Documentation ¶
Index ¶
Constants ¶
View Source
const REGION = "AWS_REGION"
REGION ...
Variables ¶
View Source
var KubeBenchVersion string
View Source
var RootCmd = &cobra.Command{ Use: os.Args[0], Short: "Run CIS Benchmarks checks against a Kubernetes deployment", Long: `This tool runs the CIS Kubernetes Benchmark (https://www.cisecurity.org/benchmark/kubernetes/)`, Run: func(cmd *cobra.Command, args []string) { bv, err := getBenchmarkVersion(kubeVersion, benchmarkVersion, getPlatformInfo(), viper.GetViper()) if err != nil { exitWithError(fmt.Errorf("unable to determine benchmark version: %v", err)) } glog.V(1).Infof("Running checks for benchmark %v", bv) if isMaster() { glog.V(1).Info("== Running master checks ==") runChecks(check.MASTER, loadConfig(check.MASTER, bv), detecetedKubeVersion) valid, err := validTargets(bv, []string{string(check.CONTROLPLANE)}, viper.GetViper()) if err != nil { exitWithError(fmt.Errorf("error validating targets: %v", err)) } if valid { glog.V(1).Info("== Running control plane checks ==") runChecks(check.CONTROLPLANE, loadConfig(check.CONTROLPLANE, bv), detecetedKubeVersion) } } else { glog.V(1).Info("== Skipping master checks ==") } valid, err := validTargets(bv, []string{string(check.ETCD)}, viper.GetViper()) if err != nil { exitWithError(fmt.Errorf("error validating targets: %v", err)) } if valid && isEtcd() { glog.V(1).Info("== Running etcd checks ==") runChecks(check.ETCD, loadConfig(check.ETCD, bv), detecetedKubeVersion) } else { glog.V(1).Info("== Skipping etcd checks ==") } glog.V(1).Info("== Running node checks ==") runChecks(check.NODE, loadConfig(check.NODE, bv), detecetedKubeVersion) valid, err = validTargets(bv, []string{string(check.POLICIES)}, viper.GetViper()) if err != nil { exitWithError(fmt.Errorf("error validating targets: %v", err)) } if valid { glog.V(1).Info("== Running policies checks ==") runChecks(check.POLICIES, loadConfig(check.POLICIES, bv), detecetedKubeVersion) } else { glog.V(1).Info("== Skipping policies checks ==") } valid, err = validTargets(bv, []string{string(check.MANAGEDSERVICES)}, viper.GetViper()) if err != nil { exitWithError(fmt.Errorf("error validating targets: %v", err)) } if valid { glog.V(1).Info("== Running managed services checks ==") runChecks(check.MANAGEDSERVICES, loadConfig(check.MANAGEDSERVICES, bv), detecetedKubeVersion) } else { glog.V(1).Info("== Skipping managed services checks ==") } writeOutput(controlsCollection) os.Exit(exitCodeSelection(controlsCollection)) }, }
RootCmd represents the base command when called without any subcommands
View Source
var (
TypeMap = map[string][]string{
"ca": {"cafile", "defaultcafile"},
"kubeconfig": {"kubeconfig", "defaultkubeconfig"},
"service": {"svc", "defaultsvc"},
"config": {"confs", "defaultconf"},
"datadir": {"datadirs", "defaultdatadir"},
}
)
Functions ¶
func Execute ¶
func Execute()
Execute adds all child commands to the root command sets flags appropriately. This is called by main.main(). It only needs to happen once to the rootCmd.
func NewRunFilter ¶
func NewRunFilter(opts FilterOpts) (check.Predicate, error)
NewRunFilter constructs a Predicate based on FilterOpts which determines whether tested Checks should be run or not.
Types ¶
type FilterOpts ¶
type KubeVersion ¶
type KubeVersion struct { Major string Minor string GitVersion string // contains filtered or unexported fields }
func (*KubeVersion) BaseVersion ¶
func (k *KubeVersion) BaseVersion() string
type PsqlConnInfo ¶
Click to show internal directories.
Click to hide internal directories.