arno/kube-bench
1
0
Fork 0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-12-21 14:18:06 +00:00
Code Issues Releases Wiki Activity
72 Commits 6 Branches 84 Tags 158 MiB
d2fa9d35b6
Commit Graph

72 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Abubakr-Sadik Nii Nai Davis
d2fa9d35b6 Rewrite audit commands in the check definition that contain shell builtins 
and modify text to command function to support this.

Shell builtins fail the binary command lookup test which result in a
WARN. Audit commands which include shell builtins must use the form:

   "/bin/sh -c 'sh-builtin arg'"

So they are executed properly. Additionally Go will fail to execute
commands involving shell builtins if they are not in the above format.
 2017-08-12 18:41:41 +00:00
Liz Rice
1c58dfefbb Revert "Add Docker build & push to Travis job" - it's already being built on Docker Hub! 
This reverts commit b339a753b5.
 2017-08-03 16:05:27 +01:00
Liz Rice
b339a753b5 Add Docker build & push to Travis job 2017-08-03 15:53:49 +01:00
Liz Rice
21b7d8d9d6 Merge pull request #24 from ttousai/issue-19 
Update controls to CIS Kubernetes Benchmark v1.1.0
 2017-07-25 09:05:29 +01:00
Abubakr-Sadik Nii Nai Davis
e08e069174 Update controls to CIS Kubernetes Benchmark v1.1.0 2017-07-24 17:30:13 +00:00
Liz Rice
34dd31970a Update README about installation flag 2017-07-20 17:33:21 +01:00
Liz Rice
a6a784f55f Merge pull request #18 from ttousai/issue-17 
Issues #17, #16
 2017-07-17 18:25:53 +01:00
Abubakr-Sadik Nii Nai Davis
f589fd58e1 Add few modifications. 2017-07-13 01:01:18 +00:00
Abubakr-Sadik Nii Nai Davis
3d395994b0 Change environment variable prefix. 2017-07-13 00:24:57 +00:00
Abubakr-Sadik Nii Nai Davis
609c4ff01c Move kubernetes binaries and config paths to kube-bench config. 2017-07-13 00:24:09 +00:00
Abubakr-Sadik Nii Nai Davis
2ee99eca64 Add support for various installation modes, hyperkube, kubeadm and kops. 
Issue #17.
 2017-07-10 00:15:27 +00:00
Abubakr-Sadik Nii Nai Davis
bd53529387 Fix issue #16 about supporting verbosity. 2017-07-07 17:01:30 +00:00
Abubakr-Sadik Nii Nai Davis
06466d6573 Fix issue with kubernetes version check, where the master binary is 
used for all modes including nodes and federated.
 2017-07-06 18:31:18 +00:00
Liz Rice
6d26814cf6 Merge pull request #14 from ttousai/issue-7 
Resolve issue #7 wait: error running audit command exit status 1.
 2017-07-05 16:37:02 +01:00
Abubakr-Sadik Nii Nai Davis
dbbafd54a5 Do not exit on command exit, print error message to stderr and continue. 2017-07-05 12:56:01 +00:00
Abubakr-Sadik Nii Nai Davis
b1a76360e7 Do not clutter the output with error messages from commands in the audit pipeline. 2017-07-04 17:04:43 +00:00
Abubakr-Sadik Nii Nai Davis
6ee9bedfb8 Print verification warnings at only one point. 2017-07-04 16:53:39 +00:00
Abubakr-Sadik Nii Nai Davis
2119d119b0 Restore warning messages and dont quit on verification error. 2017-07-04 15:38:34 +00:00
Abubakr-Sadik Nii Nai Davis
e6479afd01 Reset audit commands to ps -ef ... closer to benchmark. 2017-07-04 15:19:09 +00:00
Abubakr-Sadik Nii Nai Davis
e61dcabdfb Remove extraneous debug commands. 2017-06-30 14:56:23 +00:00
Abubakr-Sadik Nii Nai Davis
d0d9900b29 Resolve issue #7 wait: error running audit command exit status 1. 
This is caused by a command in the audit pipeline (for example
ps -ef | grep kube-apiserver) failing. The causes of this failure
in my testing is usually a missing config file.

