Skip to content
Snippets Groups Projects
Select Git revision
20 results
Search by author
  • Any Author
  • Botaniker (Bot) Botaniker (Bot) botaniker
1 author
  1. Mar 24, 2021
    • Yoav Rotem's avatar
      Update ocp 3.11 (#849) · f2386c03
      Yoav Rotem authored 
      * Add OCP auto-detection

* Add test for openshift

* update and fix bugs

update file to match with new kube-bench features and fix bugs

* Update file and fix bugs

update file to match with new kube-bench features and fix bugs

* Remove specific configs

Those configs could be set in main config.yaml

* Update to include openshift files

* fix typos

* fix typo

* Remove trailing spaces

* Update util.go

* Add tests for getOcpValidVersion
      f2386c03
  3. Mar 02, 2021
    • Yoav Rotem's avatar
      Fix fallback to default version (#834) · 50fce51d
      Yoav Rotem authored 
      * Fix fallback to default version

In some cases kube-bench will crush instead of fallback to default version. 
Fix it to only log that couldn't auto-detect version and used default.

* Fix case with fallback to default version
      50fce51d
  5. Feb 23, 2021
  7. Dec 21, 2020
    • Liz Rice's avatar
      Refactor group skip (#783) · e4d6ed2e
      Liz Rice authored 
      
* Add example IAM policy

* Pass RotateKubeletServerCertificate related checks if it's not found (#767)

* Allow for environment variables to be checked in tests (#755)

* Initial commit for checking environment variables for etcd

* Revert config changes

* Remove redundant struct data

* Fix issues with failing tests

* Initial changes based on code review

* Add option to disable envTesting + Update docs

* Initial tests

* Finished testing

* Fix broken tests

* Add a total summary and always show all tests. (#759)

Whether the total summary is shown can be specified with an option.

Fixes #528

Signed-off-by: default avatarChristian Zunker <christian.zunker@codecentric.cloud>

* Update Readme.md file with link to Contribution guide (#754)

* Update License with the year and the owner name

Please add this to make your license agreement strong

* Updated Readme.md file with license and proper documentation links

I have added a proper license agreement to the documentation. Also shortened the links to the issues so that it does not break in any on the forks.

* Update LICENSE

* Update README.md

* Update README.md

* Remove erroneous license info

Co-authored-by: default avatarLiz Rice <liz@lizrice.com>

* Support auto-detect platform when running on EKS or GKE (#683)

* Support auto-detect platform when running on EKS or GKE

* Change to get platform name from `kubectl version`

* fix regexp and add test

* Update Server Version match for EKS

* try to get version info from api sever at first

* Refactor group skip

changed group 'skip' from being a bool to be 'type' string as done in check

* Change skip: true -> type: skip

Co-authored-by: default avatarHuang Huang <mozillazg101@gmail.com>
Co-authored-by: default avatarWicked <jason_attwood@hotmail.co.uk>
Co-authored-by: default avatarChristian Zunker <827818+czunker@users.noreply.github.com>
Co-authored-by: default avatarKaiwalya Koparkar <kaiwalyakoparkar@gmail.com>
Co-authored-by: default avatarYoav Rotem <yoavrotems97@gmail.com>
      e4d6ed2e
  9. Nov 23, 2020
    • Brian Terry's avatar
      Aws asff (#770) · c3f94dd8
      Brian Terry authored 
      
* add aasf

* add AASF format

* credentials provider

* add finding publisher

* add finding publisher

* add write AASF path

* add testing

* read config from file

* update docker file

* refactor

* remove sample

* add comments

* Add comment in EKS config.yaml

* Fix comment typo

* Fix spelling of ASFF

* Fix typo and other small code review suggestions

* Limit length of Actual result field

Avoids this message seen in testing:
  Message:Finding does not adhere to Amazon Finding Format. data.ProductFields['Actual result'] should NOT be longer than 1024 characters.

* Add comment for ASFF schema

* Add Security Hub documentation

* go mod tidy

* remove dupe lines in docs

* support integration in any region

* fix README link

* fix README links

Co-authored-by: default avatarLiz Rice <liz@lizrice.com>
      c3f94dd8
  11. Nov 16, 2020
    • Borko's avatar
      Created config and test files for Azure Kubernetes Service (AKS). (#733) · ab388142
      Borko authored 
      * First draft of AKS configuration checks.

* Updated Azure Configurations. Added more policy checks.

* Finalized cfg components for AKS.

* Fixed targets for aks-1.0 in common_test.go

* Fixed yaml linting issues.

