Saurya Das
ca749ccb32
Adding a section for Azure Kubernetes Service ( #495 )
...
* Adding a section for Azure Kubernetes Service
steps to run kube bench on AKS worker nodes
* Update README.md
* Update README.md
Co-authored-by: Roberto Rojas <robertojrojas@gmail.com>
Co-authored-by: Liz Rice <liz@lizrice.com>
2019-12-20 12:17:00 +00:00
Zeid Marouf
299ab36a13
doc: fix ECR image build instructions for EKS mode ( #531 )
2019-12-20 12:00:38 +00:00
Roberto Rojas
9fc13ca02e
Fixes Issue #538 ( #539 )
...
* Adds openshift to autodetect node type
* detect okd node units
* OCP fixes
2019-12-13 11:04:58 -05:00
Roberto Rojas
13193d75b0
Fixes Issue #535 ( #537 )
...
* isEtcd should not run on openshift 3.10/3.11
* adds openssl
* fixed tests
* fixes bugs
* adds isEtcd tests
2019-12-13 10:09:30 -05:00
Roberto Rojas
62af68f3f5
fixes issue #536 ( #540 )
2019-12-12 16:51:35 -05:00
Huang Huang
4a07f87e6f
Fix remediations about file permission ( #534 )
...
* Fix remediation of 2.2.3 in cis-1.3
* Fix remediation of 4.1.1 in cis-1.5
2019-12-10 13:57:07 -05:00
Mateus Caruccio
6e1c39237a
Openshift configs ( #526 )
...
* Adds openshift to autodetect node type
* detect okd node units
2019-12-09 09:07:44 -05:00
Roberto Rojas
af976e6f50
Fixes Issue #494 - add tests for CIS 1.5 ( #530 )
...
* Initial commit.
* Add master and node config.
* Add section 5 of CIS 1.5.1.
* Split sections into section files
* Fix YAML issues.
* adds target translation
* adds target translation
* adds cis-1.5 mapping
* fixed tests
* fixes are per PR
* fixed intergration test
* integration kind test file to appropriate ks8 version
* fixed etcd text
* fixed README
* fixed text
* etcd: fixed grep path
* etcd: fixes
* fixed error message bug
* Update README.md
Co-Authored-By: Liz Rice <liz@lizrice.com>
* Update README.md
Co-Authored-By: Liz Rice <liz@lizrice.com>
* fixes as per PR review
2019-12-05 15:55:44 -05:00
Huang Huang
7015f4b4b5
Fix remediation of 2.2.3 ( #527 )
2019-12-04 07:06:50 -08:00
Liz Rice
f2caa1f0ec
Add run subcommand ( #529 )
...
* test: fix TestGetConfigFilePath
This test wasn't correctly creating the test file due to the wrong directory permissions on the temp file. This wasn't detected due to a lack of error checking.
Also, the code was only checking for file not exist rather than lack of permission to read file (or any other error).
The combination of these two things means the test wasn't checking what it thought it was checking, and passed more by luck than judgment.
* add getYamlFilesFromDir
* add getTestYamlFiles and test
* docs: Update master / node help text
* return path + filename from getYamlFilesFromDir
* subcommand run to run specific section files
2019-12-02 15:40:44 +00:00
Roberto Rojas
8780e5cb59
adds kube-bench version to docker build hook ( #524 )
2019-11-27 20:06:42 +00:00
gy741
230d286708
Use COPY instead of ADD in Dockerfile ( #502 )
2019-11-27 11:25:19 -05:00
Roberto Rojas
9c6d4de860
Issue #421 : Merges PR #422 with master ( #523 )
...
* Add kubeconfig location of kube-proxy for AKS
* Add job for AKS node
* Automate ca file permission check
* removed job-aks.yaml as other PRs added needed features
* fixed integration test due to merge changes
2019-11-27 15:30:29 +00:00
Roberto Rojas
e2f61fad13
Fixes issue #391 : Replaced calling docker directly by using "make build-docker" ( #522 )
...
replaced calling docker directly by using "make build-docker"
2019-11-26 08:20:05 -08:00
Roberto Rojas
47c5661034
Fixes issue #439 : Adds integration testing using KIND ( #520 )
...
