1
0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-11-17 21:58:42 +00:00
Commit Graph

46 Commits

Author SHA1 Message Date
Liz Rice
b0d175bf5c
Update default Kubernetes to 1.18 (#657)
* Update default Kubernetes to 1.18

* Add missing mapping

* Show pod logs on failure
2020-08-04 16:40:12 +03:00
Huang Huang
52ebfa5b5a
Fix invalid JSON output (#629)
* Fix invalid JSON output

Fixes #622

* Apply suggestions from code review

Co-authored-by: Liz Rice <liz@lizrice.com>

* Add tests

Co-authored-by: Liz Rice <liz@lizrice.com>
2020-06-24 10:13:10 +01:00
Abubakr-Sadik Nii Nai Davis
d988b81540
CIS GKE 1.0.0 benchmark (#570)
* Add initial commit for CIS GKE 1.0 benchmark

* Update README with GKE instructions

* Fix YAML linter issues

* Set GKE benchmark k8s version to gke-1.0

* Add tests for gke-1.0

Co-authored-by: Roberto Rojas <robertojrojas@gmail.com>
2020-03-03 09:51:48 -05:00
Murali Paluru
b677c86868 remove always true for logtostderr (#548)
* remove always true for logtostderr

* update README for log collection instructions

Co-authored-by: Liz Rice <liz@lizrice.com>
2020-01-07 13:04:06 +00:00
Roberto Rojas
13193d75b0
Fixes Issue #535 (#537)
* isEtcd should not run on openshift 3.10/3.11

* adds openssl

* fixed tests

* fixes bugs

* adds isEtcd tests
2019-12-13 10:09:30 -05:00
Roberto Rojas
62af68f3f5
fixes issue #536 (#540) 2019-12-12 16:51:35 -05:00
Roberto Rojas
af976e6f50
Fixes Issue #494 - add tests for CIS 1.5 (#530)
* Initial commit.

* Add master and node config.

* Add section 5 of CIS 1.5.1.

* Split sections into section files

* Fix YAML issues.

* adds target translation

* adds target translation

* adds cis-1.5 mapping

* fixed tests

* fixes are per PR

* fixed intergration test

* integration kind test file to appropriate ks8 version

* fixed etcd text

* fixed README

* fixed text

* etcd: fixed grep path

* etcd: fixes

* fixed error message bug

* Update README.md

Co-Authored-By: Liz Rice <liz@lizrice.com>

* Update README.md

Co-Authored-By: Liz Rice <liz@lizrice.com>

* fixes as per PR review
2019-12-05 15:55:44 -05:00
Liz Rice
f2caa1f0ec
Add run subcommand (#529)
* test: fix TestGetConfigFilePath

This test wasn't correctly creating the test file due to the wrong directory permissions on the temp file. This wasn't detected due to a lack of error checking.

Also, the code was only checking for file not exist rather than lack of permission to read file (or any other error).

The combination of these two things means the test wasn't checking what it thought it was checking, and passed more by luck than judgment.

* add getYamlFilesFromDir

* add getTestYamlFiles and test

* docs: Update master / node help text

* return path + filename from getYamlFilesFromDir

* subcommand run to run specific section files
2019-12-02 15:40:44 +00:00
John Schnake
6ffd382711 Add option to output in JUnit format (#516)
If running these checks in a CI system it may be beneficial
to output in a more standardized format such as JUnit for
parsing by other tools in a consistent manner.

Fixes #460

Signed-off-by: John Schnake <jschnake@vmware.com>
2019-11-13 08:03:04 -05:00
Roberto Rojas
7ca438b618
Fixes Issue 269 - Numbering to use CIS Versions (#511)
* starting benchmark flag

* Revert "starting benchmark flag"

This reverts commit 58fc948626.

* fixes issue #269

* add more unit tests

* fix bug

* Update cmd/common.go

Co-Authored-By: Liz Rice <liz@lizrice.com>

* fixes as per PR review

* fixes as per PR review

* adds more tests

* fixed tests

* changes as per PR Review

* changes as per PR Review

* updated README

* Update README.md

Co-Authored-By: Liz Rice <liz@lizrice.com>

* Update README.md

Co-Authored-By: Liz Rice <liz@lizrice.com>

* Update README.md

Co-Authored-By: Liz Rice <liz@lizrice.com>

* Update README.md

Co-Authored-By: Liz Rice <liz@lizrice.com>

* changes are per PR review
2019-11-05 16:31:27 -05:00
Roberto Rojas
a6ee61fd08
Fixes issue #289: removed versions prior to 1.11 (#429)
* removed version prior to 1.11

* removed references to kubernetes versions prior to 1.11
2019-10-14 10:52:43 -04:00
Roberto Rojas
c22f81610d
removes federated (#431) 2019-10-12 19:00:26 -04:00
Abubakr-Sadik Nii Nai Davis
92df9cb36c Read kubernetes version from environment (#390)
* Read kubernetes version from environment

Set kubernetes version to the value of the environment variable `KUBE_BENCH_VERSION` if it is defined and the flag `--version` is not specified on the kube-bench command line.

The command line flag `--version` takes precedence of the environment variable `KUBE_BENCH_VERSION` if both are defined.

* Add info about KUBE_BENCH_VERSION to README
2019-08-27 09:04:11 +01:00
Abubakr-Sadik Nii Nai Davis
3fba5f4dac Fix version command failing because of missing config file it does not need. (#377)
* Fix version command failing because of missing config file it does
not need.

