kube_auto_analyzer 0.0.7 → 0.0.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/bin/kubeautoanalyzer +6 -1
  3. data/lib/kube_auto_analyzer/agent_checks/process_checks.rb +1 -1
  4. data/lib/kube_auto_analyzer/api_checks/master_node.rb +2 -2
  5. data/lib/kube_auto_analyzer/reporting.rb +1 -1
  6. data/lib/kube_auto_analyzer/version.rb +1 -1
  7. data/lib/kube_auto_analyzer.rb +1 -1
  8. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 8fd1aff1f5704afeae2c8834fc74af48bdec557b
4
- data.tar.gz: f9db491c94623efc96d3250db2023c1da9af59b0
3
+ metadata.gz: 477ad0c2cb8e8a489cc6901f90534ef368b3baa1
4
+ data.tar.gz: ff57249d3d80cf7f62b86aa760eed5386765b4e0
5
5
  SHA512:
6
- metadata.gz: 8b4513de20ce3a52618dec8c5bad3b86d9c9d80b7b3281101655dc2f5bf4a0e577dd1186be9cc0cb2c927515ed9c1b0cc55574b091fb2ee5a9acfcf868d300a4
7
- data.tar.gz: ef690999d310ef569f7bb06b03b486133724393e7e82020ff77e69d374b0ba806d234f539f6b15762b9bb332c7129ecbdc23706c2ab879cb44aad0ec53064acc
6
+ metadata.gz: 1628d35f5c38de533b99979d060f1cb18f70853c36a983c6bc16076f201fe675c3c4460d287bd90ddb0ef9c7c451fcfc694751e4d527190fe1342203fdef7368
7
+ data.tar.gz: 9550f88df01e83f67a24dc4b18b186186a9a7642187d80e67e7aa766fcf5cb3fb489711921d556dca6c86c2fb4705be953d28dabb78e66b4b9d69020dcba836a
data/bin/kubeautoanalyzer CHANGED
@@ -14,6 +14,7 @@
14
14
  options.token_file = ''
15
15
  options.config_file = false
16
16
  options.agent_checks = false
17
+ options.insecure = false
17
18
 
18
19
 
19
20
  opts = OptionParser.new do |opts|
@@ -30,6 +31,10 @@
30
31
  options.target_server = serv
31
32
  end
32
33
 
34
+ opts.on("-i", "--insecure", "Use the Insecure API Server Port") do |insecure|
35
+ options.insecure = true
36
+ end
37
+
33
38
  opts.on("-t", "--token [TOKEN]", "Bearer Token to Use") do |token|
34
39
  options.token = token
35
40
  end
@@ -71,7 +76,7 @@
71
76
 
72
77
  opts.parse!(ARGV)
73
78
 
74
- unless (options.token.length > 1 || options.config_file || options.token_file.length > 1)
79
+ unless (options.token.length > 1 || options.config_file || options.token_file.length > 1 || options.insecure )
75
80
  puts "No valid auth mechanism specified"
76
81
  puts opts
77
82
  exit
data/lib/kube_auto_analyzer/agent_checks/process_checks.rb CHANGED
@@ -120,7 +120,7 @@ module KubeAutoAnalyzer
120
120
  end
121
121
 
122
122
  unless kubelet_proc =~ /--keep-terminated-pod-volumes=false/
123
- @results[target]['kubelet_checks'][node_hostname]['CIS 2.1.9 - that the --keep-terminated-pod-volumes argument is set to false'] = "Fail"
123
+ @results[target]['kubelet_checks'][node_hostname]['CIS 2.1.9 - Ensure that the --keep-terminated-pod-volumes argument is set to false'] = "Fail"
124
124
  else
125
125
  @results[target]['kubelet_checks'][node_hostname]['CIS 2.1.9 - Ensure that the --keep-terminated-pod-volumes argument is set to false'] = "Pass"
126
126
  end
data/lib/kube_auto_analyzer/api_checks/master_node.rb CHANGED
@@ -395,7 +395,7 @@ module KubeAutoAnalyzer
395
395
  end
396
396
 
397
397
  #This isn't quite right as we should really check the dir. but as that's not easily done lets start with an existence check
398
- unless etcd_command_line.index{|line| line =~ /--wall-dir/}
398
+ unless etcd_command_line.index{|line| line =~ /--wal-dir/}
399
399
  @results[target]['etcd']['CIS 1.5.7 - Ensure that the --wal-dir argument is set as appropriate'] = "Fail"
400
400
  else
401
401
  @results[target]['etcd']['CIS 1.5.7 - Ensure that the --wal-dir argument is set as appropriate'] = "Pass"
@@ -411,4 +411,4 @@ module KubeAutoAnalyzer
411
411
 
412
412
  @results[target]['evidence']['etcd'] = etcd_command_line
413
413
  end
414
- end
414
+ end
data/lib/kube_auto_analyzer/reporting.rb CHANGED
@@ -29,7 +29,7 @@ module KubeAutoAnalyzer
29
29
  font-size: 48px;
30
30
  color: #C41230;
31
31
  }
32
- .master-node, .worker-node {
32
+ .master-node, .worker-node, .vuln-node {
33
33
  background: #F5F5F5;
34
34
  border: 1px solid black;
35
35
  padding-left: 6px;
data/lib/kube_auto_analyzer/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module KubeAutoAnalyzer
2
- VERSION = "0.0.7"
2
+ VERSION = "0.0.8"
3
3
  end
data/lib/kube_auto_analyzer.rb CHANGED
@@ -51,7 +51,7 @@ module KubeAutoAnalyzer
51
51
  auth_options = { bearer_token: @options.token}
52
52
  elsif @options.token_file.length > 1
53
53
  auth_options = { bearer_token_file: @options.token_file}
54
- else
54
+ elsif @options.insecure
55
55
  #Not sure this will actually work for no auth. needed, try and ooold cluster to check
56
56
  auth_options = {}
57
57
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: kube_auto_analyzer
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.7
4
+ version: 0.0.8
5
5
  platform: ruby
6
6
  authors:
7
7
  - Rory McCune
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-10-08 00:00:00.000000000 Z
11
+ date: 2017-11-03 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler