Christian Zunker
9446ffb30d
Add a total summary and always show all tests. ( #759 )
...
Whether the total summary is shown can be specified with an option.
Fixes #528
Signed-off-by: Christian Zunker <christian.zunker@codecentric.cloud>
4 years ago
Wicked
a19b65127e
Allow for environment variables to be checked in tests ( #755 )
...
* Initial commit for checking environment variables for etcd
* Revert config changes
* Remove redundant struct data
* Fix issues with failing tests
* Initial changes based on code review
* Add option to disable envTesting + Update docs
* Initial tests
* Finished testing
* Fix broken tests
4 years ago
Borko
ab3881420c
Created config and test files for Azure Kubernetes Service (AKS). ( #733 )
...
* First draft of AKS configuration checks.
* Updated Azure Configurations. Added more policy checks.
* Finalized cfg components for AKS.
* Fixed targets for aks-1.0 in common_test.go
* Fixed yaml linting issues.
* Fixed white space yaml linkting issues in policies.yaml
* Fixed white space yaml linting issues in policies.yaml
4 years ago
Wicked
aa2a6f08f3
Add exit-code parameter for when checks have failed ( #734 )
...
* Add int command to specify exit code wih a default of 0
* Re-structured to add tests
* Refactor exit code selection
4 years ago
Wicked
3a35c039e5
Add --skip command to skip groups and checks ( #751 )
4 years ago
Neha Viswanathan
82421e5838
retire cis 1.3 and 1.4 ( #693 )
4 years ago
yoavrotems
7280438eb5
Add cis 1.6 ( #678 )
...
* Add new cis version yamls
Add new cis version yamls
* Add new cis version yamls
* Add cis-1.6 to versions table
* support version mapping cis-1.6
* support version mapping cis-1.6
* Update controlplane.yaml
* Update etcd.yaml
* Update node.yaml
* Update policies.yaml
* Create job.data
* Create job-node.data
* Create job-master.data
* Create add-tls-kind.yaml
* Change node version to 1.15.0
* Add tests for cis-1.6
* Delete node_only.yaml
* Change tests 1.1.19-1.1.21
Change 1.1.19-1.1.21 because failing tests
* Update job.data
* Update job-master.data
* Update job-master.data
* Update job.data
* fix 1.2.35 remediation
tabs instead of spaces
* Update job-master.data
* Remove extra space
* Update job.data
* Create node_only.yaml
* Add tests for cis-1.6
Add tests for cis-1.6 and change some from 1,5 to 1.6
* Fix typo
* Add mapping for cis-1.6
* Remove extra space in 1.2.35 remediation
* Update job.data
* Update job-master.data
* Fix type 1.2.35
* Remove trailing spaces
* Remove trailing spaces
* Remove trailing spaces
* Remove trailing spaces
* Add version 1.19 kubernetes support
* Add version 1.19 kubernetes support
* Add version 1.19 kubernetes support
4 years ago
Liz Rice
772839fc92
move target mapping to config.yaml - updated version ( #682 )
...
* move target mapping to config.yaml
* Update config.yaml
* Update common.go
* Add support for eks-1.0
Add also eks-1.0 to map
* chore: merge correction
* Move file only used for testing
* Tidier logs
* Add target mapping for GKE and EKS
* fingers cross this finishes target mapping
Co-authored-by: Murali Paluru <leodotcloud@gmail.com>
Co-authored-by: Roberto Rojas <robertojrojas@gmail.com>
Co-authored-by: yoavrotems <yoavrotems97@gmail.com>
4 years ago
Liz Rice
b0d175bf5c
Update default Kubernetes to 1.18 ( #657 )
...
* Update default Kubernetes to 1.18
* Add missing mapping
* Show pod logs on failure
4 years ago
Matthieu ANTOINE
ea4eaa6fd5
Fix supported targets for EKS benchmark ( #648 )
...
* Fix supported targets for EKS benchmark
* docs: heading at wrong level in README
* docs: remove duplicate TOC heading
* Fix invalid argument for gem install
Co-authored-by: Liz Rice <liz@lizrice.com>
4 years ago
Huang Huang
52ebfa5b5a
Fix invalid JSON output ( #629 )
...
* Fix invalid JSON output
Fixes #622
* Apply suggestions from code review
Co-authored-by: Liz Rice <liz@lizrice.com>
* Add tests
Co-authored-by: Liz Rice <liz@lizrice.com>
4 years ago
Abubakr-Sadik Nii Nai Davis
d988b81540
CIS GKE 1.0.0 benchmark ( #570 )
...
* Add initial commit for CIS GKE 1.0 benchmark
* Update README with GKE instructions
* Fix YAML linter issues
* Set GKE benchmark k8s version to gke-1.0
* Add tests for gke-1.0
Co-authored-by: Roberto Rojas <robertojrojas@gmail.com>
4 years ago
Roberto Rojas
13193d75b0
Fixes Issue #535 ( #537 )
...
