1
0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-12-18 20:58:10 +00:00
Commit Graph

747 Commits

Author SHA1 Message Date
Liz Rice
b98dfbc718 Dockerfile fix to copy all the cfg files 2017-10-02 06:38:45 -04:00
Liz Rice
9b121de50a Merge pull request #55 from aquasecurity/client-server-error-message-on-1.6
Client server error message on 1.6
2017-09-27 15:06:48 +01:00
Abubakr-Sadik Nii Nai Davis
018ad12a64 Log benchmark definition file at verbosity level 1. 2017-09-26 23:33:47 +00:00
Abubakr-Sadik Nii Nai Davis
73a37a0c16 Delete tests for verifyKubeVersion and support functions. 2017-09-26 23:24:44 +00:00
Abubakr-Sadik Nii Nai Davis
88a003090f Delete verifyKubeVersion support functions. 2017-09-26 23:23:34 +00:00
Abubakr-Sadik Nii Nai Davis
a95d083049 Remove call to verifyKubeVersion.
This functionality is fulfilled by getKubeVersion.
2017-09-26 23:20:28 +00:00
Liz Rice
d01faef457 Merge pull request #52 from ttousai/new-auto-detect
Support multiple kubernetes version
2017-09-21 09:30:34 -05:00
Abubakr-Sadik Nii Nai Davis
d9e1eee2cd Merge remote-tracking branch 'origin/master' into support for multiple
Kubernetes versions.
2017-09-20 00:39:30 +00:00
Abubakr-Sadik Nii Nai Davis
56fa20103a Add function to retrieve Kubernetes server version.
The server version is used to load the correct benchmark check
to run against the Kubernetes cluster.
2017-09-17 19:49:13 +00:00
Abubakr-Sadik Nii Nai Davis
8ea0892437 Update controls to support multiple Kubernetes versions. 2017-09-17 00:09:02 +00:00
Abubakr-Sadik Nii Nai Davis
f2e744bdcb Reorganize benchmark checks into Kubernetes 1.7 and restore Kubernetes 1.6 benchmarks. 2017-09-15 19:38:09 +00:00
Liz Rice
95bb80b7db Merge pull request #51 from aquasecurity/add-test
Add tests for #50
2017-09-15 15:11:10 +01:00
Liz Rice
e8579ade6c Add tests for #50 2017-09-13 15:32:33 +01:00
Liz Rice
a6d4f2fb59 Merge pull request #50 from junaid18183/master
Fixed issue admission control showing wrong status
2017-09-13 15:29:16 +01:00
Juned Memon
44994ced33 Fixed issue of The controls for master - admission control showing wrong status #49 2017-09-13 04:31:43 +05:30
Liz Rice
883b963e21 Merge pull request #48 from aquasecurity/auto-detect
Update README for auto-detection of executables and config files
2017-09-04 10:25:53 +01:00
Liz Rice
9a500229a4 Update README for auto-detection of executables and config files 2017-09-04 10:11:34 +01:00
Liz Rice
516343eb06 Merge pull request #47 from aquasecurity/auto-detect
Auto-detect executables and config files
2017-09-04 10:00:24 +01:00
Liz Rice
c4be4a1240 Remove installation flag and some other unused variables 2017-08-31 17:52:21 +01:00
Liz Rice
de12829923 Correct test to cope with multi-line ps output 2017-08-31 17:43:07 +01:00
Liz Rice
a6036bcfcf Corrections to config file substitutions. Use “kubernetes” as a fake component name so we can more easily substitute “kubernetesconf” 2017-08-31 17:39:48 +01:00
Liz Rice
e4a89123e0 Move message about which config file we’re using into a log at the start 2017-08-31 17:38:11 +01:00
Liz Rice
8380ad1ef3 Better detection of running executables 2017-08-31 16:01:31 +01:00
Liz Rice
d637d8714a Fix and add tests 2017-08-31 15:22:30 +01:00
Liz Rice
a3197f8efe Reorder YAML to make a bit more sense. Allow for optional components, and a config file that we don’t think exists. 2017-08-31 14:45:16 +01:00
Liz Rice
e4b905e360 Log when there’s no substitution 2017-08-31 14:43:59 +01:00
Liz Rice
f5550fd8bd Node type is now verified by looking for running binaries from a set of options 2017-08-31 14:43:35 +01:00
Liz Rice
0e9c11ebd5 Remove empty error messages that manifested as "%s" 2017-08-31 14:41:52 +01:00
Liz Rice
6a5a62b278 Autodetect the binaries and config files from a set of options 2017-08-30 18:37:01 +01:00
Liz Rice
e4e41683c4 Update the config file 2017-08-30 18:36:00 +01:00
Liz Rice
f5cef922cc Functions and tests for finding binaries and config files 2017-08-30 18:01:53 +01:00
Liz Rice
7600dd9dd6 Make the ps / fakeps function global so we don’t have to pass it around so much 2017-08-30 17:51:28 +01:00
Liz Rice
0bc00e0036 Slightly more robust looking for running executables 2017-08-30 17:48:12 +01:00
Liz Rice
9114e139cf Function to find which of a set of executables is running 2017-08-30 12:07:46 +01:00
Liz Rice
89e9d37cde Merge pull request #43 from aquasecurity/issue-42
Change node check 2.1.6 to use operation `noteq` instead of `gt`.
2017-08-25 11:13:11 +01:00
Abubakr-Sadik Nii Nai Davis
3e3aa0ed82 Change node check 2.1.6 to use operation noteq instead of gt.
Kubelet option --streaming-connection-idle-timeout expects a string
value which fails parsing to integer for greater than comparison.

The string "0" indicates no timeout and this is what we are checking
for.
2017-08-24 18:33:32 +00:00
Liz Rice
8c0761149d Merge pull request #40 from aquasecurity/roadmap
Roadmap
2017-08-15 20:21:30 +01:00
Liz Rice
124647a05c Merge branch 'master' into roadmap 2017-08-15 20:14:23 +01:00
Liz Rice
42948d91ba Merge pull request #39 from aquasecurity/config-files
Better config file locations for hyperkube
2017-08-15 20:14:08 +01:00
Liz Rice
f48ad5eb54 Merge branch 'master' into roadmap 2017-08-15 20:12:12 +01:00
Liz Rice
cf62def9fd Better config file locations 2017-08-15 20:07:27 +01:00
Liz Rice
a6a1ce945f Merge pull request #37 from aquasecurity/multiple-words
Support executables with multiple words (e.g. hyperkube apiserver)
2017-08-15 19:00:31 +01:00
Liz Rice
20e7f0a433 Merge branch 'master' into multiple-words 2017-08-15 18:40:10 +01:00
Liz Rice
af0eadc792 Add a couple more tests for file permission checks 2017-08-15 18:34:07 +01:00
Liz Rice
549adf23bd Merge pull request #36 from ttousai/issue-25
Issue #25
2017-08-15 18:32:29 +01:00
Liz Rice
6b9f117f87 Allow for multiple words in executable names 2017-08-15 17:00:35 +01:00
Abubakr-Sadik Nii Nai Davis
086bb629db Add 640 to permission checks. 2017-08-15 15:56:37 +00:00
Abubakr-Sadik Nii Nai Davis
e6f2b4d4fe Add config checks for permissions stricter that 644 to definition files. 2017-08-15 15:47:01 +00:00
Liz Rice
34f8b8e980 Simplify verifying binaries and config files 2017-08-15 16:44:40 +01:00
Liz Rice
86d49b1b1a We don’t care whether the binaries are in our path or not, just whether they are running 2017-08-15 16:01:27 +01:00