kube-bench

mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-11-15 20:39:08 +00:00

Author	SHA1	Message	Date
Mathis Kretz	9efd942bcc	Add config paths for microk8s (#556 ) * Add config paths for microk8s * Fix order for kube-proxy conf path and fix yaml linting issue Co-authored-by: Mathis Kretz <mathis@bespinian.io> Co-authored-by: Liz Rice <liz@lizrice.com>	2020-03-16 12:37:32 +00:00
yoavrotems	60f2fb592a	Add option to do bitmask (#565 ) * Add option to do bitwise and between two value in order to compare permissions * Update test.go Removed self debug note * Update test_test.go FIx typo * Update test.go * Update test.go Switched between max and requested value, because accidentally assigned them oppositely and remove old function relate to octal base * Update test_test.go * Update test_test.go	2020-03-16 12:25:46 +00:00
Huang Huang	70988356c8	Support config files which use .yml file extension (#586 ) Co-authored-by: Roberto Rojas <robertojrojas@gmail.com>	2020-03-03 12:03:21 -05:00
Abubakr-Sadik Nii Nai Davis	d988b81540	CIS GKE 1.0.0 benchmark (#570 ) * Add initial commit for CIS GKE 1.0 benchmark * Update README with GKE instructions * Fix YAML linter issues * Set GKE benchmark k8s version to gke-1.0 * Add tests for gke-1.0 Co-authored-by: Roberto Rojas <robertojrojas@gmail.com>	2020-03-03 09:51:48 -05:00
Thorsten Schifferdecker	237f8cf818	fix small typo (#592 ) proykubeconfig -> proxykubeconfig	2020-03-02 16:35:01 +00:00
Huang Huang	65fb352e0e	Change to checking `--disable-admission-plugins` for cis-1.4-1.1.27 and cis-1.5-1.2.14 (#584 ) Fixes #582	2020-02-18 09:37:50 -05:00
LukasAuerbeck	037bb14729	added 444, 440, 400 and 000 file permission checks for all benchmarks (#563 ) Co-authored-by: Liz Rice <liz@lizrice.com>	2020-01-22 14:40:01 +00:00
mustafa-rean	89f8e454ba	Resolved bug in master.yml for cis-1.5 for the apiserverbin variable name (#567 ) Co-authored-by: Liz Rice <liz@lizrice.com>	2020-01-22 14:00:23 +00:00
Murali Paluru	48e33d33e5	fix mismatching checks, tests (#544 )	2020-01-07 12:31:07 +00:00
James Ward	5f34058dc7	Support Linting YAML as part of Travis CI build (#554 ) * add yamllint command to travis CI installs and runs a linter across the YAML in the project to ensure consistency in the written YAML. this uses yamllint and the default yamllint config with "truthy" and "line-length" disabled. * run dos2unix on CRLF files * YAMLLINT: remove trailing spaces * YAMLLint: add YAML document start * YAMLLint: too many spaces around bracket * YAMLLint: fix indentation * YAMLLint: remove duplicate key * YAMLLint: newline at end of file * YAMLLint: Too few spaces after comma * YAMLLint: too many spaces after colon	2020-01-06 09:18:25 +00:00
Roberto Rojas	13193d75b0	Fixes Issue #535 (#537 ) * isEtcd should not run on openshift 3.10/3.11 * adds openssl * fixed tests * fixes bugs * adds isEtcd tests	2019-12-13 10:09:30 -05:00
Huang Huang	4a07f87e6f	Fix remediations about file permission (#534 ) * Fix remediation of 2.2.3 in cis-1.3 * Fix remediation of 4.1.1 in cis-1.5	2019-12-10 13:57:07 -05:00
Mateus Caruccio	6e1c39237a	Openshift configs (#526 ) * Adds openshift to autodetect node type * detect okd node units	2019-12-09 09:07:44 -05:00
Roberto Rojas	af976e6f50	Fixes Issue #494 - add tests for CIS 1.5 (#530 ) * Initial commit. * Add master and node config. * Add section 5 of CIS 1.5.1. * Split sections into section files * Fix YAML issues. * adds target translation * adds target translation * adds cis-1.5 mapping * fixed tests * fixes are per PR * fixed intergration test * integration kind test file to appropriate ks8 version * fixed etcd text * fixed README * fixed text * etcd: fixed grep path * etcd: fixes * fixed error message bug * Update README.md Co-Authored-By: Liz Rice <liz@lizrice.com> * Update README.md Co-Authored-By: Liz Rice <liz@lizrice.com> * fixes as per PR review	2019-12-05 15:55:44 -05:00
Huang Huang	7015f4b4b5	Fix remediation of 2.2.3 (#527 )	2019-12-04 07:06:50 -08:00
