1
0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-12-20 21:58:06 +00:00
Commit Graph

20 Commits

Author SHA1 Message Date
Tom Kelley
a7aa21f32c
Improve Proxykubeconfig tests (#708)
* Changes for 1.5

* Update cis-1.3 through 1.6 to also work with configmaps.

* Switch on if proxykubeconfig is set, instead of setting a variable in the script.

* permissons -> proxykubeconfig for 2.2.5/4.1.3 to keep these tests locked with 2.2.6/4.1.4

* Updating test output? Maybe?

* Copy integration test output files into docker image?

* Make entrypoint move integration folder to host, print 1.5 node info.

* Change the order of tests in travis to load files before testing.

* Return tests to place

Those tests comes first since there is more likely to fail with them and then the test will fail "faster" which will save time

* Remove copy integration 

When running in a container we don't need to test, only when build and running in Travis to make sure everything is working fine.

* Add $ mark before proxykubeconfig

If not having $ before the parameter then it won't get substituted

* Add $ mark before proxykubeconfig

If not having $ before the parameter then it won't get substituted

* Remove test relate lines

We don't test while running, only integration testing when building and unit testing

* Add spaces

* Change 4.1.3 4.1.4

Those tests now should pass.

* Change tests 4.1.3 and 4.1.4

Those tests now should PASS

* Update job.data with more accurate counts. Thanks to @yoavrotems for getting the project this far!

* Thanks for linting, yamllint!

Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>
2020-10-07 21:53:34 +03:00
JoostC
f0e30cef62
Add a trailing slash to find directory path (#687) 2020-09-03 18:18:48 +01:00
Huang Huang
2d548597ae
Support CIS v1.5.1 (#673) 2020-08-12 21:57:51 +03:00
Liz Rice
07f3c40dc7
Better handling of parameters and config audits (#674)
* read-only-port defaults are correct

* Tests that should catch good read-only-port

* Rework checks & tests

* Linting on issue template YAML

* More explicit test for 4.2.4
2020-08-12 14:32:42 +01:00
Huang Huang
6684979741
Add tests for 1.1.19、1.1.20 and 1.1.21 of cis-1.5 (#641)
* Add tests for 1.1.19、1.1.20 and 1.1.21 of cis-1.5

* Avoid division by 0

* Use bitmask instead of lte

* Change to use multiple values via `use_multiple_values: true`

* Use find in 1.1.20 and 1.1.21
2020-08-09 23:44:42 +03:00
Huang Huang
5ff32e55eb
Check PodSecurityPolicy when test 1.2.13 of cis-1.5 (#651) 2020-08-03 10:38:22 +03:00
Kevin W Monroe
2a325bd60d
make the kubelet cafile test posix compliant (#643) 2020-07-21 17:43:39 +03:00
Huang Huang
66692951c8
4.1.7 of cis-1.5 should not be marked as manual (#640)
* 4.1.7 of cis-1.5 should not be marked as manual

* Making the test posix compliant like #643
2020-07-21 17:32:13 +03:00
Huang Huang
3e6a41af04
Try to search the right ca file of kubelet (#633) 2020-07-08 10:22:49 +03:00
Andrew Horton
122bc4b351
Fix misspelling - identied / identified (#626) 2020-06-17 15:08:20 +01:00
Huang Huang
35cf28c140
Add integration tests for cis 1.3 and cis 1.5 (#609)
* Remove unnecessary whitespaces

* Fix a typo

* Add integration tests for cis 1.3 and cis 1.5

* Change the timeout of integration tests from 600s to 1200s

* Avoid repeated codes
2020-05-20 18:30:52 +01:00
Huang Huang
4557ca00f1
Fix a typo in 1.1.11 of cis-1.5 (#605)
Co-authored-by: Liz Rice <liz@lizrice.com>
2020-05-14 17:44:43 +01:00
yoavrotems
60f2fb592a
Add option to do bitmask (#565)
* Add option to do bitwise and between two value in order to compare permissions

* Update test.go

Removed self debug note

* Update test_test.go

FIx typo

* Update test.go

* Update test.go

Switched between max and requested value, because accidentally assigned them oppositely  and remove old function relate to octal base

* Update test_test.go

* Update test_test.go
2020-03-16 12:25:46 +00:00
Thorsten Schifferdecker
237f8cf818
fix small typo (#592)
proykubeconfig -> proxykubeconfig
2020-03-02 16:35:01 +00:00
Huang Huang
65fb352e0e
Change to checking --disable-admission-plugins for cis-1.4-1.1.27 and cis-1.5-1.2.14 (#584)
Fixes #582
2020-02-18 09:37:50 -05:00
LukasAuerbeck
037bb14729 added 444, 440, 400 and 000 file permission checks for all benchmarks (#563)
Co-authored-by: Liz Rice <liz@lizrice.com>
2020-01-22 14:40:01 +00:00
mustafa-rean
89f8e454ba Resolved bug in master.yml for cis-1.5 for the apiserverbin variable name (#567)
Co-authored-by: Liz Rice <liz@lizrice.com>
2020-01-22 14:00:23 +00:00
James Ward
5f34058dc7 Support Linting YAML as part of Travis CI build (#554)
* add yamllint command to travis CI

installs and runs a linter across the YAML in the
project to ensure consistency in the written YAML.

this uses yamllint and the default yamllint config with
"truthy" and "line-length" disabled.

* run dos2unix on CRLF files

* YAMLLINT: remove trailing spaces

* YAMLLint: add YAML document start

* YAMLLint: too many spaces around bracket

* YAMLLint: fix indentation

* YAMLLint: remove duplicate key

* YAMLLint: newline at end of file

* YAMLLint: Too few spaces after comma

* YAMLLint: too many spaces after colon
2020-01-06 09:18:25 +00:00
Huang Huang
4a07f87e6f Fix remediations about file permission (#534)
* Fix remediation of 2.2.3 in cis-1.3

* Fix remediation of 4.1.1 in cis-1.5
2019-12-10 13:57:07 -05:00
Roberto Rojas
af976e6f50
Fixes Issue #494 - add tests for CIS 1.5 (#530)
* Initial commit.

* Add master and node config.

* Add section 5 of CIS 1.5.1.

* Split sections into section files

* Fix YAML issues.

* adds target translation

* adds target translation

* adds cis-1.5 mapping

* fixed tests

* fixes are per PR

* fixed intergration test

* integration kind test file to appropriate ks8 version

* fixed etcd text

* fixed README

* fixed text

* etcd: fixed grep path

* etcd: fixes

* fixed error message bug

* Update README.md

Co-Authored-By: Liz Rice <liz@lizrice.com>

* Update README.md

Co-Authored-By: Liz Rice <liz@lizrice.com>

* fixes as per PR review
2019-12-05 15:55:44 -05:00