* Fixes issue #439 : Adds integration testing using KIND
* try integration tests
* started using ticker and timeouts
* trying built container image
* adds load image into KIND
* adds comparison
* fixes as per PR review
2019-11-16 09:39:47 -05:00
John Schnake
6ffd382711
Add option to output in JUnit format ( #516 )
...
If running these checks in a CI system it may be beneficial
to output in a more standardized format such as JUnit for
parsing by other tools in a consistent manner.
Fixes #460
Signed-off-by: John Schnake <jschnake@vmware.com>
2019-11-13 08:03:04 -05:00
Roberto Rojas
b92d30bd11
Fixes issue #517 : Determines Kubernetes version using the REST API ( #518 )
...
* Fixes issue #517 : Determines Kubernetes version using the REST API
* fixes
* fixes
* adds tests
* fixes
* added more tests
* kubernetes_version_test: Add a missing case for invalid certs
Signed-off-by: Simarpreet Singh <simar@linux.com>
* kubernetes_version_test: Remove un-needed casts
Signed-off-by: Simarpreet Singh <simar@linux.com>
* fixes as per PR review
* fixes as per PR review
2019-11-12 13:47:42 -08:00
Liz Rice
9a950d2d9a
docs: Note about not changing license etc ( #514 )
2019-11-06 16:44:14 +01:00
Jonathan Rau
51aa10e354
Update EKS Config & Create EKS Guide ( #489 )
...
* Change EKS Readme
* Fix readme formatting
* Update README.md
Co-Authored-By: Liz Rice <liz@lizrice.com>
* Update README.md
Co-Authored-By: Liz Rice <liz@lizrice.com>
* Update README.md
2019-11-06 07:34:43 +01:00
Sebastian Ehmann
56fa231376
Remove nil check ( #493 )
...
As the length of a nil slice is defined as 0, the nil check is
redundand. (suggested by golanci-lint/gosimple)
2019-11-05 20:23:31 -05:00
Sebastian Ehmann
09fb3c4fe4
Check error before deferring db.Close() ( #491 )
2019-11-05 20:17:03 -05:00
Sebastian Ehmann
b9be7daa4a
Directly convert buffer to string ( #492 )
...
Using `buf.String()` instead of `fmt.Sprintf` is simpler
2019-11-05 20:07:41 -05:00
Liz Rice
d7b5422e8a
Fix detection of encryption-provider-config ( #513 )
...
Fixes: https://github.com/aquasecurity/kube-bench/issues/420
Signed-off-by: Manuel Rüger <manuel@rueg.eu>
2019-11-05 19:45:40 -05:00
Soumyadeep Sinha
8e4da53006
Fixed some typos ( #446 )
...
* Fixed some typos
* Fixed some typos
* Fixed typo and capitalization of Kubernetes
* Update README.md
Co-Authored-By: Liz Rice <liz@lizrice.com>
* Update README.md
Co-Authored-By: Liz Rice <liz@lizrice.com>
* Update docs/README.md
Co-Authored-By: Liz Rice <liz@lizrice.com>
* Update docs/README.md
Co-Authored-By: Liz Rice <liz@lizrice.com>
* Update README.md
Co-Authored-By: Liz Rice <liz@lizrice.com>
* Update docs/README.md
Co-Authored-By: Liz Rice <liz@lizrice.com>
* docs: trivial, reinstate capital K
* docs: trivial, reinstate backticks
* docs: trivial, reinstate "in order" for clarity
* docs: trivial, reinstate capital K
2019-11-05 14:59:29 -08:00
Roberto Rojas
7ca438b618
Fixes Issue 269 - Numbering to use CIS Versions ( #511 )
...
* starting benchmark flag
* Revert "starting benchmark flag"
This reverts commit 58fc948626
.