Roberto Rojas	9c6d4de860	Issue #421 : Merges PR #422 with master (#523 ) * Add kubeconfig location of kube-proxy for AKS * Add job for AKS node * Automate ca file permission check * removed job-aks.yaml as other PRs added needed features * fixed integration test due to merge changes	2019-11-27 15:30:29 +00:00
Liz Rice	d7b5422e8a	Fix detection of encryption-provider-config (#513 ) Fixes: https://github.com/aquasecurity/kube-bench/issues/420 Signed-off-by: Manuel Rüger <manuel@rueg.eu>	2019-11-05 19:45:40 -05:00
Roberto Rojas	7ca438b618	Fixes Issue 269 - Numbering to use CIS Versions (#511 ) * starting benchmark flag * Revert "starting benchmark flag" This reverts commit `58fc948626`. * fixes issue #269 * add more unit tests * fix bug * Update cmd/common.go Co-Authored-By: Liz Rice <liz@lizrice.com> * fixes as per PR review * fixes as per PR review * adds more tests * fixed tests * changes as per PR Review * changes as per PR Review * updated README * Update README.md Co-Authored-By: Liz Rice <liz@lizrice.com> * Update README.md Co-Authored-By: Liz Rice <liz@lizrice.com> * Update README.md Co-Authored-By: Liz Rice <liz@lizrice.com> * Update README.md Co-Authored-By: Liz Rice <liz@lizrice.com> * changes are per PR review	2019-11-05 16:31:27 -05:00
mwwolters	8276e521d4	Changed 1.3.3 to check that --use-service-account-credentials isn't set to false, but the flag is set (#442 )	2019-11-05 21:29:16 +01:00
Roberto Rojas	13fe1cdfb8	Fixes issue #501 : specifying absolute path for both ps and cat (#508 ) * fixes issue #501 * specify abolute path for ps and cat	2019-11-01 13:10:52 +00:00
Kevin W Monroe	04946a48fb	add snap component paths to default config (#414 )	2019-10-25 20:19:56 -04:00
Prem Kumar	01ee110ac4	Fix repetitive flags in some ocp-3.11 tests (#462 ) * fix flag repetition in ocp-3.11/node.yaml * fix flag repetition in ocp-3.11/master.yaml	2019-10-25 20:12:56 -04:00
Arpit Pandey	ce0137a31a	Fix few typos (#469 )	2019-10-24 14:05:13 -07:00
Simarpreet Singh	d77eab2234	master.yaml: Add --audit-policy-file check for 1.1.37. (#440 ) * master.yaml: Add --audit-policy-file check for 1.1.37. Signed-off-by: Simarpreet Singh <simar@linux.com> * fix-177: fix line endings Signed-off-by: Simarpreet Singh <simar@linux.com>	2019-10-18 13:23:23 -07:00
Simarpreet Singh	d12a45bba9	Properly initialize viper library when checking for master components (#434 ) * common_test: Add a failing test to show the SISEGV Signed-off-by: Simarpreet Singh <simar@linux.com> * common: Go green by fixing isMaster() to instantiate viper Signed-off-by: Simarpreet Singh <simar@linux.com> * common: Inject a seam for getBinariesFunc to be patched-in. Also adds additional tests to showcase unhappy behaviors. Signed-off-by: Simarpreet Singh <simar@linux.com> * common_test: Rename TestIsMaster() Signed-off-by: Simarpreet Singh <simar@linux.com> * common: init viper with master config Signed-off-by: Simarpreet Singh <simar@linux.com> * common: Add a pre-check if valid yaml is passed but doesn't include master. Also adds additional tests to showcase unhappy behaviors. Signed-off-by: Simarpreet Singh <simar@linux.com> * mod: Upgrade viper to v1.4.0 Signed-off-by: Simarpreet Singh <simar@linux.com> * common: Refactor node only yaml to a file Signed-off-by: Simarpreet Singh <simar@linux.com> * common: Log when master components are not found Signed-off-by: Simarpreet Singh <simar@linux.com> * common_test: Refactor subtests into a table Signed-off-by: Simarpreet Singh <simar@linux.com>	2019-10-14 11:15:08 -04:00
Roberto Rojas	a6ee61fd08	Fixes issue #289 : removed versions prior to 1.11 (#429 ) * removed version prior to 1.11 * removed references to kubernetes versions prior to 1.11	2019-10-14 10:52:43 -04:00
Roberto Rojas	3aa41db166	Issue #353 : Merges JSON and Exec Params files (#426 ) * starts fixes #353 * new approach to minize duplications * applied merged yaml files for v1.11 and v1.13 * yaml files json/params merged * fixes to remove double quotes from numbers and booleans * fixed bug * fixed certificate check * removed -json files * changes based on PR review * Update check/check_test.go Yay more tests! Co-Authored-By: Liz Rice <liz@lizrice.com> * changes as PR review * fixed bug when scored check is missing tests * attempt to improve the code * fixed list breaks * removes handleError function * Update check/check.go Accepting suggested log level. Co-Authored-By: Liz Rice <liz@lizrice.com>	2019-10-14 10:37:10 -04:00
