arno/kube-bench
1
0
Fork 0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-11-22 16:18:07 +00:00
Code Issues Releases Wiki Activity
1,085 Commits 4 Branches 82 Tags 157 MiB
89842dcaaa
Commit Graph

120 Commits

Author SHA1 Message Date
Liz Rice
08097d2211
Need credentials in order to run kubectl version (#332) 
Without passing in kubeconfig credentials:

```bash
$ docker run --pid=host -v /etc:/etc:ro -v /var:/var:ro -v $(which kubectl):/usr/bin/kubectl -t lizrice/kube-bench:5e6cdfd master -v 1
I0628 16:52:06.591683    6099 util.go:367] Unable to get Kubernetes version from kubectl, using default version: 1.6
I0628 16:52:06.591822    6099 common.go:74] Using benchmark file: cfg/1.6/master.yaml
...
```
As updated in the README with this fix:

```bash
docker run --pid=host -v /etc:/etc:ro -v /var:/var:ro -v $(which kubectl):/usr/bin/kubectl -v ~/.kube:/.kube -e KUBECONFIG=/.kube/config -t lizrice/kube-bench:5e6cdfd master -v 1
I0628 16:53:26.784122    7224 util.go:131] No test file found for 1.14 - using tests for Kubernetes 1.13
I0628 16:53:26.784961    7224 common.go:228] Using config file: cfg/1.13/config.yaml
...
```
 2019-07-08 22:22:48 +01:00
Liz Rice
9a900db021
docs: update WIP to draft (#324) 2019-07-03 08:27:28 +01:00
Liz Rice
0ab09a85e8
Add pull requests section 
Add pull requests section
Include instructions for kube-bench version
Other small wording changes
 2019-06-25 14:44:02 +01:00
Abubakr-Sadik Nii Nai Davis
7affbc83d8 Add github issue creation instructions. 2019-06-24 20:33:24 +00:00
Liz Rice
c76369fe2c
Add missing quote 2019-06-10 20:29:58 -07:00
Liz Rice
7f2e9b5231
Merge branch 'master' into op-regex 2019-06-11 04:28:03 +01:00
wwwil
7efa7b2c35 Add regex to list of compare ops 2019-06-05 15:29:40 +01:00
Liz Rice
81f0d9c6e3
Merge branch 'master' into Config-doc 2019-06-05 11:41:15 +02:00
Liz Rice
27df1f60ed
Clarification about worker nodes in managed k8s 
Because we don’t want to put people off running kube-bench altogether in these environments
 2019-06-01 18:17:09 +02:00
030
9d0e3491a0 [GH-191] explained that master nodes cannot be inspected in managed k8s 2019-06-01 16:40:50 +02:00
Liz Rice
df3577519c
Document version-specific config files 
Values in the version-specific files override the main file
 2019-05-30 22:55:48 +01:00
Liz Rice
a800ac6ccc
Merge branch 'master' into json-config 2019-04-24 09:29:18 +01:00
Liz Rice
ceb44583dd
Tidy up a couple of things 2019-04-23 16:07:27 +01:00
Liz Rice
f9d0f4acc1
Add OCP info into the README 2019-04-23 11:59:54 +01:00
Liz Rice
a613f6f028
Document job for EKS 2019-04-11 19:00:17 +01:00
Liz Rice
902a10f1c7
Just have one path for both json and yaml 2019-04-11 17:09:33 +01:00
Liz Rice
c887794807
Merge branch 'master' into feature/json-config 2019-04-11 10:03:07 +01:00
Liz Rice
b5f3299e92
Merge branch 'master' into document-output 2019-04-11 09:04:04 +01:00
Liz Rice
df556c2f42
Add CIS & Kubernetes version mapping to README 2019-03-27 14:21:22 +00:00
Liz Rice
488f5221ef
Document output states 
Also describe how tests can be omitted by editing the YAML
 2019-03-26 10:37:17 +00:00
Florent Delannoy
abfc38d672 Update documentation after review 2019-03-21 15:05:20 +00:00
Florent Delannoy
4d3144ca21 Support JSON and YAML configuration 
Support new configuration options besides --flags:
- JSON file through `jsonpath`
- YAML file through `yamlpath`

These new options are fully backwards-compatible with the existing
tests.

Added a new profile, 1.11-json, that expects a JSON kubelet
configuration file and scores accordingly. This profile is compatible
with EKS.
 2019-03-21 12:13:31 +00:00
Cyril Tovena
5baf81a70a Adds master node detection and a root command that automatically detect checks to run. 
The root command will run node checks and if possible master checks.
I've also added some Makefile targets to improve local testing and improve the documentation.
 2019-03-12 19:32:05 -04:00
Liz Rice
79427e185e
Merge branch 'master' into patch-1 2019-01-15 11:05:27 +00:00
Liz Rice
6b9ceae9d4
True for Windows too 2019-01-15 11:05:04 +00:00
Spencer Owen
2a9a02f25b
warn osx limitation 2019-01-14 10:41:19 -07:00
Liz Rice
8021610e46
For #197 - create job YAML files that mount host volumes as needed 2019-01-11 18:44:13 +00:00
Liz Rice
3a662b3ff6
Merge branch 'master' into doc-kubectl-host-pid 2019-01-02 10:53:04 +00:00
Colin GILLE
af7ad90477
Advise the use to mount /etc & /var read only for docker usage 2018-12-31 16:39:31 +01:00
Martin Mosegaard Amdisen
ba03d8f64b Document limitation of running with kubectl 
Once the master node recommended check:

