1
0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-11-27 02:18:16 +00:00
Commit Graph

288 Commits

Author SHA1 Message Date
Liz Rice
dee64c30ae Create OWNERS 2017-08-11 16:06:44 +01:00
Liz Rice
0bbc867396 Merge pull request #32 from aquasecurity/issue-19-2
Issue 19, take 2
2017-08-08 22:26:22 +01:00
Liz Rice
767e8eb835 Sorting out the bad merge 2017-08-08 22:22:47 +01:00
Abubakr-Sadik Nii Nai Davis
9c07527069 Remove misleading comment about manual checks in node check definition. 2017-08-08 22:18:03 +01:00
Abubakr-Sadik Nii Nai Davis
c39516581b Add master node manual check definitions. 2017-08-08 22:17:44 +01:00
Abubakr-Sadik Nii Nai Davis
09ca739dc0 Add check type manual.
Results of manual checks are forced to WARN to inform users to check manually.
2017-08-08 22:17:37 +01:00
Liz Rice
16fbf084e9 Merge pull request #31 from aquasecurity/revert-30-issue-19
Revert "Issue 19"
2017-08-08 22:00:43 +01:00
Liz Rice
b5f4876138 Revert "Issue 19" 2017-08-08 22:00:06 +01:00
Liz Rice
ffeb33defd Merge pull request #30 from ttousai/issue-19
Issue 19
2017-08-07 16:24:08 +01:00
Liz Rice
cf5f025593 Merge branch 'master' into issue-19 2017-08-07 16:23:59 +01:00
Liz Rice
2b4047a3c1 Merge pull request #28 from ttousai/errorhandling
Improve error handling.
2017-08-07 10:06:32 +01:00
Abubakr-Sadik Nii Nai Davis
7bb66dd2da Rename warning printing functions.
printlnWarn: prints warning with a newline.
sprintWarn: returns an optionally contextualized warning string.
2017-08-06 16:59:03 +00:00
Abubakr-Sadik Nii Nai Davis
9c563b0987 Remove misleading comment about manual checks in node check definition. 2017-08-06 16:41:39 +00:00
Abubakr-Sadik Nii Nai Davis
29122b82ad Add master node manual check definitions. 2017-08-06 16:14:41 +00:00
Abubakr-Sadik Nii Nai Davis
43c1470c0e Add check type manual.
Results of manual checks are forced to WARN to inform users to check manually.
2017-08-06 15:29:55 +00:00
Abubakr-Sadik Nii Nai Davis
82c92e0078 Change function name to be clearer about the fact it returns a string. 2017-08-06 14:25:02 +00:00
Liz Rice
1c58dfefbb Revert "Add Docker build & push to Travis job" - it's already being built on Docker Hub!
This reverts commit b339a753b5.
2017-08-03 16:05:27 +01:00
Liz Rice
b339a753b5 Add Docker build & push to Travis job 2017-08-03 15:53:49 +01:00
Liz Rice
21b7d8d9d6 Merge pull request #24 from ttousai/issue-19
Update controls to CIS Kubernetes Benchmark v1.1.0
2017-07-25 09:05:29 +01:00
Abubakr-Sadik Nii Nai Davis
f88de572f6 Improve error handling. 2017-07-25 00:34:07 +00:00
Abubakr-Sadik Nii Nai Davis
e08e069174 Update controls to CIS Kubernetes Benchmark v1.1.0 2017-07-24 17:30:13 +00:00
Liz Rice
34dd31970a Update README about installation flag 2017-07-20 17:33:21 +01:00
Liz Rice
a6a784f55f Merge pull request #18 from ttousai/issue-17
Issues #17, #16
2017-07-17 18:25:53 +01:00
Abubakr-Sadik Nii Nai Davis
f589fd58e1 Add few modifications. 2017-07-13 01:01:18 +00:00
Abubakr-Sadik Nii Nai Davis
3d395994b0 Change environment variable prefix. 2017-07-13 00:24:57 +00:00
Abubakr-Sadik Nii Nai Davis
609c4ff01c Move kubernetes binaries and config paths to kube-bench config. 2017-07-13 00:24:09 +00:00
Abubakr-Sadik Nii Nai Davis
2ee99eca64 Add support for various installation modes, hyperkube, kubeadm and kops.
Issue #17.
2017-07-10 00:15:27 +00:00
Abubakr-Sadik Nii Nai Davis
bd53529387 Fix issue #16 about supporting verbosity. 2017-07-07 17:01:30 +00:00
Abubakr-Sadik Nii Nai Davis
06466d6573 Fix issue with kubernetes version check, where the master binary is
used for all modes including nodes and federated.
2017-07-06 18:31:18 +00:00
Liz Rice
6d26814cf6 Merge pull request #14 from ttousai/issue-7
Resolve issue #7 wait: error running audit command exit status 1.
2017-07-05 16:37:02 +01:00
Abubakr-Sadik Nii Nai Davis
dbbafd54a5 Do not exit on command exit, print error message to stderr and continue. 2017-07-05 12:56:01 +00:00
Abubakr-Sadik Nii Nai Davis
b1a76360e7 Do not clutter the output with error messages from commands in the audit pipeline. 2017-07-04 17:04:43 +00:00
Abubakr-Sadik Nii Nai Davis
6ee9bedfb8 Print verification warnings at only one point. 2017-07-04 16:53:39 +00:00
Abubakr-Sadik Nii Nai Davis
2119d119b0 Restore warning messages and dont quit on verification error. 2017-07-04 15:38:34 +00:00
Abubakr-Sadik Nii Nai Davis
e6479afd01 Reset audit commands to ps -ef ... closer to benchmark. 2017-07-04 15:19:09 +00:00
Abubakr-Sadik Nii Nai Davis
e61dcabdfb Remove extraneous debug commands. 2017-06-30 14:56:23 +00:00
Abubakr-Sadik Nii Nai Davis
d0d9900b29 Resolve issue #7 wait: error running audit command exit status 1.
This is caused by a command in the audit pipeline (for example
ps -ef | grep kube-apiserver) failing. The causes of this failure
in my testing is usually a missing config file.