* fixes issue #269
* add more unit tests
* fix bug
* Update cmd/common.go
Co-Authored-By: Liz Rice <liz@lizrice.com>
* fixes as per PR review
* fixes as per PR review
* adds more tests
* fixed tests
* changes as per PR Review
* changes as per PR Review
* updated README
* Update README.md
Co-Authored-By: Liz Rice <liz@lizrice.com>
* Update README.md
Co-Authored-By: Liz Rice <liz@lizrice.com>
* Update README.md
Co-Authored-By: Liz Rice <liz@lizrice.com>
* Update README.md
Co-Authored-By: Liz Rice <liz@lizrice.com>
* changes are per PR review
2019-11-05 16:31:27 -05:00
mwwolters
8276e521d4
Changed 1.3.3 to check that --use-service-account-credentials isn't set to false, but the flag is set ( #442 )
2019-11-05 21:29:16 +01:00
Roberto Rojas
d5a02f7cb4
Fixes Issue #331 : Changes the Error Message When Programs are Missing ( #497 )
...
* changed error description for missing kubectl/kubelet execs
* adds function to generate error message for missing components
* adds function to generate error message for missing components
* adds function to generate error message for missing components
* Update cmd/util.go
Co-Authored-By: Liz Rice <liz@lizrice.com>
* Update cmd/util.go
Co-Authored-By: Liz Rice <liz@lizrice.com>
* Update cmd/util.go
Co-Authored-By: Liz Rice <liz@lizrice.com>
* Update cmd/util.go
Co-Authored-By: Liz Rice <liz@lizrice.com>
* Update cmd/util.go
Co-Authored-By: Liz Rice <liz@lizrice.com>
* fixed error message
* changes are per PR review
2019-11-05 10:44:57 -05:00
Roberto Rojas
13fe1cdfb8
Fixes issue #501 : specifying absolute path for both ps and cat ( #508 )
...
* fixes issue #501
* specify abolute path for ps and cat
2019-11-01 13:10:52 +00:00
Nando Theessen
91bd47f296
Fixes job-eks.yaml to not fail on startup ( #461 )
2019-10-25 20:31:57 -04:00
Kevin W Monroe
04946a48fb
add snap component paths to default config ( #414 )
2019-10-25 20:19:56 -04:00
Prem Kumar
01ee110ac4
Fix repetitive flags in some ocp-3.11 tests ( #462 )
...
* fix flag repetition in ocp-3.11/node.yaml
* fix flag repetition in ocp-3.11/master.yaml
2019-10-25 20:12:56 -04:00
michizhou
b0abc74350
Fixed documentation errors ( #450 )
2019-10-25 11:58:41 -07:00
DarthSett
bea820bdfe
Improve CONTRIBUTING.md ( #483 )
...
Fixed the grammar as per the issue [#472 ](https://github.com/aquasecurity/kube-bench/issues/472 )
2019-10-24 14:20:22 -07:00
Arpit Pandey
ce0137a31a
Fix few typos ( #469 )
2019-10-24 14:05:13 -07:00
Saiyam Pathak
39d9ef9d37
usr-bin volume mount not required ( #424 )
...
usr-bin volume mount not required as using kubelet version in command
2019-10-24 14:49:33 +01:00
Alexey Pyltsyn
7a2cc3f554
Improve docs ( #437 )
2019-10-24 09:15:29 +01:00
Sidhya Tikku
bf383ec1f7
Added .DS_Store and thumbs.db to .gitignore ( #463 )
...
* Delete .DS_Store
* Update .gitignore
2019-10-24 09:04:13 +01:00
PARAM MITTAL
5f647d6a36
Fix typo in Contributing file ( #471 )
2019-10-24 08:57:32 +01:00
John Schnake
2657c2f96f
Use newer kind load docker-image
command ( #459 )
...
Updates the logic for `kind-push` in the makefile to use
the new, simple command provided by kind.
