1
0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-12-01 12:28:18 +00:00
Commit Graph

961 Commits

Author SHA1 Message Date
Steven Logue
d79a2a5478 added support for saving scan results to pgsql 2017-10-31 13:08:46 -07:00
Liz Rice
7f5504413e Merge pull request #60 from aquasecurity/lizrice-patch-1
Remove reference to specific benchmark version
2017-10-26 16:14:56 -04:00
Liz Rice
478e378752 Remove reference to specific benchmark version
We support multiple versions of the CIS benchmark
2017-10-26 16:12:36 -04:00
Liz Rice
2a269fb974 Merge pull request #59 from aquasecurity/k8s-1.8-support
Add kubernetes 1.8 support
2017-10-24 22:19:13 +01:00
Abubakr-Sadik Nii Nai Davis
3dcc38d5c8 Fix issue with util test. 2017-10-24 12:45:38 +00:00
Abubakr-Sadik Nii Nai Davis
592dc81974 Remove unused variables. 2017-10-24 12:02:22 +00:00
Abubakr-Sadik Nii Nai Davis
cec1d9d6b3 Combine config reading functions into single function. 2017-10-24 12:01:02 +00:00
Abubakr-Sadik Nii Nai Davis
e227934c88 Add function to get unit files for kubernetes components. 2017-10-15 13:20:01 +00:00
Abubakr-Sadik Nii Nai Davis
6ce0c5bf60 Add function to get pod specs for kubernetes components. 2017-10-15 13:19:57 +00:00
Abubakr-Sadik Nii Nai Davis
8e758bb5e0 Update federated definitions. 2017-10-15 13:19:13 +00:00
Abubakr-Sadik Nii Nai Davis
82e325f96e Update 1.8 node definition. 2017-10-15 13:19:07 +00:00
Abubakr-Sadik Nii Nai Davis
04f21d1887 Update 1.8 master definition. 2017-10-15 13:17:45 +00:00
Abubakr-Sadik Nii Nai Davis
7663dc87ee Copy 1.7 benchmark as 1.8. 2017-10-05 17:29:38 +00:00
Liz Rice
7435a8db38 Merge pull request #57 from aquasecurity/dockerfile
Dockerfile fix to copy all the cfg files
2017-10-02 12:00:28 +01:00
Liz Rice
b98dfbc718 Dockerfile fix to copy all the cfg files 2017-10-02 06:38:45 -04:00
Liz Rice
9b121de50a Merge pull request #55 from aquasecurity/client-server-error-message-on-1.6
Client server error message on 1.6
2017-09-27 15:06:48 +01:00
Abubakr-Sadik Nii Nai Davis
018ad12a64 Log benchmark definition file at verbosity level 1. 2017-09-26 23:33:47 +00:00
Abubakr-Sadik Nii Nai Davis
73a37a0c16 Delete tests for verifyKubeVersion and support functions. 2017-09-26 23:24:44 +00:00
Abubakr-Sadik Nii Nai Davis
88a003090f Delete verifyKubeVersion support functions. 2017-09-26 23:23:34 +00:00
Abubakr-Sadik Nii Nai Davis
a95d083049 Remove call to verifyKubeVersion.
This functionality is fulfilled by getKubeVersion.
2017-09-26 23:20:28 +00:00
Liz Rice
d01faef457 Merge pull request #52 from ttousai/new-auto-detect
Support multiple kubernetes version
2017-09-21 09:30:34 -05:00
Abubakr-Sadik Nii Nai Davis
d9e1eee2cd Merge remote-tracking branch 'origin/master' into support for multiple
Kubernetes versions.
2017-09-20 00:39:30 +00:00
Abubakr-Sadik Nii Nai Davis
56fa20103a Add function to retrieve Kubernetes server version.
The server version is used to load the correct benchmark check
to run against the Kubernetes cluster.
2017-09-17 19:49:13 +00:00
Abubakr-Sadik Nii Nai Davis
8ea0892437 Update controls to support multiple Kubernetes versions. 2017-09-17 00:09:02 +00:00
Abubakr-Sadik Nii Nai Davis
f2e744bdcb Reorganize benchmark checks into Kubernetes 1.7 and restore Kubernetes 1.6 benchmarks. 2017-09-15 19:38:09 +00:00
Liz Rice
95bb80b7db Merge pull request #51 from aquasecurity/add-test
Add tests for #50
2017-09-15 15:11:10 +01:00
Liz Rice
e8579ade6c Add tests for #50 2017-09-13 15:32:33 +01:00
Liz Rice
a6d4f2fb59 Merge pull request #50 from junaid18183/master
Fixed issue admission control showing wrong status
2017-09-13 15:29:16 +01:00
Juned Memon
44994ced33 Fixed issue of The controls for master - admission control showing wrong status #49 2017-09-13 04:31:43 +05:30
Liz Rice
883b963e21 Merge pull request #48 from aquasecurity/auto-detect
Update README for auto-detection of executables and config files
2017-09-04 10:25:53 +01:00
Liz Rice
9a500229a4 Update README for auto-detection of executables and config files 2017-09-04 10:11:34 +01:00
Liz Rice
516343eb06 Merge pull request #47 from aquasecurity/auto-detect
Auto-detect executables and config files
2017-09-04 10:00:24 +01:00
Liz Rice
c4be4a1240 Remove installation flag and some other unused variables 2017-08-31 17:52:21 +01:00
Liz Rice
de12829923 Correct test to cope with multi-line ps output 2017-08-31 17:43:07 +01:00
Liz Rice
a6036bcfcf Corrections to config file substitutions. Use “kubernetes” as a fake component name so we can more easily substitute “kubernetesconf” 2017-08-31 17:39:48 +01:00
Liz Rice
e4a89123e0 Move message about which config file we’re using into a log at the start 2017-08-31 17:38:11 +01:00
Liz Rice
8380ad1ef3 Better detection of running executables 2017-08-31 16:01:31 +01:00
Liz Rice
d637d8714a Fix and add tests 2017-08-31 15:22:30 +01:00
Liz Rice
a3197f8efe Reorder YAML to make a bit more sense. Allow for optional components, and a config file that we don’t think exists. 2017-08-31 14:45:16 +01:00
Liz Rice
e4b905e360 Log when there’s no substitution 2017-08-31 14:43:59 +01:00
Liz Rice
f5550fd8bd Node type is now verified by looking for running binaries from a set of options 2017-08-31 14:43:35 +01:00
Liz Rice
0e9c11ebd5 Remove empty error messages that manifested as "%s" 2017-08-31 14:41:52 +01:00
Liz Rice
6a5a62b278 Autodetect the binaries and config files from a set of options 2017-08-30 18:37:01 +01:00
Liz Rice
e4e41683c4 Update the config file 2017-08-30 18:36:00 +01:00
Liz Rice
f5cef922cc Functions and tests for finding binaries and config files 2017-08-30 18:01:53 +01:00
Liz Rice
7600dd9dd6 Make the ps / fakeps function global so we don’t have to pass it around so much 2017-08-30 17:51:28 +01:00
Liz Rice
0bc00e0036 Slightly more robust looking for running executables 2017-08-30 17:48:12 +01:00
Liz Rice
9114e139cf Function to find which of a set of executables is running 2017-08-30 12:07:46 +01:00
Liz Rice
89e9d37cde Merge pull request #43 from aquasecurity/issue-42
Change node check 2.1.6 to use operation `noteq` instead of `gt`.
2017-08-25 11:13:11 +01:00
Abubakr-Sadik Nii Nai Davis
3e3aa0ed82 Change node check 2.1.6 to use operation noteq instead of gt.
Kubelet option --streaming-connection-idle-timeout expects a string
value which fails parsing to integer for greater than comparison.

The string "0" indicates no timeout and this is what we are checking
for.
2017-08-24 18:33:32 +00:00