Roberto Rojas
a0bed18054
Adds json version of config for k8s 1.13 ( #342 )
2019-07-10 09:26:37 +01:00
Liz Rice
25b2c5da5a
Add comment about procps limitation ( #333 )
2019-07-08 22:29:37 +01:00
Liz Rice
08097d2211
Need credentials in order to run kubectl version ( #332 )
...
Without passing in kubeconfig credentials:
```bash
$ docker run --pid=host -v /etc:/etc:ro -v /var:/var:ro -v $(which kubectl):/usr/bin/kubectl -t lizrice/kube-bench:5e6cdfd master -v 1
I0628 16:52:06.591683 6099 util.go:367] Unable to get Kubernetes version from kubectl, using default version: 1.6
I0628 16:52:06.591822 6099 common.go:74] Using benchmark file: cfg/1.6/master.yaml
...
```
As updated in the README with this fix:
```bash
docker run --pid=host -v /etc:/etc:ro -v /var:/var:ro -v $(which kubectl):/usr/bin/kubectl -v ~/.kube:/.kube -e KUBECONFIG=/.kube/config -t lizrice/kube-bench:5e6cdfd master -v 1
I0628 16:53:26.784122 7224 util.go:131] No test file found for 1.14 - using tests for Kubernetes 1.13
I0628 16:53:26.784961 7224 common.go:228] Using config file: cfg/1.13/config.yaml
...
```
2019-07-08 22:22:48 +01:00
Liz Rice
9a900db021
docs: update WIP to draft ( #324 )
2019-07-03 08:27:28 +01:00
patelpayal
e6e6333e6d
add glog flush to write the output to a file ( #329 )
...
* add glog flush to write the output to a file
* add glog flush before exit on error and fix code comment
2019-07-01 09:49:46 +01:00
Manuel Rüger
5e6cdfdb0e
Detect kube-controller in CMD ( #326 )
...
If kube-controller-manager is getting detected by older versions of
procps, it will only be detected if we're looking for kube-controller
(15 chars)
NOTE: "The command name is not the same as the command line. Previous versions of
procps and the kernel truncated this command name to 15
characters. This limitation is no longer present in both. If
you depended on matching only 15 characters, you may no longer
get a match."
2019-06-28 16:58:23 +01:00
patelpayal
e066ec69dd
fix go.mod dependency ( #330 )
2019-06-28 09:48:52 +01:00
Manuel Rüger
f7e3257e3c
Go modules / Alpine 3.10 update / Remove binary ( #322 )
...
* Remove binary that was accidentally added
911e9051dc
* Dockerfile: Update to alpine 3.10
* Switch to go 1.12 and go modules
2019-06-26 11:58:51 +01:00
Liz Rice
086df3dda1
Merge pull request #321 from simar7/remove-extra-whitespaces
...
cfg: remove erroneous whitespaces in yaml
2019-06-26 11:26:39 +01:00
Simarpreet Singh
dddc42f046
cfg: remove erroneous whitespaces in yaml
...
Signed-off-by: Simarpreet Singh <simar@linux.com>
2019-06-25 07:18:46 -07:00
Liz Rice
07dfeb8e27
Merge pull request #319 from aquasecurity/contributing
...
Add github issue creation instructions.
2019-06-25 14:51:32 +01:00
Liz Rice
0ab09a85e8
Add pull requests section
...
Add pull requests section
Include instructions for kube-bench version
Other small wording changes
2019-06-25 14:44:02 +01:00
Abubakr-Sadik Nii Nai Davis
7affbc83d8
Add github issue creation instructions.
2019-06-24 20:33:24 +00:00
Liz Rice
ea7400aa4b
Merge pull request #301 from wwwil/op-regex
...
Add regex compare op
2019-06-19 12:10:29 +02:00
Liz Rice
5e3ff51fa9
Merge branch 'master' into op-regex
2019-06-19 11:43:39 +02:00
Liz Rice
c379df19b0
Merge pull request #316 from cpt-redbeard/master
...
Adding OCP 3.11
2019-06-18 07:40:18 -07:00
pthomson
2275eea93f
Adding OCP 3.11
...
Adding OCP 3.11
2019-06-17 13:44:35 -04:00
Liz Rice
ec9779f56e
Merge pull request #313 from simar7/add-kube-bench-version
...
kube-bench: add version subcommand
2019-06-17 02:27:27 -07:00
Simarpreet Singh
3b7438e2f2
kube-bench: add version subcommand
...
