1
0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-12-22 22:58:07 +00:00
kube-bench/cmd/util.go
Abubakr-Sadik Nii Nai Davis f589fd58e1 Add few modifications.
2017-07-13 01:01:18 +00:00

114 lines
2.2 KiB
Go

package cmd
import (
"fmt"
"os"
"os/exec"
"strings"
"github.com/aquasecurity/kube-bench/check"
"github.com/fatih/color"
)
var (
// Print colors
colors = map[check.State]*color.Color{
check.PASS: color.New(color.FgGreen),
check.FAIL: color.New(color.FgRed),
check.WARN: color.New(color.FgYellow),
check.INFO: color.New(color.FgBlue),
}
)
func handleError(err error, context string) (errmsg string) {
if err != nil {
errmsg = fmt.Sprintf("%s, error: %s\n", context, err)
}
return
}
func cleanIDs(list string) []string {
list = strings.Trim(list, ",")
ids := strings.Split(list, ",")
for _, id := range ids {
id = strings.Trim(id, " ")
}
return ids
}
func verifyConf(confPath ...string) []string {
var w []string
for _, c := range confPath {
if _, err := os.Stat(c); err != nil && os.IsNotExist(err) {
w = append(w, fmt.Sprintf("config file %s does not exist\n", c))
}
}
return w
}
func verifyBin(binPath ...string) []string {
var w []string
var binList string
// Construct proc name for ps(1)
for _, b := range binPath {
binList += b + ","
_, err := exec.LookPath(b)
errmsgs += handleError(
err,
fmt.Sprintf("%s: command not found in path", b),
)
}
binList = strings.Trim(binList, ",")
// Run ps command
cmd := exec.Command("ps", "-C", binList, "-o", "cmd", "--no-headers")
out, err := cmd.Output()
errmsgs += handleError(
err,
fmt.Sprintf("failed to run: %s", cmd.Args),
)
// Actual verification
for _, b := range binPath {
matched := strings.Contains(string(out), b)
if !matched {
w = append(w, fmt.Sprintf("%s is not running\n", b))
}
}
return w
}
func verifyKubeVersion(b string) []string {
// These executables might not be on the user's path.
// TODO! Check the version number using kubectl, which is more likely to be on the path.
var w []string
_, err := exec.LookPath(b)
errmsgs += handleError(
err,
fmt.Sprintf("%s: command not found on path - version check skipped", b),
)
// Check version
cmd := exec.Command(b, "--version")
out, err := cmd.Output()
errmsgs += handleError(
err,
fmt.Sprintf("failed to run:%s", cmd.Args),
)
matched := strings.Contains(string(out), kubeVersion)
if !matched {
w = append(w, fmt.Sprintf("%s unsupported version\n", b))
}
return w
}