1.1.12 Ensure that the admission control plugin DenyEscalatingExec is set

has been followed, it is no longer possible to run kube-bench itself using kubectl.
 2018-12-27 13:10:00 +01:00
Sean Slattery
5ca498cd50
Fix typo on README.md 2018-12-20 11:19:44 -08:00
Liz Rice
bdbbe41b69
Also /var 2018-11-20 13:22:36 +00:00
Liz Rice
ba9985047c
read config files from host /etc 
I don't see how kube-bench can check the permissions on files unless it has access to them on the host, so I think we need to be mounting the /etc directory from the host
 2018-11-20 10:18:06 +00:00
Johannes M. Scheuermann
b3b3cb819a Correct readme for 1.11 example 
Signed-off-by: Johannes M. Scheuermann <joh.scheuer@gmail.com>
 2018-11-07 21:51:52 +01:00
noqcks
ded5aff482
update README 2018-10-09 18:58:30 -04:00
noqcks
e5c05a97f7
updating README with 1.11 updates 2018-10-09 18:56:48 -04:00
Luke Bond
8894b1dc4f
Update README.md 
Specify `-t` to get colour in the Docker output.
Added a note about mounting kubectl or kubelet to get the version.
 2018-09-03 23:05:48 +01:00
bvwells
cc43fcbb7e Add link to CIS kubernetes benchmark 2018-08-10 20:55:02 +01:00
Will Medlar
6c7422a938 Migrate dependency management to dep 2018-05-16 18:16:41 -05:00
Abubakr-Sadik Nii Nai Davis
b4b3ebe99c Add instruction for running kube-bench against a kubernetes cluster. 
#218
 2018-05-15 04:40:41 +00:00
Abubakr-Sadik Nii Nai Davis
609335510a Remove kube-bench --help output. 
It has grown stale and no longer reflects the supported options, and can be misleading (see #127).
 2018-05-15 04:24:33 +00:00
Liz Rice
b26b23e573 Script needs to actually install kube-bench & its config! 2018-05-11 15:39:11 +01:00
Liz Rice
7460037528
Add link to releases page 2018-05-11 12:47:04 +01:00
Will Medlar
1cff0c4da1 Clarify that only Linux is supported when installing from container 2018-05-06 14:01:49 -05:00
Will Medlar
0714683371 Modify entrypoint to allow execution of kube-bench as default 2018-05-06 13:57:58 -05:00
Liz Rice
cb4bec9120
logo instead of heading 2018-04-20 13:07:49 +01:00
Liz Rice
f065893f52
Add logo to readme 2018-04-20 13:05:30 +01:00
clemensw
95769cae83
Update README.md to reflect that the --installation option has been removed. 2018-02-23 17:12:52 +01:00
Liz Rice
1e25e089d0
Minor format update to readme 2018-01-11 16:54:40 +00:00
Lee Briggs
216b1d497a
Fix glide install instructions 2018-01-11 08:23:46 -08:00
Lee Briggs
033ab5638c
Add glide dependencies 
Also update build from source instructions
 2018-01-09 12:54:18 -08:00
Liz Rice
83e58b86db
Update README for Kubernetes 1.8 support 2017-11-01 15:04:25 +00:00
Liz Rice
478e378752 Remove reference to specific benchmark version 
We support multiple versions of the CIS benchmark
 2017-10-26 16:12:36 -04:00
Liz Rice
9a500229a4 Update README for auto-detection of executables and config files 2017-09-04 10:11:34 +01:00
Liz Rice
4e17e3b3d5 Update README.md 2017-08-11 18:24:53 +01:00
Liz Rice
34dd31970a Update README about installation flag 2017-07-20 17:33:21 +01:00
Liz Rice
44136fa080 Add image and commit badges to README 2017-06-22 16:36:50 +01:00
Liz Rice
0c30f24b59 Travis build name got updated so the badges need updating too 2017-06-22 15:51:29 +01:00
jerbia
432651e85f Added test 1.4.11 (#8) 2017-06-21 22:45:50 +03:00
jerbia
d3bbf2698e Removed extra '\' sign (#6) 
There was an extra '\' sign in the docker pull command
 2017-06-21 14:46:23 +03:00
Amir Jerbi
9a471ef1a4 Added screenshot 2017-06-20 13:43:03 +03:00
Liz Rice
dcd416a521 Executable name changes 
Updates to travis file, readme and help text
 2017-06-20 09:52:53 +01:00
jerbia
3bafeac47c Update README.md 2017-06-20 10:32:11 +03:00
jerbia
5e4baae23e Update README.md 2017-06-20 00:29:58 +03:00
jerbia
1d44458e93 Update README.md 2017-06-20 00:07:58 +03:00
jerbia
c53a0ac6f4 Update README.md 2017-06-20 00:06:30 +03:00
Amir Jerbi
55fd838191 No need to run install.sh. 
Simply clone the project, compile the go app and run ./cis_kubernetes
 2017-06-20 00:03:46 +03:00
Liz Rice
26cc77ec1d Get the tests working on deployments where file names may be different or not in path (#1) 
* Replace the default help text

* Readme file, including the test config format documentation

* Typo

* Warn if config files / executables aren't found

* Ignore original name of executable (as per current README)

* Update tests to avoid failing on stat of a non-existant file

* Add a makefile for ease of build
 2017-06-19 23:17:19 +03:00
Liz Rice
7d091c5eba Minor format change 2017-06-19 15:52:11 +01:00
Liz Rice
e1959b66db Add README 2017-06-19 15:50:49 +01:00