* Fixed white space yaml linkting issues in policies.yaml

* Fixed white space yaml linting issues in policies.yaml
      ab388142
  13. Oct 29, 2020
  15. Oct 03, 2020
  17. Sep 17, 2020
    • yoavrotems's avatar
      Add cis 1.6 (#678) · 7280438e
      yoavrotems authored 
      * Add new cis version yamls

Add new cis version yamls

* Add new cis version yamls

* Add cis-1.6 to versions table

* support version mapping cis-1.6

* support version mapping cis-1.6

* Update controlplane.yaml

* Update etcd.yaml

* Update node.yaml

* Update policies.yaml

* Create job.data

* Create job-node.data

* Create job-master.data

* Create add-tls-kind.yaml

* Change node version to 1.15.0

* Add tests for cis-1.6

* Delete node_only.yaml

* Change tests 1.1.19-1.1.21

Change 1.1.19-1.1.21 because failing tests

* Update job.data

* Update job-master.data

* Update job-master.data

* Update job.data

* fix 1.2.35 remediation 

tabs instead of spaces

* Update job-master.data

* Remove extra space

* Update job.data

* Create node_only.yaml

* Add tests for cis-1.6

Add tests for cis-1.6 and change some from 1,5 to 1.6

* Fix typo

* Add mapping for cis-1.6

* Remove extra space in 1.2.35 remediation

* Update job.data

* Update job-master.data

* Fix type 1.2.35

* Remove trailing spaces

* Remove trailing spaces

* Remove trailing spaces

* Remove trailing spaces

* Add version 1.19 kubernetes support

* Add version 1.19 kubernetes support

* Add version 1.19 kubernetes support
      7280438e
  19. Sep 09, 2020
  21. Sep 01, 2020
  23. Aug 30, 2020
  25. Aug 10, 2020
  27. Aug 04, 2020
  29. Jul 29, 2020
  31. Jun 24, 2020
  33. Mar 05, 2020
    • Roberto Rojas's avatar
      Get Kubernetes Version: Adds Retry Logic (#593) · b403b364
      Roberto Rojas authored 
      
* Closes #551

* Closes #551

* Update cmd/kubernetes_version.go

Co-Authored-By: default avatarLiz Rice <liz@lizrice.com>

* Closes #551

Co-authored-by: default avatarLiz Rice <liz@lizrice.com>
      b403b364
    • Liz Rice's avatar
      Add warn reason (#547) · 06303f6a
      Liz Rice authored 
      
* Update check.go

Added new warn_reason value which gives a brief explanation about why the not scored tests failed

* Update common.go

Changed when a not scored test fails because it has a wrong syntax audit command or just running something that can't be run the print the failure. but if the test just fails because it doesn't line up with the cis hardening recommendations then print the remediation text.

* Update check/check.go

fix typo

Co-Authored-By: default avatarLiz Rice <liz@lizrice.com>

* Update check.go

* Update common.go

* Update check.go

added back os.Exit(1) to  exitWithError

* Update job-master.data

Change some tests output to fit warn reason. (No change to the summary)

* Update job-node.data

Changed some tests output to fit warn reason. (No change to the summary)

* Update job.data

Change some tests output to fit warn reason. (No change to the summary)

* Update common.go

Keep to old way to print manual test output

Co-authored-by: default avatarLiz Rice <liz@lizrice.com>
Co-authored-by: default avatarRoberto Rojas <robertojrojas@gmail.com>
      06303f6a
  35. Mar 03, 2020
  37. Feb 12, 2020
  39. Jan 07, 2020
  41. Dec 13, 2019
  43. Dec 12, 2019
  45. Dec 05, 2019
    • Roberto Rojas's avatar
      Fixes Issue #494 - add tests for CIS 1.5 (#530) · af976e6f
      Roberto Rojas authored 
      
* Initial commit.

* Add master and node config.

* Add section 5 of CIS 1.5.1.

* Split sections into section files

* Fix YAML issues.

* adds target translation

* adds target translation

* adds cis-1.5 mapping

* fixed tests

* fixes are per PR

* fixed intergration test

* integration kind test file to appropriate ks8 version

* fixed etcd text

* fixed README

* fixed text

* etcd: fixed grep path

* etcd: fixes

* fixed error message bug

* Update README.md

Co-Authored-By: default avatarLiz Rice <liz@lizrice.com>

* Update README.md

Co-Authored-By: default avatarLiz Rice <liz@lizrice.com>

* fixes as per PR review
      View commits for tag v0.2.2 v0.2.2
      af976e6f
  47. Dec 02, 2019
    • Liz Rice's avatar
      Add run subcommand (#529) · f2caa1f0
      Liz Rice authored 
      * test: fix TestGetConfigFilePath

This test wasn't correctly creating the test file due to the wrong directory permissions on the temp file. This wasn't detected due to a lack of error checking.

Also, the code was only checking for file not exist rather than lack of permission to read file (or any other error).

The combination of these two things means the test wasn't checking what it thought it was checking, and passed more by luck than judgment.

* add getYamlFilesFromDir

* add getTestYamlFiles and test

* docs: Update master / node help text

* return path + filename from getYamlFilesFromDir

* subcommand run to run specific section files
      f2caa1f0
  49. Nov 13, 2019
  51. Nov 12, 2019
  53. Nov 06, 2019
  55. Nov 05, 2019
  57. Nov 01, 2019
  59. Oct 24, 2019
  61. Oct 14, 2019