Neha Viswanathan
82421e5838
retire cis 1.3 and 1.4 ( #693 )
2020-10-03 11:23:28 +01:00
yoavrotems
7280438eb5
Add cis 1.6 ( #678 )
...
* Add new cis version yamls
Add new cis version yamls
* Add new cis version yamls
* Add cis-1.6 to versions table
* support version mapping cis-1.6
* support version mapping cis-1.6
* Update controlplane.yaml
* Update etcd.yaml
* Update node.yaml
* Update policies.yaml
* Create job.data
* Create job-node.data
* Create job-master.data
* Create add-tls-kind.yaml
* Change node version to 1.15.0
* Add tests for cis-1.6
* Delete node_only.yaml
* Change tests 1.1.19-1.1.21
Change 1.1.19-1.1.21 because failing tests
* Update job.data
* Update job-master.data
* Update job-master.data
* Update job.data
* fix 1.2.35 remediation
tabs instead of spaces
* Update job-master.data
* Remove extra space
* Update job.data
* Create node_only.yaml
* Add tests for cis-1.6
Add tests for cis-1.6 and change some from 1,5 to 1.6
* Fix typo
* Add mapping for cis-1.6
* Remove extra space in 1.2.35 remediation
* Update job.data
* Update job-master.data
* Fix type 1.2.35
* Remove trailing spaces
* Remove trailing spaces
* Remove trailing spaces
* Remove trailing spaces
* Add version 1.19 kubernetes support
* Add version 1.19 kubernetes support
* Add version 1.19 kubernetes support
2020-09-17 16:54:43 +01:00
Liz Rice
1899f26bc1
Note about OpenShift OCP 4.* ( #700 )
...
- Add note about why we don't support OCP 4.*
- Move GKE & OpenShift sub-sections next to EKS and AKS
- Minor corrections
2020-09-14 09:27:49 +03:00
Huang Huang
456d9b62e2
Default log output to stderr ( #696 )
2020-09-09 13:46:35 +01:00
Liz Rice
a8a59d3bd8
docs: more clarification on output states ( #691 )
2020-09-06 10:46:29 +03:00
Huang Huang
2d548597ae
Support CIS v1.5.1 ( #673 )
2020-08-12 21:57:51 +03:00
Matthieu ANTOINE
ea4eaa6fd5
Fix supported targets for EKS benchmark ( #648 )
...
* Fix supported targets for EKS benchmark
* docs: heading at wrong level in README
* docs: remove duplicate TOC heading
* Fix invalid argument for gem install
Co-authored-by: Liz Rice <liz@lizrice.com>
2020-07-29 14:40:59 +01:00
Liz Rice
4e00954485
docs: add Troubleshooting ( #638 )
...
* docs: add Troubleshooting
Adding basic instructions for running with debug logs
* docs: remember --logtostderr
* docs: note about cfg requirement
Note that installing a binary release is not sufficient - you also need the config and test files
Fixes #613
2020-07-15 14:41:35 +01:00
Paavan
20ec5d14f2
added eks-1.0 cfg and modified job-eks.yaml for node checks ( #639 )
...
* added eks-1.0 cfg and modified job-eks.yaml for node checks
* fixed yamllint errors and README updates
2020-07-10 16:14:41 +01:00
Neha Viswanathan
2cf2876a10
Update Running in an EKS cluster
documentation ( #621 )
...
Co-authored-by: Neha Viswanathan <nviswanathan@axway.com>
Co-authored-by: Liz Rice <liz@lizrice.com>
2020-05-15 09:53:24 +01:00
Craig Jellick
305283f9d4
Fix OpenShift table layout ( #612 )
...
Co-authored-by: Liz Rice <liz@lizrice.com>
2020-05-14 18:04:14 +01:00
Paul McCarthy
582ce02ce6
Removed references to dep
from README.md ( #607 )
...
Looks like this project now uses Go modules so `dep` steps are not needed.
Co-authored-by: Liz Rice <liz@lizrice.com>
2020-05-14 17:34:47 +01:00
Liz Rice
7e87c980b2
docs: CIS benchmarks are not frequent ( #617 )
...
Correct misleading comment about anticipated CIS benchmarks for every Kubernetes release - bad assumption!
2020-05-06 14:42:40 +01:00
Liz Rice
7cd6b32ebb
docs: notes in README for common misunderstandings ( #602 )
...
Added a Please Note section to document common misunderstandings that often lead to incorrect issue filings
2020-04-07 14:04:42 +01:00
Liz Rice
451721a1cf
Add GKE into list of support tests ( #597 )
...
Also adds links to the Kubernetes benchmarks
Fixes #596
2020-03-11 17:48:07 +02:00
Abubakr-Sadik Nii Nai Davis
d988b81540
CIS GKE 1.0.0 benchmark ( #570 )
...