* isEtcd should not run on openshift 3.10/3.11
* adds openssl
* fixed tests
* fixes bugs
* adds isEtcd tests
5 years ago
Roberto Rojas
af976e6f50
Fixes Issue #494 - add tests for CIS 1.5 ( #530 )
...
* Initial commit.
* Add master and node config.
* Add section 5 of CIS 1.5.1.
* Split sections into section files
* Fix YAML issues.
* adds target translation
* adds target translation
* adds cis-1.5 mapping
* fixed tests
* fixes are per PR
* fixed intergration test
* integration kind test file to appropriate ks8 version
* fixed etcd text
* fixed README
* fixed text
* etcd: fixed grep path
* etcd: fixes
* fixed error message bug
* Update README.md
Co-Authored-By: Liz Rice <liz@lizrice.com>
* Update README.md
Co-Authored-By: Liz Rice <liz@lizrice.com>
* fixes as per PR review
5 years ago
Roberto Rojas
b92d30bd11
Fixes issue #517 : Determines Kubernetes version using the REST API ( #518 )
...
* Fixes issue #517 : Determines Kubernetes version using the REST API
* fixes
* fixes
* adds tests
* fixes
* added more tests
* kubernetes_version_test: Add a missing case for invalid certs
Signed-off-by: Simarpreet Singh <simar@linux.com>
* kubernetes_version_test: Remove un-needed casts
Signed-off-by: Simarpreet Singh <simar@linux.com>
* fixes as per PR review
* fixes as per PR review
5 years ago
Roberto Rojas
7ca438b618
Fixes Issue 269 - Numbering to use CIS Versions ( #511 )
...
* starting benchmark flag
* Revert "starting benchmark flag"
This reverts commit 58fc948626
.
* fixes issue #269
* add more unit tests
* fix bug
* Update cmd/common.go
Co-Authored-By: Liz Rice <liz@lizrice.com>
* fixes as per PR review
* fixes as per PR review
* adds more tests
* fixed tests
* changes as per PR Review
* changes as per PR Review
* updated README
* Update README.md
Co-Authored-By: Liz Rice <liz@lizrice.com>
* Update README.md
Co-Authored-By: Liz Rice <liz@lizrice.com>
* Update README.md
Co-Authored-By: Liz Rice <liz@lizrice.com>
* Update README.md
Co-Authored-By: Liz Rice <liz@lizrice.com>
* changes are per PR review
5 years ago
Roberto Rojas
d5a02f7cb4
Fixes Issue #331 : Changes the Error Message When Programs are Missing ( #497 )
...
* changed error description for missing kubectl/kubelet execs
* adds function to generate error message for missing components
* adds function to generate error message for missing components
* adds function to generate error message for missing components
* Update cmd/util.go
Co-Authored-By: Liz Rice <liz@lizrice.com>
* Update cmd/util.go
Co-Authored-By: Liz Rice <liz@lizrice.com>
* Update cmd/util.go
Co-Authored-By: Liz Rice <liz@lizrice.com>
* Update cmd/util.go
Co-Authored-By: Liz Rice <liz@lizrice.com>
* Update cmd/util.go
Co-Authored-By: Liz Rice <liz@lizrice.com>
* fixed error message
* changes are per PR review
5 years ago
Simarpreet Singh
d12a45bba9
Properly initialize viper library when checking for master components ( #434 )
...
* common_test: Add a failing test to show the SISEGV
Signed-off-by: Simarpreet Singh <simar@linux.com>
* common: Go green by fixing isMaster() to instantiate viper
Signed-off-by: Simarpreet Singh <simar@linux.com>
* common: Inject a seam for getBinariesFunc to be patched-in.
Also adds additional tests to showcase unhappy behaviors.
Signed-off-by: Simarpreet Singh <simar@linux.com>
* common_test: Rename TestIsMaster()
Signed-off-by: Simarpreet Singh <simar@linux.com>
* common: init viper with master config
Signed-off-by: Simarpreet Singh <simar@linux.com>
* common: Add a pre-check if valid yaml is passed but doesn't include master.
Also adds additional tests to showcase unhappy behaviors.
Signed-off-by: Simarpreet Singh <simar@linux.com>
* mod: Upgrade viper to v1.4.0
Signed-off-by: Simarpreet Singh <simar@linux.com>
* common: Refactor node only yaml to a file
Signed-off-by: Simarpreet Singh <simar@linux.com>
* common: Log when master components are not found
Signed-off-by: Simarpreet Singh <simar@linux.com>
* common_test: Refactor subtests into a table
Signed-off-by: Simarpreet Singh <simar@linux.com>
5 years ago
Liz Rice
aebd35a5ab
Update copyright date
5 years ago
Daniel Pacak
5fb133cd02
Adjust the semantics of scored and unscored flags
5 years ago
Daniel Pacak
306e1960af
Add flags to further filter CIS checks to run
5 years ago