Signed-off-by: Simarpreet Singh <simar@linux.com>
2019-06-12 01:41:09 -07:00
Liz Rice
c76369fe2c
Add missing quote
2019-06-10 20:29:58 -07:00
Liz Rice
7f2e9b5231
Merge branch 'master' into op-regex
2019-06-11 04:28:03 +01:00
Liz Rice
1d7449db34
Merge pull request #309 from simar7/fix-ocp-3.10-yaml
...
ocp-3.10: Fix malformed yaml and improve TestControls_RunChecks
2019-06-11 04:27:25 +01:00
Simarpreet Singh
5df39eed02
ocp-3.10: Fix malformed yaml and improve TestControls_RunChecks
...
This improves the TestControls_RunChecks() test by making
more comprehensive assertions on a more fully fledged input yaml
Fixes: https://github.com/aquasecurity/kube-bench/issues/304
Signed-off-by: Simarpreet Singh <simar@linux.com>
2019-06-10 13:39:43 -07:00
wwwil
7efa7b2c35
Add regex to list of compare ops
2019-06-05 15:29:40 +01:00
wwwil
83c7536c8a
Add tests for regex test op
2019-06-05 15:29:15 +01:00
Liz Rice
46baf8f8b5
Merge pull request #296 from aquasecurity/Config-doc
...
Document version-specific config files
2019-06-05 12:52:32 +02:00
Liz Rice
4f79d62149
Merge branch 'master' into Config-doc
2019-06-05 12:45:27 +02:00
Liz Rice
268fafd495
Merge pull request #300 from danielsagi/add_kubelet_config_path
...
Added another kubelet config file to node:kubelet:confs
2019-06-05 12:45:07 +02:00
Liz Rice
bab1237a44
Merge branch 'master' into add_kubelet_config_path
2019-06-05 12:27:07 +02:00
Liz Rice
d44f865ef3
Merge pull request #256 from aquasecurity/fix-235
...
Rationalize and document config
2019-06-05 12:07:17 +02:00
Liz Rice
e3da299e0c
Merge branch 'master' into fix-235
2019-06-05 11:42:13 +02:00
Liz Rice
81f0d9c6e3
Merge branch 'master' into Config-doc
2019-06-05 11:41:15 +02:00
Liz Rice
312cdb1c6d
Merge pull request #297 from aquasecurity/Openshift-executables
...
Update openshift executables
2019-06-05 11:40:56 +02:00
Liz Rice
0f12dca76d
Merge branch 'master' into Openshift-executables
2019-06-05 11:29:42 +02:00
Liz Rice
87820b9775
Remove duplicate versions section
...
That info is important enough that it needs to stay in the main README.
I also changed the file title
2019-06-05 10:28:11 +01:00
Abubakr-Sadik Nii Nai Davis
85849a3c1f
Add detailed kube-bench config documentation.
2019-06-04 22:25:24 +00:00
Daniel Sagi
43caaab00a
added another kubelet config file to paths, in the main config yaml file. default location for gke cluster
2019-06-04 17:16:05 +03:00
wwwil
e4f0f470ee
Add regex op to test
2019-06-04 11:38:17 +01:00
Liz Rice
5efb3e3b00
Merge pull request #298 from 030/191-master-node-doc
...
[GH-191] explained that master nodes cannot be inspected in managed k8s
2019-06-01 17:26:26 +01:00
Liz Rice
27df1f60ed
Clarification about worker nodes in managed k8s
...
Because we don’t want to put people off running kube-bench altogether in these environments
2019-06-01 18:17:09 +02:00
030
9d0e3491a0
[GH-191] explained that master nodes cannot be inspected in managed k8s
2019-06-01 16:40:50 +02:00
Liz Rice
9d577d94b4
Update openshift executables
2019-05-30 23:04:44 +01:00
Liz Rice
df3577519c
Document version-specific config files
...
Values in the version-specific files override the main file
2019-05-30 22:55:48 +01:00
nshauli
e64f61fa7f
Add --outputfile flag for writing json results to output file ( #295 )
2019-05-29 18:05:55 +03:00
Liz Rice
5e80f41066
Merge pull request #292 from aquasecurity/config-improvements
...
Config improvements
2019-05-28 10:00:34 +02:00
Liz Rice
a8c69b57e8
Merge branch 'master' into config-improvements
2019-05-27 13:10:40 +02:00
Liz Rice
ff6443e279
Merge pull request #284 from yoavAqua/expected-result
...
Genereate expected result automatically for each test
2019-05-26 18:06:27 +02:00
Yoav Hizkiahou
ddb677bc69
Generate expected result by strings join
2019-05-26 10:15:00 +03:00
Yoav Hizkiahou
d1c3e3163b
Genereate expected result automatically for each test
2019-05-26 10:14:25 +03:00
Liz Rice
53ef773944
Merge pull request #281 from yoavAqua/bugfix-no-actual-result
...
The check's actual result property is now set to be the audit command…
2019-05-24 13:22:42 +02:00