* Add initial commit for CIS GKE 1.0 benchmark
* Update README with GKE instructions
* Fix YAML linter issues
* Set GKE benchmark k8s version to gke-1.0
* Add tests for gke-1.0
Co-authored-by: Roberto Rojas <robertojrojas@gmail.com>
2020-03-03 09:51:48 -05:00
Huang Huang
17cd104788
Fixes issue #574 : change the PATH in container ( #577 )
...
* Fixes issue #574 : change the PATH in container
And change to use `/usr/local/mount-from-host/bin` as mount path.
Fixes #574
* Fix integration tests
2020-02-12 12:18:44 -05:00
Murali Paluru
b677c86868
remove always true for logtostderr ( #548 )
...
* remove always true for logtostderr
* update README for log collection instructions
Co-authored-by: Liz Rice <liz@lizrice.com>
2020-01-07 13:04:06 +00:00
Saurya Das
ca749ccb32
Adding a section for Azure Kubernetes Service ( #495 )
...
* Adding a section for Azure Kubernetes Service
steps to run kube bench on AKS worker nodes
* Update README.md
* Update README.md
Co-authored-by: Roberto Rojas <robertojrojas@gmail.com>
Co-authored-by: Liz Rice <liz@lizrice.com>
2019-12-20 12:17:00 +00:00
Zeid Marouf
299ab36a13
doc: fix ECR image build instructions for EKS mode ( #531 )
2019-12-20 12:00:38 +00:00
Roberto Rojas
af976e6f50
Fixes Issue #494 - add tests for CIS 1.5 ( #530 )
...
* Initial commit.
* Add master and node config.
* Add section 5 of CIS 1.5.1.
* Split sections into section files
* Fix YAML issues.
* adds target translation
* adds target translation
* adds cis-1.5 mapping
* fixed tests
* fixes are per PR
* fixed intergration test
* integration kind test file to appropriate ks8 version
* fixed etcd text
* fixed README
* fixed text
* etcd: fixed grep path
* etcd: fixes
* fixed error message bug
* Update README.md
Co-Authored-By: Liz Rice <liz@lizrice.com>
* Update README.md
Co-Authored-By: Liz Rice <liz@lizrice.com>
* fixes as per PR review
2019-12-05 15:55:44 -05:00
Jonathan Rau
51aa10e354
Update EKS Config & Create EKS Guide ( #489 )
...
* Change EKS Readme
* Fix readme formatting
* Update README.md
Co-Authored-By: Liz Rice <liz@lizrice.com>
* Update README.md
Co-Authored-By: Liz Rice <liz@lizrice.com>
* Update README.md
2019-11-06 07:34:43 +01:00
Soumyadeep Sinha
8e4da53006
Fixed some typos ( #446 )
...
* Fixed some typos
* Fixed some typos
* Fixed typo and capitalization of Kubernetes
* Update README.md
Co-Authored-By: Liz Rice <liz@lizrice.com>
* Update README.md
Co-Authored-By: Liz Rice <liz@lizrice.com>
* Update docs/README.md
Co-Authored-By: Liz Rice <liz@lizrice.com>
* Update docs/README.md
Co-Authored-By: Liz Rice <liz@lizrice.com>
* Update README.md
Co-Authored-By: Liz Rice <liz@lizrice.com>
* Update docs/README.md
Co-Authored-By: Liz Rice <liz@lizrice.com>
* docs: trivial, reinstate capital K
* docs: trivial, reinstate backticks
* docs: trivial, reinstate "in order" for clarity
* docs: trivial, reinstate capital K
2019-11-05 14:59:29 -08:00
Roberto Rojas
7ca438b618
Fixes Issue 269 - Numbering to use CIS Versions ( #511 )
...
* starting benchmark flag
* Revert "starting benchmark flag"
This reverts commit 58fc948626
.
* fixes issue #269
* add more unit tests
* fix bug
* Update cmd/common.go
Co-Authored-By: Liz Rice <liz@lizrice.com>
* fixes as per PR review
* fixes as per PR review
* adds more tests
* fixed tests
* changes as per PR Review
* changes as per PR Review
* updated README
* Update README.md
Co-Authored-By: Liz Rice <liz@lizrice.com>
* Update README.md
Co-Authored-By: Liz Rice <liz@lizrice.com>
* Update README.md
Co-Authored-By: Liz Rice <liz@lizrice.com>
* Update README.md
Co-Authored-By: Liz Rice <liz@lizrice.com>
* changes are per PR review
2019-11-05 16:31:27 -05:00
Alexey Pyltsyn
7a2cc3f554
Improve docs ( #437 )
2019-10-24 09:15:29 +01:00
Mohan Sha
b009520ea3
Added table of contents for navigation ( #455 )
2019-10-23 19:08:04 +01:00
Itay Shakury
3964377a80
add contribution guidelines ( #454 )
2019-10-16 17:51:33 +03:00
Liz Rice
1b49050974
docs: Clarify the meaning of WARN state ( #430 )
...
* docs: Clarify the meaning of WARN state
* Update README.md
2019-10-15 10:04:18 -04:00
Roberto Rojas
a6ee61fd08
Fixes issue #289 : removed versions prior to 1.11 ( #429 )
...
