kube_auto_analyzer 0.0.8 → 0.0.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/kube_auto_analyzer/reporting.rb +65 -0
- data/lib/kube_auto_analyzer/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 074921cde562a30edcc22e129010ab6823d688ca
|
|
4
|
+
data.tar.gz: 4412d5f1123ce2c48a032a442110415a616cc165
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b5c474423ef3a59932bb5b8743465ef7a7ed2611c926ed322741e868c44491f18403023c96c913b39d269183624b346f4513c26910f488c5bc382ce00fb9a32f
|
|
7
|
+
data.tar.gz: a572a61904ebdd781ddb6bb77fbde2f143533b7d89ec79247c13c70a986a0e918a7470937a18c3885d5b8eb1a6daba0bd545fc3d555c60686b8b988425ada4b4
|
|
@@ -189,6 +189,71 @@ module KubeAutoAnalyzer
|
|
|
189
189
|
end
|
|
190
190
|
@html_report_file.puts "</table>"
|
|
191
191
|
|
|
192
|
+
#Show what cluster authentication modes are supported.
|
|
193
|
+
@html_report_file.puts "<br><br>"
|
|
194
|
+
@html_report_file.puts "<br><br><h2>Kubernetes Authentication Options</h2>"
|
|
195
|
+
@html_report_file.puts "<table><thead><tr><th>Authentication Option</th><th>Enabled?</th></tr></thead>"
|
|
196
|
+
if @results[@options.target_server]['api_server']['CIS 1.1.2 - Ensure that the --basic-auth-file argument is not set'] == "Fail"
|
|
197
|
+
@html_report_file.puts "<tr><td>Basic Authentication</td><td>Enabled</td></tr>"
|
|
198
|
+
else
|
|
199
|
+
@html_report_file.puts "<tr><td>Basic Authentication</td><td>Disabled</td></tr>"
|
|
200
|
+
end
|
|
201
|
+
if @results[@options.target_server]['api_server']['CIS 1.1.20 - Ensure that the --token-auth-file argument is not set'] == "Fail"
|
|
202
|
+
@html_report_file.puts "<tr><td>Token Authentication</td><td>Enabled</td></tr>"
|
|
203
|
+
else
|
|
204
|
+
@html_report_file.puts "<tr><td>Token Authentication</td><td>Disabled</td></tr>"
|
|
205
|
+
end
|
|
206
|
+
if @results[@options.target_server]['api_server']['CIS 1.1.29 - Ensure that the --client-ca-file argument is set as appropriate'] == "Pass"
|
|
207
|
+
@html_report_file.puts "<tr><td>Client Certificate Authentication</td><td>Enabled</td></tr>"
|
|
208
|
+
else
|
|
209
|
+
@html_report_file.puts "<tr><td>Client Certificate Authentication</td><td>Disabled</td></tr>"
|
|
210
|
+
end
|
|
211
|
+
|
|
212
|
+
if @results[@options.target_server]['evidence']['API Server'].index{|line| line =~ /--oidc-issuer-url/}
|
|
213
|
+
@html_report_file.puts "<tr><td>OpenID Connect Authentication</td><td>Enabled</td></tr>"
|
|
214
|
+
else
|
|
215
|
+
@html_report_file.puts "<tr><td>OpenID Connect Authentication</td><td>Disabled</td></tr>"
|
|
216
|
+
end
|
|
217
|
+
|
|
218
|
+
if @results[@options.target_server]['evidence']['API Server'].index{|line| line =~ /--authentication-token-webhook-config-file/}
|
|
219
|
+
@html_report_file.puts "<tr><td>Webhook Authentication</td><td>Enabled</td></tr>"
|
|
220
|
+
else
|
|
221
|
+
@html_report_file.puts "<tr><td>Webhook Authentication</td><td>Disabled</td></tr>"
|
|
222
|
+
end
|
|
223
|
+
|
|
224
|
+
if @results[@options.target_server]['evidence']['API Server'].index{|line| line =~ /--requestheader-username-headers/}
|
|
225
|
+
@html_report_file.puts "<tr><td>Proxy Authentication</td><td>Enabled</td></tr>"
|
|
226
|
+
else
|
|
227
|
+
@html_report_file.puts "<tr><td>Proxy Authentication</td><td>Disabled</td></tr>"
|
|
228
|
+
end
|
|
229
|
+
|
|
230
|
+
@html_report_file.puts "</table>"
|
|
231
|
+
|
|
232
|
+
#Show what cluster authorization modes are supported.
|
|
233
|
+
@html_report_file.puts "<br><br>"
|
|
234
|
+
@html_report_file.puts "<br><br><h2>Kubernetes Authorization Options</h2>"
|
|
235
|
+
@html_report_file.puts "<table><thead><tr><th>Authorization Option</th><th>Enabled?</th></tr></thead>"
|
|
236
|
+
|
|
237
|
+
if @results[@options.target_server]['evidence']['API Server'].index{|line| line =~ /--authorization-mode\S*RBAC/}
|
|
238
|
+
@html_report_file.puts "<tr><td>Role Based Authorization</td><td>Enabled</td></tr>"
|
|
239
|
+
else
|
|
240
|
+
@html_report_file.puts "<tr><td>Role Based Authorization</td><td>Disabled</td></tr>"
|
|
241
|
+
end
|
|
242
|
+
|
|
243
|
+
if @results[@options.target_server]['evidence']['API Server'].index{|line| line =~ /--authorization-mode\S*ABAC/}
|
|
244
|
+
@html_report_file.puts "<tr><td>Attribute Based Authorization</td><td>Enabled</td></tr>"
|
|
245
|
+
else
|
|
246
|
+
@html_report_file.puts "<tr><td>Attribute Based Authorization</td><td>Disabled</td></tr>"
|
|
247
|
+
end
|
|
248
|
+
|
|
249
|
+
if @results[@options.target_server]['evidence']['API Server'].index{|line| line =~ /--authorization-mode\S*Webhook/}
|
|
250
|
+
@html_report_file.puts "<tr><td>Webhook Authorization</td><td>Enabled</td></tr>"
|
|
251
|
+
else
|
|
252
|
+
@html_report_file.puts "<tr><td>Webhook Authorization</td><td>Disabled</td></tr>"
|
|
253
|
+
end
|
|
254
|
+
|
|
255
|
+
@html_report_file.puts "</table>"
|
|
256
|
+
|
|
192
257
|
@html_report_file.puts "<br><br><h2>Evidence</h2><br>"
|
|
193
258
|
@html_report_file.puts "<table><thead><tr><th>Area</th><th>Output</th></tr></thead>"
|
|
194
259
|
@results[@options.target_server]['evidence'].each do |area, output|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: kube_auto_analyzer
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.9
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Rory McCune
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-11-
|
|
11
|
+
date: 2017-11-29 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|