1
0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-12-19 05:08:07 +00:00
Commit Graph

81 Commits

Author SHA1 Message Date
Abubakr-Sadik Nii Nai Davis
e899e941f7 Add OCP 3.10 benchmarks. 2019-02-15 19:44:39 +00:00
Maximilian Bischoff
791fbba9e7
Changed 1.1.14 to not fail when flag is not set
Added another test item that checks whether --disable-admission-plugins is not set and an "or" bin_op. 
This causes check 1.1.14 to be successful when the flag is not set, while still failing when the flag is set and includes the value NamespaceLifecycle
2019-01-08 13:58:41 +01:00
Liz Rice
2d721ed4ad
Merge branch 'master' into rm-space-tls-cipher 2019-01-02 10:53:29 +00:00
Colin GILLE
ffe7ffb3d3
Type: trailing whitespace for rule text 2018-12-31 16:36:15 +01:00
Martin Mosegaard Amdisen
fd120d0adf Remove spaces in remediation command for tls-cipher-suites
Makes it easier to copy-paste the remediation. Matches the other occurences
of tls-cipher-suites in the configuration.
2018-12-27 14:48:21 +01:00
Liz Rice
26e28b8897
Merge branch 'master' into master 2018-12-21 11:26:53 +00:00
Maximilian Bischoff
e81b785bf8
Added missing "=" to master.yaml
In the remediation of 1.1.11 the flag --enable-admission-plugins was missing a =
2018-12-19 18:20:23 +01:00
Vladimir Dimov
645d23e1ec
fixing typos 2.1.15 2018-11-28 13:14:49 +02:00
Liz Rice
6e80b6477a
Merge branch 'master' into fix-2.1.8 2018-11-08 11:41:54 +00:00
Abubakr-Sadik Nii Nai Davis
0a5358665e By default --make-iptables-util-chain is true, so PASS if this flag is not set. 2018-11-07 23:57:38 +00:00
Abubakr-Sadik Nii Nai Davis
4f40a11e84 Change binary op from and to or. 2018-11-07 23:54:41 +00:00
Abubakr-Sadik Nii Nai Davis
c0f56e966a Fix check 1.1.37. 2018-11-06 14:35:45 +00:00
Nick Perry
e083c8f0a3 Fixes https://github.com/aquasecurity/kube-bench/issues/170
Correcting the logic of 1.1.14 for Kubernetes 1.11.
2018-10-30 23:40:41 +00:00
Liz Rice
48489637c5
Merge branch 'master' into fix-1.3.7 2018-10-29 12:08:22 +00:00
Michal Jankowski
9988503223 Fixing 1.3.7 on 1.11 master.
With multiple test items operator defaults to "and". In case of 1.3.7
the tests check whether --address flag is either set to 127.0.0.1 or not
set at all. Those conditions cannot be met at the same time.
2018-10-25 15:32:41 -07:00
Michal Jankowski
5f254de415 Fixing checks 2.2.9 and 2.2.10 on 1.11 nodes.
Path to kubelet configuration was accidentally prefixed with a dollar
symbol (probably as a result of copying some other test that used
variable name).
After removing the dollar sign from paths both checks pass on conforming
deployment.
2018-10-24 17:06:21 -07:00
Abubakr-Sadik Nii Nai Davis
97623aea05 Update kubernetes node benchmark to check kubelet systemd unitfile.
Also clean up the config file for 1.11 a bit.
2018-10-23 02:30:08 +00:00
Abubakr-Sadik Nii Nai Davis
b1369832bc A few corrections to node tests. (#2)
* Add a few corrections.

