that you may need to be root (#412) 2019-09-21 15:07:16 +01:00
yoavrotems
27261d1d32 Change Kind version (#411)
Something with the old version was crashing. now using the most recent one 1.15.3 is working.
2019-09-03 13:42:07 +01:00
Roberto Rojas
41e0ae77de changes to use the "op: valid_elements" operation to manage list of items (#402) 2019-09-03 13:36:47 +01:00
yoavrotems
ea9089bd42 update the yaml according (#410)
The update is from the new cis version 1.4.1.
like been done in https://github.com/aquasecurity/kube-bench/issues/370
2019-09-02 16:40:45 +01:00
Roberto Rojas
ec3b1076c0 Fixes issue #407 (#409)
* fixes issue #407

* fixes issue #407
2019-08-30 17:33:14 +01:00
Roberto Rojas
13dfa15ad6 Fixes Issue #396 - Replaces $kubeletconf for $kubeletsvc (#399)
* fixes issue #396

* reverts remediation text change

* changes to 1.11-json and 1.13-json as per PR review

* Tiny typo
2019-08-30 15:21:41 +01:00
Liz Rice
a2466da4b0
Correct 1.1.13 to match CIS spec (#406)
Text should say Not Scored
2019-08-30 15:10:30 +01:00
Liz Rice
d0d4e95d93
Updated version support (#385)
Strictly, we don't have the changes in 1.13-json but we do have them in 1.13
2019-08-30 12:09:11 +01:00
Roberto Rojas
7a53806863 fixes issue #346 by explicitly only checking read-only property (#404) 2019-08-30 08:56:48 +01:00
yoavrotems
4b5a877f1f Remove some tests from been manual (#398)
* Remove some tests from been manual

* Remove some tests from been manual
2019-08-29 08:54:29 +01:00
Roberto Rojas
f343d36862 hyperkube v1.15 renamed "proxy" to "kube-proxy" (#400) 2019-08-28 16:53:48 +01:00
Roberto Rojas
3e5d02e920 fixes issue #386 (#397)
* fixes issue #386

* Correct typo
2019-08-28 09:27:56 +01:00
Abubakr-Sadik Nii Nai Davis
92df9cb36c Read kubernetes version from environment (#390)
* Read kubernetes version from environment

Set kubernetes version to the value of the environment variable `KUBE_BENCH_VERSION` if it is defined and the flag `--version` is not specified on the kube-bench command line.

The command line flag `--version` takes precedence of the environment variable `KUBE_BENCH_VERSION` if both are defined.

* Add info about KUBE_BENCH_VERSION to README
2019-08-27 09:04:11 +01:00
Abubakr-Sadik Nii Nai Davis
a3b8ba58ad Fix error converting from string to integer (#392)
Replace the `gt` with `eq` for string comparison of kube-bench check 2.1.6 in `cfg/1.6/node.yaml`.
2019-08-23 16:15:21 +01:00
Patrick Lieberg
0d81ef10d5 Update config.yaml to add Azure AKS file locations for kubelet (#383)
* testing Azure config locations

* "Updated default config.yaml to incorporate Azure AKS file locations for kubelet"

* "Adjusted order of new lines.  Removed unneeded lines."
2019-08-22 14:52:34 +01:00
Abubakr-Sadik Nii Nai Davis
3fba5f4dac Fix version command failing because of missing config file it does not need. (#377)
* Fix version command failing because of missing config file it does
not need.

* Fix typo

* Remove reference to github issue in comment
2019-08-22 13:43:09 +01:00
mwwolters
787bf6ca4d Updated check to pass if flag isn't set (#379) 2019-08-09 18:24:20 +01:00
Liz Rice
f8b2f6c841
Correct 1.4.21 text (#356)
1.4.21 is about the PKI key file not the certificate
2019-08-07 17:17:21 +01:00
yoavrotems
136e9cd731 Remove federated from ocp (#381)
* Delete federated.yaml

There is no federated tests in ocp

* Delete federated.yaml

There are no federated tests in OCP
2019-08-07 16:52:04 +01:00
Abubakr-Sadik Nii Nai Davis
2e27d681f7 Remove duplicate documentation. (#373)
* Remove duplicate documentation.

* Add test configuration header back in main README.

* Add missing regex operator in docs/README.

* Fix incorrect description of configuration options bins, confs etc.

* Move description of version auto-detection to main README.

* Use 1.13 in examples since cfg/1.12 doesn't exist

* Remove duplicate sentence about regex

This sentence is now in the docs/README

* Add link to the docs for test YAML definitions
2019-08-07 03:43:51 -07:00
Efrat Levitan
b8a463f051 Correction to 1.13 and 1.13-json test 2.1.5 (#380) 2019-08-07 03:33:09 -07:00
yoavrotems
22b971a633 fixes-according-kube-cis1.4.1 (#376)
* Update master.yaml

* Update node.yaml

Fix 2.1.11 - got DEPRECATED
2.1.14 changed to be a set of options, would be fixed by https://github.com/aquasecurity/kube-bench/pull/367

* Update master.yaml

* Update node.yaml

change 2.1.11 Title, and state to not scored
2019-08-06 06:19:29 -07:00
Roberto Rojas
0422368615 issue #369: fixes RotateKubeletServerCertificate tests in 1.13-json (#371) 2019-08-06 00:58:35 -07:00
mwwolters
893aa3588c Updated check to pass if flag isn't set (#375) 2019-07-30 10:09:24 -07:00
Roberto Rojas
937bfc7b2e issue #344: Adds support for array comparison. Every element in the s… (#367)
* issue #344: Adds support for array comparison. Every element in the source array must exist in the target array.