Extensive refactor and correction in verification code to check for
config files and binaries.

Replace joncalhoun/pipes with implementation using exec.Cmds so errors
are visible and can be handled when audit pipeline commands fail.

Change some audit commands
from: ps -ef | grep <cmd> | grep -v
to:   ps -C <something> -o comm,args --no-headers

which is simpler to work with.
2017-06-30 14:19:38 +00:00
Liz Rice
e8df4aa512 Add test to validate the YAML files 2017-06-23 12:05:07 +01:00
Liz Rice
b4237ccb73 Better error handling when reading YAML files 2017-06-23 12:04:46 +01:00
Liz Rice
f920d61a6a Merge pull request #9 from aquasecurity/json
If output format is JSON, don't also output human-readable warnings
2017-06-23 11:10:08 +01:00
Liz Rice
1b3144af37 Hopefully this adds go tests to the travis job 2017-06-23 10:52:08 +01:00
Liz Rice
07750ea43a Don't output message about config file if output format is JSON 2017-06-23 10:48:49 +01:00
Liz Rice
6340ee44c5 Don’t output warnings as text if we’re generating JSON output. Add error handling in a few missing cases. Some comment tidying. 2017-06-23 10:41:40 +01:00
Liz Rice
f6509b804e Typo 2017-06-23 10:28:58 +01:00
Liz Rice
b36832e40c Correct block-copy error in flanneld config directory 2017-06-23 09:58:46 +01:00
Liz Rice
1be52fb304 Add missing error output if JSON output can't be emitted 2017-06-23 09:40:53 +01:00
Liz Rice
44136fa080 Add image and commit badges to README 2017-06-22 16:36:50 +01:00
Liz Rice
e69ccba8c7 Docker build hook to add label info 2017-06-22 16:22:54 +01:00
Liz Rice
74ca02298e Add image labels 2017-06-22 16:15:42 +01:00
Liz Rice
3b93167c07 And now correct the flag and put it in the right place 2017-06-22 16:02:36 +01:00