Roberto Rojas
3aa41db166
Issue #353 : Merges JSON and Exec Params files ( #426 )
...
* starts fixes #353
* new approach to minize duplications
* applied merged yaml files for v1.11 and v1.13
* yaml files json/params merged
* fixes to remove double quotes from numbers and booleans
* fixed bug
* fixed certificate check
* removed -json files
* changes based on PR review
* Update check/check_test.go
Yay more tests!
Co-Authored-By: Liz Rice <liz@lizrice.com>
* changes as PR review
* fixed bug when scored check is missing tests
* attempt to improve the code
* fixed list breaks
* removes handleError function
* Update check/check.go
Accepting suggested log level.
Co-Authored-By: Liz Rice <liz@lizrice.com>
2019-10-14 10:37:10 -04:00
Roberto Rojas
c22f81610d
removes federated ( #431 )
2019-10-12 19:00:26 -04:00
Simarpreet Singh
37f626dce6
cfg: Make proxy checks optional ( #436 )
...
Signed-off-by: Simarpreet Singh <simar@linux.com>
2019-10-08 11:53:39 +01:00
Roberto Rojas
f343d36862
hyperkube v1.15 renamed "proxy" to "kube-proxy" ( #400 )
2019-08-28 16:53:48 +01:00
Roberto Rojas
3e5d02e920
fixes issue #386 ( #397 )
...
* fixes issue #386
* Correct typo
2019-08-28 09:27:56 +01:00
Patrick Lieberg
0d81ef10d5
Update config.yaml to add Azure AKS file locations for kubelet ( #383 )
...
* testing Azure config locations
* "Updated default config.yaml to incorporate Azure AKS file locations for kubelet"
* "Adjusted order of new lines. Removed unneeded lines."
2019-08-22 14:52:34 +01:00
zilard
d8528a1ec8
issue #234 : implement test 2.2.8 ( #343 )
...
* implement test 2.2.8
* Nit: correct indentation
The indentation looked a bit wonky due to spaces vs tabs; hopefully this corrects it
2019-07-10 10:43:15 +01:00
Manuel Rüger
5e6cdfdb0e
Detect kube-controller in CMD ( #326 )
...
If kube-controller-manager is getting detected by older versions of
procps, it will only be detected if we're looking for kube-controller
(15 chars)
NOTE: "The command name is not the same as the command line. Previous versions of
procps and the kernel truncated this command name to 15
characters. This limitation is no longer present in both. If
you depended on matching only 15 characters, you may no longer
get a match."
2019-06-28 16:58:23 +01:00
Daniel Sagi
43caaab00a
added another kubelet config file to paths, in the main config yaml file. default location for gke cluster
2019-06-04 17:16:05 +03:00
Liz Rice
12e48297a6
Config file improvements
...
Correct defaults in main config.yaml file
Remove unnecessary overrides in version-specific config.yaml
2019-05-17 14:21:42 +01:00
Liz Rice
caf3fbd0a0
Moving more config into master config file
2019-05-13 18:20:57 +01:00
Liz Rice
9b3628e76a
Update openshift executable config for #236
2019-03-07 11:18:06 +00:00
Abubakr-Sadik Nii Nai Davis
a88b0703d8
Add kubeconfig variable substitution for kubelet and proxy.
...
There are checks for the kubeconfig for both kubelet and proxy which
the current kube-bench implementation does not check for properly.
kube-bench checks the wrong files.
This PR adds support for variable substitution for all the config file
types are that should be checked in the CIS benchmarks.
This PR also fixes a buggy in CIS 1.3.0 check 2.2.9, which checks for
ownership of the kubelet config file /var/lib/kubelet/config.yaml but
recommends changing ownership of kubelet kubeconfig file
/etc/kubernetes/kubelet.conf as remediation.
2019-02-27 22:15:14 +00:00
Abubakr-Sadik Nii Nai Davis
3f98c1def2
Fix wrong reference to kubelet.config in node checks.
...
This fix applies to only checks for kubernetes versions 1.8 and 1.11.
See https://github.com/aquasecurity/kube-bench/pull/208 .
2019-02-27 22:14:19 +00:00
Abubakr-Sadik Nii Nai Davis
04f044e3b9
Add support for merging general and kubernetes version specific config files.
...
This change unifies all config files, podspecs and unitfiles under
a single component configuration key; `config`.
2017-11-28 17:38:34 +00:00
Abubakr-Sadik Nii Nai Davis
e227934c88
Add function to get unit files for kubernetes components.
2017-10-15 13:20:01 +00:00
Abubakr-Sadik Nii Nai Davis
6ce0c5bf60
Add function to get pod specs for kubernetes components.
2017-10-15 13:19:57 +00:00
Liz Rice
a6036bcfcf
Corrections to config file substitutions. Use “kubernetes” as a fake component name so we can more easily substitute “kubernetesconf”
2017-08-31 17:39:48 +01:00
Liz Rice
a3197f8efe
Reorder YAML to make a bit more sense. Allow for optional components, and a config file that we don’t think exists.
2017-08-31 14:45:16 +01:00
Liz Rice
e4e41683c4
Update the config file
2017-08-30 18:36:00 +01:00
Liz Rice
cf62def9fd
Better config file locations
2017-08-15 20:07:27 +01:00
Abubakr-Sadik Nii Nai Davis
f88de572f6
Improve error handling.
2017-07-25 00:34:07 +00:00
Abubakr-Sadik Nii Nai Davis
609c4ff01c
Move kubernetes binaries and config paths to kube-bench config.
2017-07-13 00:24:09 +00:00
Amir Jerbi
55fd838191
No need to run install.sh.
...
Simply clone the project, compile the go app and run ./cis_kubernetes
2017-06-20 00:03:46 +03:00
Amir Jerbi
154a140f74
Initial commit
2017-06-19 17:01:57 +03:00