Julien Garcia Gonzalez
2073e08363
update 2.2.4 rules
6 years ago
Julien Garcia Gonzalez
db096c9f51
Rule node 2.2.4 is not correct
6 years ago
hutr
d736d10f90
fix sed string for 1.4.12
6 years ago
hutr
50a3725ff2
Merge branch 'master' into master
6 years ago
hutr
468f5fac6e
changes for 1.4.11 and 1.4.2
...
added tests: for 1.4.11 and removed grep -v grep for both
6 years ago
Erwan Miran
182e9b5e01
Addition of missing audit field in 2.2.6 node item
6 years ago
hutr
e4100a4435
fixed grep string for 1.4.11 and 1.4.22
...
check 1.4.11 and 1.4.22 FAIL even when permissions is correct.
6 years ago
Abubakr-Sadik Nii Nai Davis
b10b2bd22e
Merge branch 'master' into fix-typo
6 years ago
Abubakr-Sadik Nii Nai Davis
aa9da13226
Fix a bunch of typos.
6 years ago
Liz Rice
1935c952d6
--request-timeout is a duration
6 years ago
Lee Briggs
d464ab5639
Wrong configuration file
7 years ago
Lee Briggs
165444df60
Test fixes for 1.8
7 years ago
Liz Rice
4b1b2b8762
Merge branch 'master' into master
7 years ago
Liz Rice
fc4fe38bc2
Merge branch 'master' into unnecessary-warning
7 years ago
Konstantin Semenov
961dbeb2b5
Correct sed regex
7 years ago
Konstantinos Karampogias
8fc6904093
Improve etcd data directory extraction
...
- If data-dir is not the last argument, the remaining arguments
are captured preventing the correct checking.
Signed-off-by: Konstantin Semenov <ksemenov@pivotal.io>
7 years ago
Abubakr-Sadik Nii Nai Davis
7fcfb0cf30
Fix issue with etcd checks failing because of using " " instead of "=" to specify value.
...
This issue affects master checks 1.4.11 and 1.4.12.
7 years ago
Abubakr-Sadik Nii Nai Davis
53eb720952
Merge branch 'master' into unnecessary-warning
7 years ago
Abubakr-Sadik Nii Nai Davis
04f044e3b9
Add support for merging general and kubernetes version specific config files.
...
This change unifies all config files, podspecs and unitfiles under
a single component configuration key; `config`.
7 years ago
Liz Rice
d52e326147
Correct test config file typo
7 years ago
Liz Rice
2eb261b94f
Remove odd spacing and line breaks from test config files
7 years ago
Abubakr-Sadik Nii Nai Davis
e227934c88
Add function to get unit files for kubernetes components.
7 years ago
Abubakr-Sadik Nii Nai Davis
6ce0c5bf60
Add function to get pod specs for kubernetes components.
7 years ago
Abubakr-Sadik Nii Nai Davis
8e758bb5e0
Update federated definitions.
7 years ago
Abubakr-Sadik Nii Nai Davis
82e325f96e
Update 1.8 node definition.
7 years ago
Abubakr-Sadik Nii Nai Davis
04f21d1887
Update 1.8 master definition.
7 years ago
Abubakr-Sadik Nii Nai Davis
7663dc87ee
Copy 1.7 benchmark as 1.8.
7 years ago
Abubakr-Sadik Nii Nai Davis
d9e1eee2cd
Merge remote-tracking branch 'origin/master' into support for multiple
...
Kubernetes versions.
7 years ago
Abubakr-Sadik Nii Nai Davis
f2e744bdcb
Reorganize benchmark checks into Kubernetes 1.7 and restore Kubernetes 1.6 benchmarks.
7 years ago
Liz Rice
a6036bcfcf
Corrections to config file substitutions. Use “kubernetes” as a fake component name so we can more easily substitute “kubernetesconf”
7 years ago
Liz Rice
a3197f8efe
Reorder YAML to make a bit more sense. Allow for optional components, and a config file that we don’t think exists.