Extensive refactor and correction in verification code to check for
config files and binaries.

Replace joncalhoun/pipes with implementation using exec.Cmds so errors
are visible and can be handled when audit pipeline commands fail.

Change some audit commands
from: ps -ef | grep <cmd> | grep -v
to:   ps -C <something> -o comm,args --no-headers

which is simpler to work with.
 2017-06-30 14:19:38 +00:00
Liz Rice
e8df4aa512 Add test to validate the YAML files 2017-06-23 12:05:07 +01:00
Liz Rice
b4237ccb73 Better error handling when reading YAML files 2017-06-23 12:04:46 +01:00
Liz Rice
f920d61a6a Merge pull request #9 from aquasecurity/json 
If output format is JSON, don't also output human-readable warnings
 2017-06-23 11:10:08 +01:00
Liz Rice
1b3144af37 Hopefully this adds go tests to the travis job 2017-06-23 10:52:08 +01:00
Liz Rice
07750ea43a Don't output message about config file if output format is JSON 2017-06-23 10:48:49 +01:00
Liz Rice
6340ee44c5 Don’t output warnings as text if we’re generating JSON output. Add error handling in a few missing cases. Some comment tidying. 2017-06-23 10:41:40 +01:00
Liz Rice
f6509b804e Typo 2017-06-23 10:28:58 +01:00
Liz Rice
b36832e40c Correct block-copy error in flanneld config directory 2017-06-23 09:58:46 +01:00
Liz Rice
1be52fb304 Add missing error output if JSON output can't be emitted 2017-06-23 09:40:53 +01:00
Liz Rice
44136fa080 Add image and commit badges to README 2017-06-22 16:36:50 +01:00
Liz Rice
e69ccba8c7 Docker build hook to add label info 2017-06-22 16:22:54 +01:00
Liz Rice
74ca02298e Add image labels 2017-06-22 16:15:42 +01:00
Liz Rice
3b93167c07 And now correct the flag and put it in the right place 2017-06-22 16:02:36 +01:00
Liz Rice
0c30f24b59 Travis build name got updated so the badges need updating too 2017-06-22 15:51:29 +01:00
Liz Rice
903f232dc1 Correct bad yaml indentation 2017-06-22 15:46:47 +01:00
Liz Rice
0d6d3a03ef Allow config file to be specified on the command line 2017-06-22 15:34:21 +01:00
Liz Rice
96364e3f29 Error if the config file can’t be found 2017-06-22 15:34:01 +01:00
Liz Rice
c07a8e2c81 Minor language improvement 2017-06-22 15:19:57 +01:00
jerbia
432651e85f Added test 1.4.11 (#8) 2017-06-21 22:45:50 +03:00
jerbia
d3bbf2698e Removed extra '\' sign (#6) 
There was an extra '\' sign in the docker pull command
 2017-06-21 14:46:23 +03:00
Amir Jerbi
61d840e37d Add screenshot 2017-06-20 13:48:19 +03:00
jerbia
8fcc4e3cba Delete output.png 2017-06-20 13:47:37 +03:00
Amir Jerbi
96b757414a changed screenshot 2017-06-20 13:45:26 +03:00
Amir Jerbi
d96918fb08 Merge branch 'master' of github.com:aquasecurity/kubernetes-bench-security 2017-06-20 13:43:23 +03:00
Amir Jerbi
9a471ef1a4 Added screenshot 2017-06-20 13:43:03 +03:00
Amir Jerbi
eefa0dfb61 Change check 1.15 
Check is successful in case --kubelet-https is set to true OR missing
 2017-06-20 13:29:58 +03:00
Liz Rice
f2d49848f4 Travis build failing, let's see if this works 2017-06-20 11:23:01 +01:00
Liz Rice
1ad63cb4e6 Correct a block-copy mistake in one of the test configs 2017-06-20 11:12:36 +01:00
Liz Rice
c3d67e0fee Use colorPrint for config file info too 2017-06-20 11:10:11 +01:00