* removed version prior to 1.11
* removed references to kubernetes versions prior to 1.11
2019-10-14 10:52:43 -04:00
James George
050145f6b3
docs: minor tweak ( #438 )
2019-10-11 15:47:10 +01:00
Liz Rice
16beb3e616
docs: note that you may need to be root ( #412 )
2019-09-21 15:07:16 +01:00
Liz Rice
d0d4e95d93
Updated version support ( #385 )
...
Strictly, we don't have the changes in 1.13-json but we do have them in 1.13
2019-08-30 12:09:11 +01:00
Abubakr-Sadik Nii Nai Davis
92df9cb36c
Read kubernetes version from environment ( #390 )
...
* Read kubernetes version from environment
Set kubernetes version to the value of the environment variable `KUBE_BENCH_VERSION` if it is defined and the flag `--version` is not specified on the kube-bench command line.
The command line flag `--version` takes precedence of the environment variable `KUBE_BENCH_VERSION` if both are defined.
* Add info about KUBE_BENCH_VERSION to README
2019-08-27 09:04:11 +01:00
Abubakr-Sadik Nii Nai Davis
2e27d681f7
Remove duplicate documentation. ( #373 )
...
* Remove duplicate documentation.
* Add test configuration header back in main README.
* Add missing regex operator in docs/README.
* Fix incorrect description of configuration options bins, confs etc.
* Move description of version auto-detection to main README.
* Use 1.13 in examples since cfg/1.12 doesn't exist
* Remove duplicate sentence about regex
This sentence is now in the docs/README
* Add link to the docs for test YAML definitions
2019-08-07 03:43:51 -07:00
yoavrotems
7c97f6a490
Add codecov ( #336 )
...
* Update .gitignore
* Update .travis.yml
* Update makefile
* Update .travis.yml
* Update .travis.yml
* Update .travis.yml
* Update README.md
* Update README.md
* Update README.md
* Update makefile
* Update .travis.yml
2019-07-16 14:11:51 -04:00
Liz Rice
08097d2211
Need credentials in order to run kubectl version ( #332 )
...
Without passing in kubeconfig credentials:
```bash
$ docker run --pid=host -v /etc:/etc:ro -v /var:/var:ro -v $(which kubectl):/usr/bin/kubectl -t lizrice/kube-bench:5e6cdfd master -v 1
I0628 16:52:06.591683 6099 util.go:367] Unable to get Kubernetes version from kubectl, using default version: 1.6
I0628 16:52:06.591822 6099 common.go:74] Using benchmark file: cfg/1.6/master.yaml
...
```
As updated in the README with this fix:
```bash
docker run --pid=host -v /etc:/etc:ro -v /var:/var:ro -v $(which kubectl):/usr/bin/kubectl -v ~/.kube:/.kube -e KUBECONFIG=/.kube/config -t lizrice/kube-bench:5e6cdfd master -v 1
I0628 16:53:26.784122 7224 util.go:131] No test file found for 1.14 - using tests for Kubernetes 1.13
I0628 16:53:26.784961 7224 common.go:228] Using config file: cfg/1.13/config.yaml
...
```
2019-07-08 22:22:48 +01:00
Liz Rice
9a900db021
docs: update WIP to draft ( #324 )
2019-07-03 08:27:28 +01:00
Liz Rice
0ab09a85e8
Add pull requests section
...
Add pull requests section
Include instructions for kube-bench version
Other small wording changes
2019-06-25 14:44:02 +01:00
Abubakr-Sadik Nii Nai Davis
7affbc83d8
Add github issue creation instructions.
2019-06-24 20:33:24 +00:00
Liz Rice
c76369fe2c
Add missing quote
2019-06-10 20:29:58 -07:00
Liz Rice
7f2e9b5231
Merge branch 'master' into op-regex
2019-06-11 04:28:03 +01:00
wwwil
7efa7b2c35
Add regex to list of compare ops
2019-06-05 15:29:40 +01:00
Liz Rice
81f0d9c6e3
Merge branch 'master' into Config-doc
2019-06-05 11:41:15 +02:00
Liz Rice
27df1f60ed
Clarification about worker nodes in managed k8s
...
Because we don’t want to put people off running kube-bench altogether in these environments
2019-06-01 18:17:09 +02:00
030
9d0e3491a0
[GH-191] explained that master nodes cannot be inspected in managed k8s
2019-06-01 16:40:50 +02:00
Liz Rice
df3577519c
Document version-specific config files
...
Values in the version-specific files override the main file
2019-05-30 22:55:48 +01:00
Liz Rice
a800ac6ccc
Merge branch 'master' into json-config
2019-04-24 09:29:18 +01:00
Liz Rice
ceb44583dd
Tidy up a couple of things
2019-04-23 16:07:27 +01:00
Liz Rice
f9d0f4acc1
Add OCP info into the README
2019-04-23 11:59:54 +01:00
Liz Rice
a613f6f028
Document job for EKS
2019-04-11 19:00:17 +01:00