Roberto Rojas	c22f81610d	removes federated (#431 )	2019-10-12 19:00:26 -04:00
yoavrotems	89afda1f63	Add [Manual test] to remediation in all the manual tests (#435 )	2019-10-09 16:26:02 +01:00
Simarpreet Singh	37f626dce6	cfg: Make proxy checks optional (#436 ) Signed-off-by: Simarpreet Singh <simar@linux.com>	2019-10-08 11:53:39 +01:00
Roberto Rojas	41e0ae77de	changes to use the "op: valid_elements" operation to manage list of items (#402 )	2019-09-03 13:36:47 +01:00
yoavrotems	ea9089bd42	update the yaml according (#410 ) The update is from the new cis version 1.4.1. like been done in https://github.com/aquasecurity/kube-bench/issues/370	2019-09-02 16:40:45 +01:00
Roberto Rojas	ec3b1076c0	Fixes issue #407 (#409 ) * fixes issue #407 * fixes issue #407	2019-08-30 17:33:14 +01:00
Roberto Rojas	13dfa15ad6	Fixes Issue #396 - Replaces $kubeletconf for $kubeletsvc (#399 ) * fixes issue #396 * reverts remediation text change * changes to 1.11-json and 1.13-json as per PR review * Tiny typo	2019-08-30 15:21:41 +01:00
Liz Rice	a2466da4b0	Correct 1.1.13 to match CIS spec (#406 ) Text should say Not Scored	2019-08-30 15:10:30 +01:00
Roberto Rojas	7a53806863	fixes issue #346 by explicitly only checking read-only property (#404 )	2019-08-30 08:56:48 +01:00
yoavrotems	4b5a877f1f	Remove some tests from been manual (#398 ) * Remove some tests from been manual * Remove some tests from been manual	2019-08-29 08:54:29 +01:00
Roberto Rojas	f343d36862	hyperkube v1.15 renamed "proxy" to "kube-proxy" (#400 )	2019-08-28 16:53:48 +01:00
Roberto Rojas	3e5d02e920	fixes issue #386 (#397 ) * fixes issue #386 * Correct typo	2019-08-28 09:27:56 +01:00
Abubakr-Sadik Nii Nai Davis	a3b8ba58ad	Fix error converting from string to integer (#392 ) Replace the `gt` with `eq` for string comparison of kube-bench check 2.1.6 in `cfg/1.6/node.yaml`.	2019-08-23 16:15:21 +01:00
Patrick Lieberg	0d81ef10d5	Update config.yaml to add Azure AKS file locations for kubelet (#383 ) * testing Azure config locations * "Updated default config.yaml to incorporate Azure AKS file locations for kubelet" * "Adjusted order of new lines. Removed unneeded lines."	2019-08-22 14:52:34 +01:00
mwwolters	787bf6ca4d	Updated check to pass if flag isn't set (#379 )	2019-08-09 18:24:20 +01:00
Liz Rice	f8b2f6c841	Correct 1.4.21 text (#356 ) 1.4.21 is about the PKI key file not the certificate	2019-08-07 17:17:21 +01:00
yoavrotems	136e9cd731	Remove federated from ocp (#381 ) * Delete federated.yaml There is no federated tests in ocp * Delete federated.yaml There are no federated tests in OCP	2019-08-07 16:52:04 +01:00
Efrat Levitan	b8a463f051	Correction to 1.13 and 1.13-json test 2.1.5 (#380 )	2019-08-07 03:33:09 -07:00
yoavrotems	22b971a633	fixes-according-kube-cis1.4.1 (#376 ) * Update master.yaml * Update node.yaml Fix 2.1.11 - got DEPRECATED 2.1.14 changed to be a set of options, would be fixed by https://github.com/aquasecurity/kube-bench/pull/367 * Update master.yaml * Update node.yaml change 2.1.11 Title, and state to not scored	2019-08-06 06:19:29 -07:00
Roberto Rojas	0422368615	issue #369 : fixes RotateKubeletServerCertificate tests in 1.13-json (#371 )	2019-08-06 00:58:35 -07:00
mwwolters	893aa3588c	Updated check to pass if flag isn't set (#375 )	2019-07-30 10:09:24 -07:00
Roberto Rojas	937bfc7b2e	issue #344 : Adds support for array comparison. Every element in the s… (#367 ) * issue #344: Adds support for array comparison. Every element in the source array must exist in the target array. * issue #344: Fixed typo and found if condition based on code review * adds unit tests for valid_elements comparison * removes spaces from split strings	2019-07-26 11:11:59 -07:00
Roberto Rojas	c87c5cfb51	Fixes bugs on tests 2.1.4 and 2.1.5 - 1.13-json (#365 ) * Adds bin_op to Test 2.1.4 * Adds bin_op to Test 2.1.5	2019-07-13 07:35:44 +01:00

1 2 3 4

175 Commits