search

kubernetes-sigs / wg-policy-prototypes

A place for policy work group related proposals and prototypes.
Apache License 2.0
64 stars 39 forks source link

[FIX]: adds timestamp to kube-bench adapter #103

Closed mritunjaysharma394 closed 2 years ago

mritunjaysharma394 commented 2 years ago

This PR adds timestamp to kube-bench adapter and fixes #100 Since kube-bench itself doesn't have timestamp field, we couldn't earlier map it, that's why for now, we are mapping it with time.Now

The updated clusterpolicyreport somewhat will look like this:

 - category: CIS Benchmarks
    message: Ensure that the admin.conf file permissions are set to 644 or more restrictive
      (Automated)
    policy: Master Node Security Configuration 1.1.13
    properties:
      AuditConfig: ""
      AuditEnv: ""
      IsMultiple: "false"
      actual_value: permissions=600
      audit: /bin/sh -c 'if test -e /etc/kubernetes/admin.conf; then stat -c permissions=%a
        /etc/kubernetes/admin.conf; fi'
      expected_result: permissions has permissions 600, expected 644 or more restrictive
      index: 1.1.13
      reason: ""
      remediation: |
        Run the below command (based on the file location on your system) on the master node.
        For example,
        chmod 644 /etc/kubernetes/admin.conf
      test_info: |
        Run the below command (based on the file location on your system) on the master node.
        For example,
        chmod 644 /etc/kubernetes/admin.conf
      type: ""
    result: pass
    rule: Master Node Configuration Files
    scored: true
    source: Kube Bench
    timestamp:
      nanos: 585075739
      seconds: 36
  - category: CIS Benchmarks
    message: Ensure that the admin.conf file ownership is set to root:root (Automated)
    policy: Master Node Security Configuration 1.1.14
    properties:
      AuditConfig: ""
      AuditEnv: ""
      IsMultiple: "false"
      actual_value: root:root
      audit: /bin/sh -c 'if test -e /etc/kubernetes/admin.conf; then stat -c %U:%G
        /etc/kubernetes/admin.conf; fi'
      expected_result: '''root:root'' is present'
      index: 1.1.14
      reason: ""
      remediation: |
        Run the below command (based on the file location on your system) on the master node.
        For example,
        chown root:root /etc/kubernetes/admin.conf
      test_info: |
        Run the below command (based on the file location on your system) on the master node.
        For example,
        chown root:root /etc/kubernetes/admin.conf
      type: ""
    result: pass
    rule: Master Node Configuration Files
    scored: true
    source: Kube Bench
    timestamp:
      nanos: 585076620
      seconds: 36

Signed-off-by: Mritunjay Sharma mritunjaysharma394@gmail.com

cc @JimBugwadia @realshuting

mritunjaysharma394 commented 2 years ago

/assign @JimBugwadia

JimBugwadia commented 2 years ago

/lgtm /approve

k8s-ci-robot commented 2 years ago

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: JimBugwadia, mritunjaysharma394

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/kubernetes-sigs/wg-policy-prototypes/blob/master/OWNERS)~~ [JimBugwadia] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment