Roberto Rojas
9c6d4de860
Issue #421 : Merges PR #422 with master ( #523 )
...
* Add kubeconfig location of kube-proxy for AKS
* Add job for AKS node
* Automate ca file permission check
* removed job-aks.yaml as other PRs added needed features
* fixed integration test due to merge changes
5 years ago
Roberto Rojas
7ca438b618
Fixes Issue 269 - Numbering to use CIS Versions ( #511 )
...
* starting benchmark flag
* Revert "starting benchmark flag"
This reverts commit 58fc948626
.
* fixes issue #269
* add more unit tests
* fix bug
* Update cmd/common.go
Co-Authored-By: Liz Rice <liz@lizrice.com>
* fixes as per PR review
* fixes as per PR review
* adds more tests
* fixed tests
* changes as per PR Review
* changes as per PR Review
* updated README
* Update README.md
Co-Authored-By: Liz Rice <liz@lizrice.com>
* Update README.md
Co-Authored-By: Liz Rice <liz@lizrice.com>
* Update README.md
Co-Authored-By: Liz Rice <liz@lizrice.com>
* Update README.md
Co-Authored-By: Liz Rice <liz@lizrice.com>
* changes are per PR review
5 years ago
Kevin W Monroe
04946a48fb
add snap component paths to default config ( #414 )
5 years ago
Roberto Rojas
3aa41db166
Issue #353 : Merges JSON and Exec Params files ( #426 )
...
* starts fixes #353
* new approach to minize duplications
* applied merged yaml files for v1.11 and v1.13
* yaml files json/params merged
* fixes to remove double quotes from numbers and booleans
* fixed bug
* fixed certificate check
* removed -json files
* changes based on PR review
* Update check/check_test.go
Yay more tests!
Co-Authored-By: Liz Rice <liz@lizrice.com>
* changes as PR review
* fixed bug when scored check is missing tests
* attempt to improve the code
* fixed list breaks
* removes handleError function
* Update check/check.go
Accepting suggested log level.
Co-Authored-By: Liz Rice <liz@lizrice.com>
5 years ago
Roberto Rojas
c22f81610d
removes federated ( #431 )
5 years ago
Simarpreet Singh
37f626dce6
cfg: Make proxy checks optional ( #436 )
...
Signed-off-by: Simarpreet Singh <simar@linux.com>
5 years ago
Roberto Rojas
f343d36862
hyperkube v1.15 renamed "proxy" to "kube-proxy" ( #400 )
5 years ago
Roberto Rojas
3e5d02e920
fixes issue #386 ( #397 )
...
* fixes issue #386
* Correct typo
5 years ago
Patrick Lieberg
0d81ef10d5
Update config.yaml to add Azure AKS file locations for kubelet ( #383 )
...
* testing Azure config locations
* "Updated default config.yaml to incorporate Azure AKS file locations for kubelet"
* "Adjusted order of new lines. Removed unneeded lines."
5 years ago
zilard
d8528a1ec8
issue #234 : implement test 2.2.8 ( #343 )
...
* implement test 2.2.8
* Nit: correct indentation
The indentation looked a bit wonky due to spaces vs tabs; hopefully this corrects it
5 years ago
Manuel Rüger
5e6cdfdb0e
Detect kube-controller in CMD ( #326 )
...
If kube-controller-manager is getting detected by older versions of
procps, it will only be detected if we're looking for kube-controller
(15 chars)
NOTE: "The command name is not the same as the command line. Previous versions of
procps and the kernel truncated this command name to 15
characters. This limitation is no longer present in both. If
you depended on matching only 15 characters, you may no longer
get a match."
5 years ago
Daniel Sagi
43caaab00a
added another kubelet config file to paths, in the main config yaml file. default location for gke cluster
5 years ago
Liz Rice
12e48297a6
Config file improvements
...
Correct defaults in main config.yaml file
Remove unnecessary overrides in version-specific config.yaml
5 years ago
Liz Rice
caf3fbd0a0
Moving more config into master config file
5 years ago
Liz Rice
9b3628e76a
Update openshift executable config for #236
5 years ago
Abubakr-Sadik Nii Nai Davis
a88b0703d8
Add kubeconfig variable substitution for kubelet and proxy.
...
There are checks for the kubeconfig for both kubelet and proxy which
the current kube-bench implementation does not check for properly.
kube-bench checks the wrong files.
This PR adds support for variable substitution for all the config file
types are that should be checked in the CIS benchmarks.
This PR also fixes a buggy in CIS 1.3.0 check 2.2.9, which checks for
ownership of the kubelet config file /var/lib/kubelet/config.yaml but
recommends changing ownership of kubelet kubeconfig file
/etc/kubernetes/kubelet.conf as remediation.
5 years ago
Abubakr-Sadik Nii Nai Davis
3f98c1def2
Fix wrong reference to kubelet.config in node checks.
...
This fix applies to only checks for kubernetes versions 1.8 and 1.11.
See https://github.com/aquasecurity/kube-bench/pull/208 .
5 years ago
Abubakr-Sadik Nii Nai Davis
04f044e3b9
Add support for merging general and kubernetes version specific config files.
...
This change unifies all config files, podspecs and unitfiles under
a single component configuration key; `config`.
7 years ago
Abubakr-Sadik Nii Nai Davis
e227934c88
Add function to get unit files for kubernetes components.
7 years ago
Abubakr-Sadik Nii Nai Davis
6ce0c5bf60
Add function to get pod specs for kubernetes components.
7 years ago
Liz Rice
a6036bcfcf
Corrections to config file substitutions. Use “kubernetes” as a fake component name so we can more easily substitute “kubernetesconf”
7 years ago
Liz Rice
a3197f8efe
Reorder YAML to make a bit more sense. Allow for optional components, and a config file that we don’t think exists.
7 years ago
Liz Rice
e4e41683c4
Update the config file
7 years ago
Liz Rice
cf62def9fd
Better config file locations
7 years ago
Abubakr-Sadik Nii Nai Davis
f88de572f6
Improve error handling.
7 years ago
Abubakr-Sadik Nii Nai Davis
609c4ff01c
Move kubernetes binaries and config paths to kube-bench config.
7 years ago
Amir Jerbi
55fd838191
No need to run install.sh.
...
Simply clone the project, compile the go app and run ./cis_kubernetes
7 years ago
Amir Jerbi
154a140f74
Initial commit
7 years ago