* Fix typo

* Remove reference to github issue in comment
2019-08-22 13:43:09 +01:00
patelpayal
e6e6333e6d add glog flush to write the output to a file (#329)
* add glog flush to write the output to a file

* add glog flush before exit on error and fix code comment
2019-07-01 09:49:46 +01:00
nshauli
e64f61fa7f Add --outputfile flag for writing json results to output file (#295) 2019-05-29 18:05:55 +03:00
Yoav Hizkiahou
3aa28c4c32 Printing the actual test result of failed tests - when a flag is raised
fix #110
2019-05-15 10:14:11 +03:00
Daniel Pacak
5fb133cd02 Adjust the semantics of scored and unscored flags 2019-05-01 22:52:56 +02:00
Daniel Pacak
306e1960af Add flags to further filter CIS checks to run 2019-05-01 22:52:56 +02:00
Cyril Tovena
5baf81a70a Adds master node detection and a root command that automatically detect checks to run.
The root command will run node checks and if possible master checks.
I've also added some Makefile targets to improve local testing and improve the documentation.
2019-03-12 19:32:05 -04:00
bvwells
cc43fcbb7e Add link to CIS kubernetes benchmark 2018-08-10 20:55:02 +01:00
Abubakr-Sadik Nii Nai Davis
6d237607fb Fix typo in help text. 2018-05-15 04:50:39 +00:00
Abubakr-Sadik Nii Nai Davis
5da707b8d6 Remove CIS benchmark version in tool title.
it has grown stale and is dependent on k8s version we are checking.
2018-05-15 04:23:39 +00:00
Liz Rice
0b4872104d
Merge branch 'master' into feature/issue-107 2018-04-16 17:15:30 +01:00
Will Medlar
9469b1c124 Allow kubernetes version and config directory to be specified (resolves #107) 2018-04-12 15:01:58 -04:00
Abubakr-Sadik Nii Nai Davis
ade064006e Add extra output manipulation flags, --noremediations, --nosummary and
--noresults.

These flags disable printing sections of the final output of kube-bench.
2018-04-10 20:01:47 +00:00
Lee Briggs
94a1f3c41f
Lint all code for golint tests 2018-01-11 10:01:58 -08:00
Abubakr-Sadik Nii Nai Davis
42a1068964 Add default version if version check fails. 2017-11-13 15:25:34 +00:00
Steven Logue
d79a2a5478 added support for saving scan results to pgsql 2017-10-31 13:08:46 -07:00
Liz Rice
c4be4a1240 Remove installation flag and some other unused variables 2017-08-31 17:52:21 +01:00
Abubakr-Sadik Nii Nai Davis
f88de572f6 Improve error handling. 2017-07-25 00:34:07 +00:00
Abubakr-Sadik Nii Nai Davis
3d395994b0 Change environment variable prefix. 2017-07-13 00:24:57 +00:00
Abubakr-Sadik Nii Nai Davis
609c4ff01c Move kubernetes binaries and config paths to kube-bench config. 2017-07-13 00:24:09 +00:00
Abubakr-Sadik Nii Nai Davis
2ee99eca64 Add support for various installation modes, hyperkube, kubeadm and kops.
Issue #17.
2017-07-10 00:15:27 +00:00
Abubakr-Sadik Nii Nai Davis
bd53529387 Fix issue #16 about supporting verbosity. 2017-07-07 17:01:30 +00:00
Abubakr-Sadik Nii Nai Davis
d0d9900b29 Resolve issue #7 wait: error running audit command exit status 1.
This is caused by a command in the audit pipeline (for example
ps -ef | grep kube-apiserver) failing. The causes of this failure
in my testing is usually a missing config file.

Extensive refactor and correction in verification code to check for
config files and binaries.

Replace joncalhoun/pipes with implementation using exec.Cmds so errors
are visible and can be handled when audit pipeline commands fail.

Change some audit commands
from: ps -ef | grep <cmd> | grep -v
to:   ps -C <something> -o comm,args --no-headers

which is simpler to work with.
2017-06-30 14:19:38 +00:00
Liz Rice
07750ea43a Don't output message about config file if output format is JSON 2017-06-23 10:48:49 +01:00
Liz Rice
f6509b804e Typo 2017-06-23 10:28:58 +01:00
Liz Rice
0d6d3a03ef Allow config file to be specified on the command line 2017-06-22 15:34:21 +01:00
Liz Rice
96364e3f29 Error if the config file can’t be found 2017-06-22 15:34:01 +01:00
jerbia
432651e85f Added test 1.4.11 (#8) 2017-06-21 22:45:50 +03:00
Liz Rice
c3d67e0fee Use colorPrint for config file info too 2017-06-20 11:10:11 +01:00
Liz Rice
dcd416a521 Executable name changes
Updates to travis file, readme and help text
2017-06-20 09:52:53 +01:00
Amir Jerbi
55fd838191 No need to run install.sh.
Simply clone the project, compile the go app and run ./cis_kubernetes
2017-06-20 00:03:46 +03:00
Liz Rice
26cc77ec1d Get the tests working on deployments where file names may be different or not in path (#1)
* Replace the default help text

* Readme file, including the test config format documentation

* Typo

* Warn if config files / executables aren't found

* Ignore original name of executable (as per current README)

* Update tests to avoid failing on stat of a non-existant file

* Add a makefile for ease of build
2017-06-19 23:17:19 +03:00
Amir Jerbi
154a140f74 Initial commit 2017-06-19 17:01:57 +03:00