arno/kube-bench
1
0
Fork 0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-11-15 20:39:08 +00:00
Code Issues Releases Wiki Activity
328 Commits 4 Branches 81 Tags 157 MiB
e1f5bb1ace
Commit Graph

328 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Liz Rice
de12829923 Correct test to cope with multi-line ps output 2017-08-31 17:43:07 +01:00
Liz Rice
a6036bcfcf Corrections to config file substitutions. Use “kubernetes” as a fake component name so we can more easily substitute “kubernetesconf” 2017-08-31 17:39:48 +01:00
Liz Rice
e4a89123e0 Move message about which config file we’re using into a log at the start 2017-08-31 17:38:11 +01:00
Liz Rice
8380ad1ef3 Better detection of running executables 2017-08-31 16:01:31 +01:00
Liz Rice
d637d8714a Fix and add tests 2017-08-31 15:22:30 +01:00
Liz Rice
a3197f8efe Reorder YAML to make a bit more sense. Allow for optional components, and a config file that we don’t think exists. 2017-08-31 14:45:16 +01:00
Liz Rice
e4b905e360 Log when there’s no substitution 2017-08-31 14:43:59 +01:00
Liz Rice
f5550fd8bd Node type is now verified by looking for running binaries from a set of options 2017-08-31 14:43:35 +01:00
Liz Rice
0e9c11ebd5 Remove empty error messages that manifested as "%s" 2017-08-31 14:41:52 +01:00
Liz Rice
6a5a62b278 Autodetect the binaries and config files from a set of options 2017-08-30 18:37:01 +01:00
Liz Rice
e4e41683c4 Update the config file 2017-08-30 18:36:00 +01:00
Liz Rice
f5cef922cc Functions and tests for finding binaries and config files 2017-08-30 18:01:53 +01:00
Liz Rice
7600dd9dd6 Make the ps / fakeps function global so we don’t have to pass it around so much 2017-08-30 17:51:28 +01:00
Liz Rice
0bc00e0036 Slightly more robust looking for running executables 2017-08-30 17:48:12 +01:00
Liz Rice
9114e139cf Function to find which of a set of executables is running 2017-08-30 12:07:46 +01:00
Liz Rice
89e9d37cde Merge pull request #43 from aquasecurity/issue-42 
Change node check 2.1.6 to use operation `noteq` instead of `gt`.
 2017-08-25 11:13:11 +01:00
Abubakr-Sadik Nii Nai Davis
3e3aa0ed82 Change node check 2.1.6 to use operation noteq instead of gt. 
Kubelet option --streaming-connection-idle-timeout expects a string
value which fails parsing to integer for greater than comparison.

