Liz Rice
6b9f117f87
Allow for multiple words in executable names
2017-08-15 17:00:35 +01:00
Liz Rice
34f8b8e980
Simplify verifying binaries and config files
2017-08-15 16:44:40 +01:00
Liz Rice
86d49b1b1a
We don’t care whether the binaries are in our path or not, just whether they are running
2017-08-15 16:01:27 +01:00
Abubakr-Sadik Nii Nai Davis
7c7d477d78
Import os to fix issue in previous merge commit.
2017-08-12 19:10:31 +00:00
Abubakr-Sadik Nii Nai Davis
dddea28713
Merge branch 'master' into issue-25
2017-08-12 19:05:48 +00:00
Abubakr-Sadik Nii Nai Davis
0933fa420b
Add new tests and clean up old tests.
2017-08-12 18:54:33 +00:00
Abubakr-Sadik Nii Nai Davis
d2fa9d35b6
Rewrite audit commands in the check definition that contain shell builtins
...
and modify text to command function to support this.
Shell builtins fail the binary command lookup test which result in a
WARN. Audit commands which include shell builtins must use the form:
"/bin/sh -c 'sh-builtin arg'"
So they are executed properly. Additionally Go will fail to execute
commands involving shell builtins if they are not in the above format.
2017-08-12 18:41:41 +00:00
Liz Rice
45cf25e007
Merge pull request #34 from aquasecurity/kubectl-version
...
Use kubectl to check the kubernetes version
2017-08-11 18:05:31 +01:00
Liz Rice
96c469669c
Use kubectl to check the kubernetes version
2017-08-11 17:59:57 +01:00
Liz Rice
50cce99daf
Merge pull request #33 from aquasecurity/owners
...
Create OWNERS
2017-08-11 16:09:23 +01:00
Liz Rice
dee64c30ae
Create OWNERS
2017-08-11 16:06:44 +01:00
Liz Rice
0bbc867396
Merge pull request #32 from aquasecurity/issue-19-2
...
Issue 19, take 2
2017-08-08 22:26:22 +01:00
Liz Rice
767e8eb835
Sorting out the bad merge
2017-08-08 22:22:47 +01:00
Abubakr-Sadik Nii Nai Davis
9c07527069
Remove misleading comment about manual checks in node check definition.
2017-08-08 22:18:03 +01:00
Abubakr-Sadik Nii Nai Davis
c39516581b
Add master node manual check definitions.
2017-08-08 22:17:44 +01:00
Abubakr-Sadik Nii Nai Davis
09ca739dc0
Add check type manual.
...
Results of manual checks are forced to WARN to inform users to check manually.
2017-08-08 22:17:37 +01:00
Liz Rice
16fbf084e9
Merge pull request #31 from aquasecurity/revert-30-issue-19
...
Revert "Issue 19"
2017-08-08 22:00:43 +01:00
Liz Rice
b5f4876138
Revert "Issue 19"
2017-08-08 22:00:06 +01:00
Liz Rice
ffeb33defd
Merge pull request #30 from ttousai/issue-19
...
Issue 19
2017-08-07 16:24:08 +01:00
Liz Rice
cf5f025593
Merge branch 'master' into issue-19
2017-08-07 16:23:59 +01:00
Liz Rice
2b4047a3c1
Merge pull request #28 from ttousai/errorhandling
...
Improve error handling.
2017-08-07 10:06:32 +01:00
Abubakr-Sadik Nii Nai Davis
7bb66dd2da
Rename warning printing functions.
...
printlnWarn: prints warning with a newline.
sprintWarn: returns an optionally contextualized warning string.
2017-08-06 16:59:03 +00:00
Abubakr-Sadik Nii Nai Davis
9c563b0987
Remove misleading comment about manual checks in node check definition.
2017-08-06 16:41:39 +00:00
Abubakr-Sadik Nii Nai Davis
29122b82ad
Add master node manual check definitions.
2017-08-06 16:14:41 +00:00
Abubakr-Sadik Nii Nai Davis
43c1470c0e
Add check type manual.
...
Results of manual checks are forced to WARN to inform users to check manually.
2017-08-06 15:29:55 +00:00
Abubakr-Sadik Nii Nai Davis
82c92e0078
Change function name to be clearer about the fact it returns a string.
2017-08-06 14:25:02 +00:00
Liz Rice
1c58dfefbb
Revert "Add Docker build & push to Travis job" - it's already being built on Docker Hub!
...
This reverts commit b339a753b5
.
2017-08-03 16:05:27 +01:00
Liz Rice
b339a753b5
Add Docker build & push to Travis job
2017-08-03 15:53:49 +01:00
Liz Rice
21b7d8d9d6
Merge pull request #24 from ttousai/issue-19
...
Update controls to CIS Kubernetes Benchmark v1.1.0
2017-07-25 09:05:29 +01:00
Abubakr-Sadik Nii Nai Davis
f88de572f6
Improve error handling.
2017-07-25 00:34:07 +00:00
Abubakr-Sadik Nii Nai Davis
e08e069174
Update controls to CIS Kubernetes Benchmark v1.1.0
2017-07-24 17:30:13 +00:00
Liz Rice
34dd31970a
Update README about installation flag
2017-07-20 17:33:21 +01:00
Liz Rice
a6a784f55f
Merge pull request #18 from ttousai/issue-17
...
Issues #17 , #16
2017-07-17 18:25:53 +01:00
Abubakr-Sadik Nii Nai Davis
f589fd58e1
Add few modifications.
2017-07-13 01:01:18 +00:00
Abubakr-Sadik Nii Nai Davis
3d395994b0
Change environment variable prefix.
2017-07-13 00:24:57 +00:00
Abubakr-Sadik Nii Nai Davis
609c4ff01c
Move kubernetes binaries and config paths to kube-bench config.
2017-07-13 00:24:09 +00:00
Abubakr-Sadik Nii Nai Davis
2ee99eca64
Add support for various installation modes, hyperkube, kubeadm and kops.
...
Issue #17 .
2017-07-10 00:15:27 +00:00
Abubakr-Sadik Nii Nai Davis
bd53529387
Fix issue #16 about supporting verbosity.
2017-07-07 17:01:30 +00:00
Abubakr-Sadik Nii Nai Davis
06466d6573
Fix issue with kubernetes version check, where the master binary is
...
used for all modes including nodes and federated.
2017-07-06 18:31:18 +00:00
Liz Rice
6d26814cf6
Merge pull request #14 from ttousai/issue-7
...
Resolve issue #7 wait: error running audit command exit status 1.
2017-07-05 16:37:02 +01:00
Abubakr-Sadik Nii Nai Davis
dbbafd54a5
Do not exit on command exit, print error message to stderr and continue.
2017-07-05 12:56:01 +00:00
Abubakr-Sadik Nii Nai Davis
b1a76360e7
Do not clutter the output with error messages from commands in the audit pipeline.
2017-07-04 17:04:43 +00:00
Abubakr-Sadik Nii Nai Davis
6ee9bedfb8
Print verification warnings at only one point.
2017-07-04 16:53:39 +00:00
Abubakr-Sadik Nii Nai Davis
2119d119b0
Restore warning messages and dont quit on verification error.
2017-07-04 15:38:34 +00:00
Abubakr-Sadik Nii Nai Davis
e6479afd01
Reset audit commands to ps -ef ... closer to benchmark.
2017-07-04 15:19:09 +00:00
Abubakr-Sadik Nii Nai Davis
e61dcabdfb
Remove extraneous debug commands.
2017-06-30 14:56:23 +00:00
Abubakr-Sadik Nii Nai Davis
d0d9900b29
Resolve issue #7 wait: error running audit command exit status 1.
...
This is caused by a command in the audit pipeline (for example
ps -ef | grep kube-apiserver) failing. The causes of this failure
in my testing is usually a missing config file.
Extensive refactor and correction in verification code to check for
config files and binaries.
Replace joncalhoun/pipes with implementation using exec.Cmds so errors
are visible and can be handled when audit pipeline commands fail.
Change some audit commands
from: ps -ef | grep <cmd> | grep -v
to: ps -C <something> -o comm,args --no-headers
which is simpler to work with.
2017-06-30 14:19:38 +00:00
Liz Rice
e8df4aa512
Add test to validate the YAML files
2017-06-23 12:05:07 +01:00
Liz Rice
b4237ccb73
Better error handling when reading YAML files
2017-06-23 12:04:46 +01:00
Liz Rice
f920d61a6a
Merge pull request #9 from aquasecurity/json
...
If output format is JSON, don't also output human-readable warnings
2017-06-23 11:10:08 +01:00