1
0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-11-22 08:08:07 +00:00
kube-bench/cmd
Andy Pitcher 7027b6b2ec
Add CIS kubernetes CIS-1.9 for k8s v1.27 - v1.29 (#1617)
* Create cis-1.9 yamls and Update info
      - policies.yaml
          - 5.1.1 to 5.1.6 were adapted from Manual to Automated
          - 5.1.3 got broken down into 5.1.3.1 and 5.1.3.2
          - 5.1.6 got broken down into 5.1.6.1 and 5.1.6.2
          - version was set to cis-1.9
       - node.yaml master.yaml controlplane.yaml etcd.yaml
          - version was set to cis-1.9

* Adapt master.yaml
    - Expand 1.1.13/1.1.14 checks by adding super-admin.conf to the permission and ownership verification
    - Remove 1.2.12 Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used (Manual)
    - Adjust numbering from 1.2.12 to 1.2.29

* Adjust policies.yaml
   - Check 5.2.3 to 5.2.9 Title Automated to Manual

* Append node.yaml
   - Create 4.3 kube-config group
   - Create 4.3.1 Ensure that the kube-proxy metrics service is bound to localhost (Automated)

* Adjust policies 5.1.3 and 5.1.6

   - Merge 5.1.3.1 and 5.1.3.2 into 5.1.3 (use role_is_compliant and clusterrole_is_compliant)
   - Remove 5.1.6.1 and promote 5.1.6.2 to 5.1.6 since it natively covered 5.1.6.1 artifacts

* Add kubectl dependency and update publish
   - Download kubectl (build stage) based on version and architecture
   - Add binary checksum verification
   - Use go env GOARCH for ARCH
2024-06-26 15:53:57 +03:00
..
testdata Refactor group skip (#783) 2020-12-21 13:18:54 +02:00
common_test.go Add CIS kubernetes CIS-1.9 for k8s v1.27 - v1.29 (#1617) 2024-06-26 15:53:57 +03:00
common.go chore: remove refs to deprecated io/ioutil (#1504) 2023-12-05 10:52:24 +02:00
database.go chore(message): fix wrong PGSQL_DBNAME error message (#1128) 2022-03-28 17:40:04 +03:00
kubernetes_version_test.go chore: remove refs to deprecated io/ioutil (#1504) 2023-12-05 10:52:24 +02:00
kubernetes_version.go chore: remove refs to deprecated io/ioutil (#1504) 2023-12-05 10:52:24 +02:00
root.go chore(lint): setup golangci-lint (#1144) 2022-04-05 16:25:45 +03:00
run_test.go chore: remove refs to deprecated io/ioutil (#1504) 2023-12-05 10:52:24 +02:00
run.go Fix the --exit-code flag doesn't work when run with subcommand (#1084) 2022-01-23 09:40:59 +02:00
securityHub.go Migrate to aws-sdk-go-v2 (#1268) 2022-10-03 08:52:06 +03:00
util_test.go chore: remove refs to deprecated io/ioutil (#1504) 2023-12-05 10:52:24 +02:00
util.go Add CIS Benchmarks support to Rancher Distributions RKE/RKE2/K3s (#1523) 2023-11-26 12:27:38 +02:00
version.go chore(lint): setup golangci-lint (#1144) 2022-04-05 16:25:45 +03:00