The string "0" indicates no timeout and this is what we are checking
for.
 2017-08-24 18:33:32 +00:00
Liz Rice
8c0761149d Merge pull request #40 from aquasecurity/roadmap 
Roadmap
 2017-08-15 20:21:30 +01:00
Liz Rice
124647a05c Merge branch 'master' into roadmap 2017-08-15 20:14:23 +01:00
Liz Rice
42948d91ba Merge pull request #39 from aquasecurity/config-files 
Better config file locations for hyperkube
 2017-08-15 20:14:08 +01:00
Liz Rice
f48ad5eb54 Merge branch 'master' into roadmap 2017-08-15 20:12:12 +01:00
Liz Rice
cf62def9fd Better config file locations 2017-08-15 20:07:27 +01:00
Liz Rice
a6a1ce945f Merge pull request #37 from aquasecurity/multiple-words 
Support executables with multiple words (e.g. hyperkube apiserver)
 2017-08-15 19:00:31 +01:00
Liz Rice
20e7f0a433 Merge branch 'master' into multiple-words 2017-08-15 18:40:10 +01:00
Liz Rice
af0eadc792 Add a couple more tests for file permission checks 2017-08-15 18:34:07 +01:00
Liz Rice
549adf23bd Merge pull request #36 from ttousai/issue-25 
Issue #25
 2017-08-15 18:32:29 +01:00
Liz Rice
6b9f117f87 Allow for multiple words in executable names 2017-08-15 17:00:35 +01:00
Abubakr-Sadik Nii Nai Davis
086bb629db Add 640 to permission checks. 2017-08-15 15:56:37 +00:00
Abubakr-Sadik Nii Nai Davis
e6f2b4d4fe Add config checks for permissions stricter that 644 to definition files. 2017-08-15 15:47:01 +00:00
Liz Rice
34f8b8e980 Simplify verifying binaries and config files 2017-08-15 16:44:40 +01:00
Liz Rice
86d49b1b1a We don’t care whether the binaries are in our path or not, just whether they are running 2017-08-15 16:01:27 +01:00
Liz Rice
aee2081d73 Merge pull request #35 from aquasecurity/roadmap-1 
Update README.md
 2017-08-14 12:58:51 +01:00
Abubakr-Sadik Nii Nai Davis
7c7d477d78 Import os to fix issue in previous merge commit. 2017-08-12 19:10:31 +00:00
Abubakr-Sadik Nii Nai Davis
dddea28713 Merge branch 'master' into issue-25 2017-08-12 19:05:48 +00:00
Abubakr-Sadik Nii Nai Davis
0933fa420b Add new tests and clean up old tests. 2017-08-12 18:54:33 +00:00
Abubakr-Sadik Nii Nai Davis
d2fa9d35b6 Rewrite audit commands in the check definition that contain shell builtins 
and modify text to command function to support this.

Shell builtins fail the binary command lookup test which result in a
WARN. Audit commands which include shell builtins must use the form:

   "/bin/sh -c 'sh-builtin arg'"

So they are executed properly. Additionally Go will fail to execute
commands involving shell builtins if they are not in the above format.
 2017-08-12 18:41:41 +00:00
Liz Rice
4e17e3b3d5 Update README.md 2017-08-11 18:24:53 +01:00
Liz Rice
45cf25e007 Merge pull request #34 from aquasecurity/kubectl-version 
Use kubectl to check the kubernetes version
 2017-08-11 18:05:31 +01:00
Liz Rice
96c469669c Use kubectl to check the kubernetes version 2017-08-11 17:59:57 +01:00
Liz Rice
50cce99daf Merge pull request #33 from aquasecurity/owners 
Create OWNERS
 2017-08-11 16:09:23 +01:00
Liz Rice
dee64c30ae Create OWNERS 2017-08-11 16:06:44 +01:00
Liz Rice
0bbc867396 Merge pull request #32 from aquasecurity/issue-19-2 
Issue 19, take 2
 2017-08-08 22:26:22 +01:00
Liz Rice
767e8eb835 Sorting out the bad merge 2017-08-08 22:22:47 +01:00
Abubakr-Sadik Nii Nai Davis
9c07527069 Remove misleading comment about manual checks in node check definition. 2017-08-08 22:18:03 +01:00
Abubakr-Sadik Nii Nai Davis
c39516581b Add master node manual check definitions. 2017-08-08 22:17:44 +01:00
Abubakr-Sadik Nii Nai Davis
09ca739dc0 Add check type manual. 
Results of manual checks are forced to WARN to inform users to check manually.
 2017-08-08 22:17:37 +01:00
Liz Rice
16fbf084e9 Merge pull request #31 from aquasecurity/revert-30-issue-19 
Revert "Issue 19"
 2017-08-08 22:00:43 +01:00
Liz Rice
b5f4876138 Revert "Issue 19" 2017-08-08 22:00:06 +01:00
Liz Rice
ffeb33defd Merge pull request #30 from ttousai/issue-19 
Issue 19
 2017-08-07 16:24:08 +01:00
Liz Rice
cf5f025593 Merge branch 'master' into issue-19 2017-08-07 16:23:59 +01:00