7 years ago
Liz Rice
e4e41683c4
Update the config file
7 years ago
Abubakr-Sadik Nii Nai Davis
3e3aa0ed82
Change node check 2.1.6 to use operation `noteq` instead of `gt`.
...
Kubelet option --streaming-connection-idle-timeout expects a string
value which fails parsing to integer for greater than comparison.
The string "0" indicates no timeout and this is what we are checking
for.
7 years ago
Liz Rice
cf62def9fd
Better config file locations
7 years ago
Abubakr-Sadik Nii Nai Davis
086bb629db
Add 640 to permission checks.
7 years ago
Abubakr-Sadik Nii Nai Davis
e6f2b4d4fe
Add config checks for permissions stricter that 644 to definition files.
7 years ago
Abubakr-Sadik Nii Nai Davis
dddea28713
Merge branch 'master' into issue-25
7 years ago
Abubakr-Sadik Nii Nai Davis
d2fa9d35b6
Rewrite audit commands in the check definition that contain shell builtins
...
and modify text to command function to support this.
Shell builtins fail the binary command lookup test which result in a
WARN. Audit commands which include shell builtins must use the form:
"/bin/sh -c 'sh-builtin arg'"
So they are executed properly. Additionally Go will fail to execute
commands involving shell builtins if they are not in the above format.
7 years ago
Abubakr-Sadik Nii Nai Davis
9c07527069
Remove misleading comment about manual checks in node check definition.
7 years ago
Abubakr-Sadik Nii Nai Davis
c39516581b
Add master node manual check definitions.
7 years ago
Liz Rice
b5f4876138
Revert "Issue 19"
7 years ago
Liz Rice
cf5f025593
Merge branch 'master' into issue-19
7 years ago
Liz Rice
2b4047a3c1
Merge pull request #28 from ttousai/errorhandling
...
Improve error handling.
7 years ago
Abubakr-Sadik Nii Nai Davis
9c563b0987
Remove misleading comment about manual checks in node check definition.
7 years ago
Abubakr-Sadik Nii Nai Davis
29122b82ad
Add master node manual check definitions.
7 years ago
Abubakr-Sadik Nii Nai Davis
f88de572f6
Improve error handling.
7 years ago
Abubakr-Sadik Nii Nai Davis
e08e069174
Update controls to CIS Kubernetes Benchmark v1.1.0
7 years ago
Abubakr-Sadik Nii Nai Davis
609c4ff01c
Move kubernetes binaries and config paths to kube-bench config.
7 years ago
Abubakr-Sadik Nii Nai Davis
2ee99eca64
Add support for various installation modes, hyperkube, kubeadm and kops.
...
Issue #17 .
7 years ago
Liz Rice
3b93167c07
And now correct the flag and put it in the right place
7 years ago
Liz Rice
903f232dc1
Correct bad yaml indentation
7 years ago
jerbia
432651e85f
Added test 1.4.11 ( #8 )
7 years ago
Amir Jerbi
eefa0dfb61
Change check 1.15
...
Check is successful in case --kubelet-https is set to true OR missing
7 years ago
Liz Rice
1ad63cb4e6
Correct a block-copy mistake in one of the test configs
7 years ago
Amir Jerbi
55fd838191
No need to run install.sh.
...
Simply clone the project, compile the go app and run ./cis_kubernetes
7 years ago
Liz Rice
26cc77ec1d
Get the tests working on deployments where file names may be different or not in path ( #1 )
...
* Replace the default help text
* Readme file, including the test config format documentation
* Typo
* Warn if config files / executables aren't found
* Ignore original name of executable (as per current README)
* Update tests to avoid failing on stat of a non-existant file
* Add a makefile for ease of build
7 years ago
Amir Jerbi
154a140f74
Initial commit
7 years ago