* issue #344: Fixed typo and found if condition based on code review

* adds unit tests for valid_elements comparison

* removes spaces from split strings
2019-07-26 11:11:59 -07:00
Roberto Rojas
dab5e92bb5 Issue #363: Adds Unit Tests for Test Comparisons (#366)
* issue #363: starts unit tests for Test Comparison.

* issue #363: Adds tests for "eq" operation

* changes test result message

* issue #363: Adds tests for "noteq" operation

* issue #363: Adds tests for "gt" operation

* issue #363: Adds tests for "lt" operation

* issue #363: Adds tests for "gte" operation

* issue #363: Adds tests for "lte" operation

* issue #363: Adds tests for "has" operation

* issue #363: Adds tests for "nothave" operation

* issue #363: Adds tests for "regex" operation
2019-07-17 10:08:11 -04:00
yoavrotems
7c97f6a490 Add codecov (#336)
* Update .gitignore

* Update .travis.yml

* Update makefile

* Update .travis.yml

* Update .travis.yml

* Update .travis.yml

* Update README.md

* Update README.md

* Update README.md

* Update makefile

* Update .travis.yml
2019-07-16 14:11:51 -04:00
Roberto Rojas
86e3456f33 issue #243: Changes condition so that score: false tests are performed (#357)
* issue #243: Changes condition so that score: false tests are performed

* issue #243: Changes comments.
2019-07-13 08:05:29 +01:00
zilard
b86dd92c91 Issue #348: Refactor get<Thing>Files into getFiles (#359)
* issue #348: replace everywhere get<Thing>Files with getFiles
2019-07-13 07:48:24 +01:00
Roberto Rojas
c87c5cfb51 Fixes bugs on tests 2.1.4 and 2.1.5 - 1.13-json (#365)
* Adds bin_op to Test 2.1.4

* Adds bin_op to Test 2.1.5
2019-07-13 07:35:44 +01:00
Roberto Rojas
b649588f46 turns Go Module on (#362) 2019-07-12 14:12:59 +01:00
Liz Rice
cb3d876ced
Remove Darwin build from go-releaser (#361)
Should fix #360
2019-07-12 12:41:46 +01:00
Roberto Rojas
d43cdfdf01 Issue #355: Adds Unit Tests for JSONPath Parse & Execute (#358)
* issue #335: Adds json/yaml unmarshal Unit Tests.

* issue #335: Adds jsonpath Unit Tests.

* issue #335: Removes log package.
2019-07-12 07:09:27 +01:00
Roberto Rojas
3926ba3977 issue #337: Adds comment for properties detected thru parsing command line. Fixed Audit for test 2.1.8 (#354) 2019-07-11 17:05:24 +01:00
Roberto Rojas
d127512ab9 issue #349: changes test 2.2.8 (#351) 2019-07-10 15:54:09 +01:00
Roberto Rojas
336ca84998 fixes substitution variable (kubeletconf -> kubeletsvc). (#350) 2019-07-10 14:20:14 +01:00
zilard
d8528a1ec8 issue #234: implement test 2.2.8 (#343)
* implement test 2.2.8

* Nit: correct indentation

The indentation looked a bit wonky due to spaces vs tabs; hopefully this corrects it
2019-07-10 10:43:15 +01:00
Roberto Rojas
a0bed18054 Adds json version of config for k8s 1.13 (#342) 2019-07-10 09:26:37 +01:00
Liz Rice
25b2c5da5a
Add comment about procps limitation (#333) 2019-07-08 22:29:37 +01:00
Liz Rice
08097d2211
Need credentials in order to run kubectl version (#332)
Without passing in kubeconfig credentials:

```bash
$ docker run --pid=host -v /etc:/etc:ro -v /var:/var:ro -v $(which kubectl):/usr/bin/kubectl -t lizrice/kube-bench:5e6cdfd master -v 1
I0628 16:52:06.591683    6099 util.go:367] Unable to get Kubernetes version from kubectl, using default version: 1.6
I0628 16:52:06.591822    6099 common.go:74] Using benchmark file: cfg/1.6/master.yaml
...
```
As updated in the README with this fix:

```bash
docker run --pid=host -v /etc:/etc:ro -v /var:/var:ro -v $(which kubectl):/usr/bin/kubectl -v ~/.kube:/.kube -e KUBECONFIG=/.kube/config -t lizrice/kube-bench:5e6cdfd master -v 1
I0628 16:53:26.784122    7224 util.go:131] No test file found for 1.14 - using tests for Kubernetes 1.13
I0628 16:53:26.784961    7224 common.go:228] Using config file: cfg/1.13/config.yaml
...
```
2019-07-08 22:22:48 +01:00
Liz Rice
9a900db021
docs: update WIP to draft (#324) 2019-07-03 08:27:28 +01:00
patelpayal
e6e6333e6d add glog flush to write the output to a file (#329)
* add glog flush to write the output to a file

* add glog flush before exit on error and fix code comment
2019-07-01 09:49:46 +01:00