cmd

package
v0.2.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 22, 2020 License: Apache-2.0 Imports: 22 Imported by: 5

Documentation

Index

Constants

This section is empty.

Variables

View Source
var KubeBenchVersion string
View Source
var RootCmd = &cobra.Command{
	Use:   os.Args[0],
	Short: "Run CIS Benchmarks checks against a Kubernetes deployment",
	Long:  `This tool runs the CIS Kubernetes Benchmark (https://www.cisecurity.org/benchmark/kubernetes/)`,
	Run: func(cmd *cobra.Command, args []string) {
		benchmarkVersion, err := getBenchmarkVersion(kubeVersion, benchmarkVersion, viper.GetViper())
		if err != nil {
			exitWithError(fmt.Errorf("unable to determine benchmark version: %v", err))
		}

		if isMaster() {
			glog.V(1).Info("== Running master checks ==\n")
			runChecks(check.MASTER, loadConfig(check.MASTER))

			if validTargets(benchmarkVersion, []string{string(check.CONTROLPLANE)}) {
				glog.V(1).Info("== Running control plane checks ==\n")
				runChecks(check.CONTROLPLANE, loadConfig(check.CONTROLPLANE))
			}
		}

		if validTargets(benchmarkVersion, []string{string(check.ETCD)}) && isEtcd() {
			glog.V(1).Info("== Running etcd checks ==\n")
			runChecks(check.ETCD, loadConfig(check.ETCD))
		}

		glog.V(1).Info("== Running node checks ==\n")
		runChecks(check.NODE, loadConfig(check.NODE))

		if validTargets(benchmarkVersion, []string{string(check.POLICIES)}) {
			glog.V(1).Info("== Running policies checks ==\n")
			runChecks(check.POLICIES, loadConfig(check.POLICIES))
		}

	},
}

RootCmd represents the base command when called without any subcommands

View Source
var TypeMap = map[string][]string{
	"ca":         []string{"cafile", "defaultcafile"},
	"kubeconfig": []string{"kubeconfig", "defaultkubeconfig"},
	"service":    []string{"svc", "defaultsvc"},
	"config":     []string{"confs", "defaultconf"},
}

Functions

func Execute

func Execute()

Execute adds all child commands to the root command sets flags appropriately. This is called by main.main(). It only needs to happen once to the rootCmd.

func NewRunFilter added in v0.0.27

func NewRunFilter(opts FilterOpts) (check.Predicate, error)

NewRunFilter constructs a Predicate based on FilterOpts which determines whether tested Checks should be run or not.

func PrintOutput added in v0.0.29

func PrintOutput(output string, outputFile string)

Types

type FilterOpts added in v0.0.27

type FilterOpts struct {
	CheckList string
	GroupList string
	Scored    bool
	Unscored  bool
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL