Kubernetes Auto Analyzer Report

Master Node Results

' #Charting setup counts for the passes and fails api_server_pass = 0 api_server_fail = 0 @results[@options.target_server]['api_server'].each do |test, result| if result == "Pass" api_server_pass = api_server_pass + 1 elsif result == "Fail" api_server_fail = api_server_fail + 1 end end #Not a lot of point in scheduler when there's only one check... #scheduler_pass = 0 #scheduler_fail = 0 #@results[@options.target_server]['scheduler'].each do |test, result| # if result == "Pass" # scheduler_pass = scheduler_pass + 1 # elsif result == "Fail" # scheduler_fail = scheduler_fail + 1 # end #end controller_manager_pass = 0 controller_manager_fail = 0 @results[@options.target_server]['controller_manager'].each do |test, result| if result == "Pass" controller_manager_pass = controller_manager_pass + 1 elsif result == "Fail" controller_manager_fail = controller_manager_fail + 1 end end etcd_pass = 0 etcd_fail = 0 @results[@options.target_server]['etcd'].each do |test, result| if result == "Pass" etcd_pass = etcd_pass + 1 elsif result == "Fail" etcd_fail = etcd_fail + 1 end end #Start of Chart Divs @html_report_file.puts '

' #API Server Chart @html_report_file.puts '

' @html_report_file.puts '' #Scheduler Chart #@html_report_file.puts '

' #@html_report_file.puts '' #Controller Manager Chart @html_report_file.puts '

' @html_report_file.puts '' #etcd Chart @html_report_file.puts '

' @html_report_file.puts '' #End of Chart Divs @html_report_file.puts '

' @html_report_file.puts "

API Server

" @html_report_file.puts "" @results[@options.target_server]['api_server'].each do |test, result| if result == "Fail" result = 'Fail' elsif result == "Pass" result = 'Pass' end @html_report_file.puts "" end @html_report_file.puts "

Check	result
#{test}	#{result}

" @html_report_file.puts "

" @html_report_file.puts "

Scheduler

" @html_report_file.puts "" @results[@options.target_server]['scheduler'].each do |test, result| if result == "Fail" result = 'Fail' elsif result == "Pass" result = 'Pass' end @html_report_file.puts "" end @html_report_file.puts "

Check	result
#{test}	#{result}

" @html_report_file.puts "

" @html_report_file.puts "

Controller Manager

" @html_report_file.puts "" @results[@options.target_server]['controller_manager'].each do |test, result| if result == "Fail" result = 'Fail' elsif result == "Pass" result = 'Pass' end @html_report_file.puts "" end @html_report_file.puts "

Check	result
#{test}	#{result}

" @html_report_file.puts "

" @html_report_file.puts "

etcd

" @html_report_file.puts "" @results[@options.target_server]['etcd'].each do |test, result| if result == "Fail" result = 'Fail' elsif result == "Pass" result = 'Pass' end @html_report_file.puts "" end @html_report_file.puts "

Check	result
#{test}	#{result}

" #Close the master Node Div @html_report_file.puts "

Worker Node Results

' #Start of Chart Divs @html_report_file.puts '

' @results[@options.target_server]['kubelet_checks'].each do |node, results| node_kubelet_pass = 0 node_kubelet_fail = 0 results.each do |test, result| if result == "Fail" node_kubelet_fail = node_kubelet_fail + 1 elsif result == "Pass" node_kubelet_pass = node_kubelet_pass + 1 end end #Create the Chart @html_report_file.puts '

' @html_report_file.puts '' end #End of Chart Divs @html_report_file.puts '

' @results[@options.target_server]['kubelet_checks'].each do |node, results| @html_report_file.puts "
#{node} Kubelet Checks" @html_report_file.puts "" results.each do |test, result| if result == "Fail" result = 'Fail' elsif result == "Pass" result = 'Pass' end @html_report_file.puts "" end @html_report_file.puts "

Check	result
#{test}	#{result}

" end @html_report_file.puts "

Evidence

" @html_report_file.puts "" @results[@options.target_server]['node_evidence'].each do |node, evidence| evidence.each do |area, data| @html_report_file.puts "" end end @html_report_file.puts "

Host	Area	Output
#{node}	#{area}	#{data}

" end #Close the Worker Node Div @html_report_file.puts '

Container item	Result
Runtime in Use	#{result['runtime']}
Host PID namespace used?	#{result['hostpid']}
AppArmor Profile	#{result['apparmor']}
User Namespaces in use?	#{result['uid_map']}
Inherited Capabilities	#{result['cap_inh']}
Effective Capabilities	#{result['cap_eff']}
Permitted Capabilities	#{result['cap_per']}
Bounded Capabilities	#{result['cap_bnd']}

Authentication Option	Enabled?
Basic Authentication	Enabled
Basic Authentication	Disabled
Token Authentication	Enabled
Token Authentication	Disabled
Client Certificate Authentication	Enabled
Client Certificate Authentication	Disabled
OpenID Connect Authentication	Enabled
OpenID Connect Authentication	Disabled
Webhook Authentication	Enabled
Webhook Authentication	Disabled
Proxy Authentication	Enabled
Proxy Authentication	Disabled

Authorization Option	Enabled?
Role Based Authorization	Enabled
Role Based Authorization	Disabled
Attribute Based Authorization	Enabled
Attribute Based Authorization	Disabled
Webhook Authorization	Enabled
Webhook Authorization	Disabled

Kubernetes Auto Analyzer

Master Node Results

API Server

Scheduler

Controller Manager

etcd

Worker Node Results

Evidence

Node File Permissions

Vulnerability Checks

External Unauthenticated Access to the Kubelet

Internal Unauthenticated Access to the Kubelet

External Insecure API Port Exposed

Internal Insecure API Port Exposed

Default Service Token In Use

Container Configuration checks

Vulnerability Evidence

Kubernetes Cluster Information

Kubernetes Authentication Options

Kubernetes Authorization Options

Evidence

Cluster Config Information

Cluster Role Information

Vulnerability	Host	Output
External Unauthenticated Kubelet Access	#{node}	#{result}
Internal Unauthenticated Kubelet Access	#{node}	#{result}
External Insecure API Server Access	#{node}	#{result}
Internal Insecure API Server Access	#{node}	#{result}
Default Service Token In Use	#{node}	#{result}
Am I Contained Output	#{node}	#{result}