cloud-bench-checker

module
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 5, 2024 License: MIT

README

Cloud Bench Checker

Connect to multiple clouds such as public cloud or cloud native via public APIs, and perform security baseline checks according to benchmark recommendations.

Go

Feature

  • ✅ Support for multiple clouds with parallel execution
  • ✅ Support for switching from various authorization profiles
  • ✅ Flexible baseline configuration in YAML format
  • ✅ Flexible configuration to extract required data from cloud response with the support of JSONPath
  • ✅ Flexible result validation with the support of JSON Schema

SECURITY DISCLAIMER

ALWAYS use the READONLY cloud authorizations (ak/sk/ClusterRole/etc...) to be configured in the project, and NEVER trust any rule provided by others, even if it is cloned or downloaded from this site.

Quick start

Install
  1. Clone this repo.
  2. Build as following:
go build ./bin/cmd/main.go
Prepare cloud auth config

To conform to file of baseline.tmpl.conf, authorization information should be stored in environment variables. An easy way to do this is by creating a file similar to this:

TENCENTCLOUD_SECRET_ID=xxx
TENCENTCLOUD_SECRET_KEY=xxx
TENCENTCLOUD_REGION=xxx
ALIBABA_CLOUD_ACCESS_KEY_ID=xxx
ALIBABA_CLOUD_ACCESS_KEY_SECRET=xxx
ALIBABA_CLOUD_REGION=xxx
AZURE_CLIENT_ID=xxx
AZURE_TENANT_ID=xxx
AZURE_CLIENT_SECRET=xxx
AZURE_SUBSCRIPTION_ID=xxx

And then export the file as environment variables using one of the following commands:

under linux 
export $(cat ./env.txt)
under Windows with Powershell 
(Get-Content .\env.txt).ForEach({ $name, $value = $_ -Split "="; Set-Item -Path "env:$name" -Value $value })
Run

To perform baseline checks with tag test in the file of baseline.tmpl.conf:

./main -t test -c ./template/baseline.tmpl.conf

Further guide

Please see documentation.

Roadmap

  • Framework
    • listor
    • checker
    • baseline
    • auth controller
  • Connector
    • cloud connector
      • tencent cloud
        • tencent cos
      • aliyun cloud
        • aliyun oss
      • k8s
        • version validator
      • aws
      • azure ( ⚠ beta version)
      • maybe openstack?
      • support of multiple region
    • cross platform connector
      • api connector
  • Versioning and compatibility for config file
  • Interaction
    • command tool
    • api
    • webui
  • Tool
    • baseline config manager: project
    • building support
    • dockerize support
  • Doc

Directories

Path Synopsis
bin
cmd
Package main: Command line tool of cloud-bench-checker
 Package main: Command line tool of cloud-bench-checker
Json util
 Json util
pkg
auth
Package auth: Auth controller
 Package auth: Auth controller
connector
Connector for Aliyun
 Connector for Aliyun
definition
Package definition: Definition of conf file in yaml format
 Package definition: Definition of conf file in yaml format
framework
Baseline of management for process of checking
 Baseline of management for process of checking

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.