* Add a few corrections to node test file.
2018-10-13 15:48:50 -04:00
Abubakr-Sadik Nii Nai Davis
934b4aef96 Add a few corrections. (#1) 2018-10-12 10:22:08 -04:00
noqcks
e85de9e8af
fix simple errors 2018-10-09 19:16:08 -04:00
noqcks
b3a115963b
adding 1.11 config and node checks 2018-10-09 18:57:37 -04:00
noqcks
ba5ec8d4be
adding 1.11 master configuration 2018-10-09 18:34:52 -04:00
Liz Rice
c44e0db97b Inlcude .manifest extension config files for kops & kubespray 2018-06-29 10:24:09 +01:00
Liz Rice
024b7ed396
Merge branch 'master' into master 2018-06-18 08:30:24 -07:00
Julien Garcia Gonzalez
2073e08363
update 2.2.4 rules 2018-06-18 13:44:25 +02:00
Julien Garcia Gonzalez
db096c9f51
Rule node 2.2.4 is not correct 2018-06-15 15:49:55 +02:00
hutr
d736d10f90
fix sed string for 1.4.12 2018-06-07 16:34:03 +02:00
hutr
50a3725ff2
Merge branch 'master' into master 2018-06-07 16:12:04 +02:00
hutr
468f5fac6e
changes for 1.4.11 and 1.4.2
added tests: for 1.4.11 and removed grep -v grep for both
2018-06-07 16:08:43 +02:00
Erwan Miran
182e9b5e01 Addition of missing audit field in 2.2.6 node item 2018-06-05 15:27:20 +02:00
hutr
e4100a4435
fixed grep string for 1.4.11 and 1.4.22
check 1.4.11 and 1.4.22 FAIL even when permissions is correct.
2018-05-28 15:39:07 +02:00
Abubakr-Sadik Nii Nai Davis
b10b2bd22e Merge branch 'master' into fix-typo 2018-05-15 04:09:27 +00:00
Abubakr-Sadik Nii Nai Davis
aa9da13226 Fix a bunch of typos. 2018-05-15 04:08:44 +00:00
Liz Rice
1935c952d6 --request-timeout is a duration 2018-05-11 16:03:03 +01:00
Lee Briggs
d464ab5639
Wrong configuration file 2018-01-30 09:49:41 -08:00
Lee Briggs
165444df60
Test fixes for 1.8 2018-01-30 09:28:20 -08:00
Liz Rice
4b1b2b8762
Merge branch 'master' into master 2018-01-25 13:13:57 +00:00
Liz Rice
fc4fe38bc2
Merge branch 'master' into unnecessary-warning 2018-01-25 13:01:48 +00:00
Konstantin Semenov
961dbeb2b5
Correct sed regex 2018-01-25 00:34:52 +00:00
Konstantinos Karampogias
8fc6904093 Improve etcd data directory extraction
- If data-dir is not the last argument, the remaining arguments
  are captured preventing the correct checking.

Signed-off-by: Konstantin Semenov <ksemenov@pivotal.io>
2018-01-24 14:17:45 +00:00
Abubakr-Sadik Nii Nai Davis
7fcfb0cf30 Fix issue with etcd checks failing because of using " " instead of "=" to specify value.
This issue affects master checks 1.4.11 and 1.4.12.
2018-01-18 14:41:46 +00:00
Abubakr-Sadik Nii Nai Davis
53eb720952 Merge branch 'master' into unnecessary-warning 2017-11-28 17:44:53 +00:00
Abubakr-Sadik Nii Nai Davis
04f044e3b9 Add support for merging general and kubernetes version specific config files.
This change unifies all config files, podspecs and unitfiles under
a single component configuration key; `config`.
2017-11-28 17:38:34 +00:00
Liz Rice
d52e326147
Correct test config file typo 2017-11-14 18:05:40 +02:00
Liz Rice
2eb261b94f Remove odd spacing and line breaks from test config files 2017-11-02 09:51:03 +00:00
Abubakr-Sadik Nii Nai Davis
e227934c88 Add function to get unit files for kubernetes components. 2017-10-15 13:20:01 +00:00
Abubakr-Sadik Nii Nai Davis
6ce0c5bf60 Add function to get pod specs for kubernetes components. 2017-10-15 13:19:57 +00:00
Abubakr-Sadik Nii Nai Davis
8e758bb5e0 Update federated definitions. 2017-10-15 13:19:13 +00:00
Abubakr-Sadik Nii Nai Davis
82e325f96e Update 1.8 node definition. 2017-10-15 13:19:07 +00:00
Abubakr-Sadik Nii Nai Davis
04f21d1887 Update 1.8 master definition. 2017-10-15 13:17:45 +00:00