Huang Huang
182e64753e
mount /etc/passwd and /etc/group for etcd ownership related checks ( #868 )
2021-05-09 14:25:14 +03:00
Dmytro Oboznyi
d528400881
Fix file permissions false positive ( #800 )
...
* Fix file permissions false positive
Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com>
* Added kops files to config path list
Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com>
* Automated CNI files checks
Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com>
* Fixed linting
Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com>
* Fixed to right folder CNI test
Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com>
* Changed Automated to manual
Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com>
* Removed changes from remediation
Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com>
* Added path to config files
Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com>
* Update cfg/cis-1.6/master.yaml
Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>
Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com>
* Fix
Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com>
* Fix to job.yaml
Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com>
* Add extra mountpoints
Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com>
* Revert audit scripts changes
Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com>
Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>
2021-04-08 17:02:27 +03:00
Neha Viswanathan
b2d481812f
deprecate master and node subcommands ( #812 )
...
* deprecate master and node subcommands
* deprecate master and node subcommands
2021-02-23 14:23:55 +00:00
Huang Huang
17cd104788
Fixes issue #574 : change the PATH in container ( #577 )
...
* Fixes issue #574 : change the PATH in container
And change to use `/usr/local/mount-from-host/bin` as mount path.
Fixes #574
* Fix integration tests
2020-02-12 12:18:44 -05:00
Nick Smith
77f66511e7
Set all host-mounted volumes to be read-only. ( #569 )
...
By setting all host-mounted volumes to be read-only we reduce the likelihood
any host filesystem is modified by running kube-bench.
2020-01-28 10:45:31 -05:00
James Ward
5f34058dc7
Support Linting YAML as part of Travis CI build ( #554 )
...
* add yamllint command to travis CI
installs and runs a linter across the YAML in the
project to ensure consistency in the written YAML.
this uses yamllint and the default yamllint config with
"truthy" and "line-length" disabled.
* run dos2unix on CRLF files
* YAMLLINT: remove trailing spaces
* YAMLLint: add YAML document start
* YAMLLint: too many spaces around bracket
* YAMLLint: fix indentation
* YAMLLint: remove duplicate key
* YAMLLint: newline at end of file
* YAMLLint: Too few spaces after comma
* YAMLLint: too many spaces after colon
2020-01-06 09:18:25 +00:00
Liz Rice
3422b9102f
Add comment for why /usr/bin is mounted
2019-01-17 11:33:35 +00:00
Liz Rice
8021610e46
For #197 - create job YAML files that mount host volumes as needed
2019-01-11 18:44:13 +00:00