Fixes #458
2019-10-23 12:15:02 -07:00
Mohan Sha
b009520ea3
Added table of contents for navigation ( #455 )
2019-10-23 19:08:04 +01:00
Nikita Titov
146de15c2e
removed deprecated field in Travis config ( #452 )
2019-10-23 18:45:10 +01:00
Simarpreet Singh
d77eab2234
master.yaml: Add --audit-policy-file check for 1.1.37. ( #440 )
...
* master.yaml: Add --audit-policy-file check for 1.1.37.
Signed-off-by: Simarpreet Singh <simar@linux.com>
* fix-177: fix line endings
Signed-off-by: Simarpreet Singh <simar@linux.com>
2019-10-18 13:23:23 -07:00
Itay Shakury
3964377a80
add contribution guidelines ( #454 )
2019-10-16 17:51:33 +03:00
Liz Rice
1b49050974
docs: Clarify the meaning of WARN state ( #430 )
...
* docs: Clarify the meaning of WARN state
* Update README.md
2019-10-15 10:04:18 -04:00
Simarpreet Singh
d12a45bba9
Properly initialize viper library when checking for master components ( #434 )
...
* common_test: Add a failing test to show the SISEGV
Signed-off-by: Simarpreet Singh <simar@linux.com>
* common: Go green by fixing isMaster() to instantiate viper
Signed-off-by: Simarpreet Singh <simar@linux.com>
* common: Inject a seam for getBinariesFunc to be patched-in.
Also adds additional tests to showcase unhappy behaviors.
Signed-off-by: Simarpreet Singh <simar@linux.com>
* common_test: Rename TestIsMaster()
Signed-off-by: Simarpreet Singh <simar@linux.com>
* common: init viper with master config
Signed-off-by: Simarpreet Singh <simar@linux.com>
* common: Add a pre-check if valid yaml is passed but doesn't include master.
Also adds additional tests to showcase unhappy behaviors.
Signed-off-by: Simarpreet Singh <simar@linux.com>
* mod: Upgrade viper to v1.4.0
Signed-off-by: Simarpreet Singh <simar@linux.com>
* common: Refactor node only yaml to a file
Signed-off-by: Simarpreet Singh <simar@linux.com>
* common: Log when master components are not found
Signed-off-by: Simarpreet Singh <simar@linux.com>
* common_test: Refactor subtests into a table
Signed-off-by: Simarpreet Singh <simar@linux.com>
2019-10-14 11:15:08 -04:00
Roberto Rojas
a6ee61fd08
Fixes issue #289 : removed versions prior to 1.11 ( #429 )
...
* removed version prior to 1.11
* removed references to kubernetes versions prior to 1.11
2019-10-14 10:52:43 -04:00
Roberto Rojas
3aa41db166
Issue #353 : Merges JSON and Exec Params files ( #426 )
...
* starts fixes #353
* new approach to minize duplications
* applied merged yaml files for v1.11 and v1.13
* yaml files json/params merged
* fixes to remove double quotes from numbers and booleans
* fixed bug
* fixed certificate check
* removed -json files
* changes based on PR review
* Update check/check_test.go
Yay more tests!
Co-Authored-By: Liz Rice <liz@lizrice.com>
* changes as PR review
* fixed bug when scored check is missing tests
* attempt to improve the code
* fixed list breaks
* removes handleError function
* Update check/check.go
Accepting suggested log level.
Co-Authored-By: Liz Rice <liz@lizrice.com>
2019-10-14 10:37:10 -04:00
Roberto Rojas
c22f81610d
removes federated ( #431 )
2019-10-12 19:00:26 -04:00
Roberto Rojas
91dfeb7577
passes KUBEBENCH_VERSION down to Dockerfile ( #428 )
2019-10-12 18:53:17 -04:00
Roberto Rojas
4416e46967
Adds Unit Tests for check/toNumeric ( #401 )
...
* fixes issue #364
* fixed unit test error text
2019-10-12 18:46:19 -04:00