diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index bda3fc6..c74da9f 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -33,7 +33,7 @@ repos: exclude: "(oscal|third_party)" stages: [commit] - repo: https://github.com/executablebooks/mdformat - rev: 0.7.14 # Do not change version. 0.6.0 introduces breaking changes. + rev: 0.7.16 hooks: - id: mdformat exclude: "CHANGELOG.md|docs/mkdocs_code_of_conduct.md|docs/api_reference|tests/data/md" diff --git a/Makefile b/Makefile index ae71a97..a4d59c2 100644 --- a/Makefile +++ b/Makefile @@ -22,8 +22,11 @@ install: pre-commit: pre-commit install -code-format: +pre-commit-update: + pre-commit autoupdate + +code-format: pre-commit-update pre-commit run yapf --all-files -code-lint: +code-lint: pre-commit-update pre-commit run flake8 --all-files \ No newline at end of file diff --git a/README.md b/README.md index 58f52f1..1877686 100644 --- a/README.md +++ b/README.md @@ -74,7 +74,7 @@ This [demonstration](./trestle_task_osco_result_to_oscal_ar) shows how to use th *Convert Kubernetes results into partial OSCAL `assessment-results`* -This [demonstration](./trestle_k8s) shows how to use `trestle` functionality to create a Kubernetes results (YAML) to OSCAL (JSON) transformer. +Visit external site [Kubernetes WG Policy: OSCAL transformer](https://github.com/kubernetes-sigs/wg-policy-prototypes/tree/master/policy-report/oscal-transformer) for a demo of using `trestle` functionality to create a Kubernetes results (YAML) to OSCAL (JSON) transformer. ## License & Authors diff --git a/trestle_k8s/Kubernetes-Yaml-to-OSCAL-Mapping.xlsx b/trestle_k8s/Kubernetes-Yaml-to-OSCAL-Mapping.xlsx deleted file mode 100644 index 21810c8..0000000 Binary files a/trestle_k8s/Kubernetes-Yaml-to-OSCAL-Mapping.xlsx and /dev/null differ diff --git a/trestle_k8s/Makefile b/trestle_k8s/Makefile deleted file mode 100644 index b34714f..0000000 --- a/trestle_k8s/Makefile +++ /dev/null @@ -1,32 +0,0 @@ -# -*- mode:makefile; coding:utf-8 -*- - -# Copyright (c) 2022 IBM Corp. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -all: run - -.SILENT: clone -clone: - if [ ! -d ./wg-policy-prototypes ]; then \ - git clone https://github.com/kubernetes-sigs/wg-policy-prototypes.git; \ - fi - -.SILENT: clean -clean: - rm -fr ./wg-policy-prototypes - rm -fr ./oscal - -.SILENT: run -run: clone - python k8s-to-oscal.py diff --git a/trestle_k8s/README.md b/trestle_k8s/README.md deleted file mode 100644 index e1763ab..0000000 --- a/trestle_k8s/README.md +++ /dev/null @@ -1,65 +0,0 @@ -# k8s-to-oscal - -*k8s-to-oscal.py* is a [trestle](https://github.com/IBM/compliance-trestle) based transformer from [Kubernetes YAML](https://github.com/kubernetes-sigs/wg-policy-prototypes) to [OSCAL JSON](https://pages.nist.gov/OSCAL/reference/latest/assessment-results/json-outline/). - -This demo showcases using *k8s-to-oscal.py* (built utilizing trestle functionality) to consume YAML results files and produce (partial) OSCAL assessment results. - -This demo is based on OSCAL 1.0.2 and requires trestle 1.0.x for support of AssessmentResults. - -A [spreadsheet](https://github.com/IBM/compliance-trestle-demos/blob/fixk8s-to-oscal-links/trestle_k8s/Kubernetes-Yaml-to-OSCAL-Mapping.xlsx) shows the mapping from YAML to OSCAL. - -Sample inputs can be found [here](https://github.com/kubernetes-sigs/wg-policy-prototypes/tree/master/policy-report/samples). Sample outputs can be found [here](https://github.com/IBM/compliance-trestle-demos/tree/fixk8s-to-oscal-links/trestle_k8s/oscal-samples). - -Policy Report CRD - OSCAL by the Kubernetes Policy Working Group is [here](https://docs.google.com/document/d/1RdxSz5kEdOPWPVCRNXWBM3AmeU2iBxRAKe89hN3JrtE/edit#). - -#### Prerequisites - -Python 3.7, 3.8, or 3.9. - -``` -> python -V -Python 3.9.9 -``` - -#### Demo - -![image](images/k8s-to-oscal.drawio.png) - -Download this repo. - -``` -> cd -> mkdir git -> cd git -> git clone https://github.com/IBM/compliance-trestle-demos -``` - -Install the demo dependencies, ideally in a python virtual environment. - -``` -> cd -> python -m venv venv.compliance-trestle-demos -> source venv.compliance-trestle-demos/bin/activate -> cd git/compliance-trestle-demos -> make install -``` - -Run the k8s-to-oscal demo, including fetching the sample YAMLs and invoking the trestle-based transformer to create the corresponding JSONs in OSCAL format. - -``` -> cd -> cd git/compliance-trestle-demos/trestle_k8s -> make - -2022/02/19 08:19:28 I created: sample-cis-k8s.json -2022/02/19 08:19:28 I created: sample-co.json -2022/02/19 08:19:28 I created: sample-falco-policy.json -2022/02/19 08:19:28 I created: sample-rhacm-policy.json -``` - -List the output files. - -``` -> ls oscal -sample-cis-k8s.json sample-co.json sample-falco-policy.json sample-rhacm-policy.json -``` diff --git a/trestle_k8s/images/k8s-to-oscal.drawio b/trestle_k8s/images/k8s-to-oscal.drawio deleted file mode 100644 index 9c8c4a0..0000000 --- a/trestle_k8s/images/k8s-to-oscal.drawio +++ /dev/null @@ -1 +0,0 @@ -3VrbbqMwEP2aPDYKNhB43NKkK+2utlKlbvsUucEFWgcj4zShX78m2CGQ4PSSC1RKVTyeMc6ZcwbbpAe92fKaoST8Q31MemDgL3vwqgeAAU0g/uWWTFoGwCosAYt8aSsNt9EbVo7SOo98nFYcOaWER0nVOKVxjKe8YkOM0UXV7YmS6l0TFOAtw+0UkW3rv8jnYWF1rEFp/4mjIFR3NgayZ4aUszSkIfLpYsMERz3oMUp5cTVbepjk6ClcirhxQ+96YgzH/D0BdwQm/K/twGA+D+4e7V/B28PFenI8U98Y+wIA2aSMhzSgMSKj0nrJ6Dz2cT7sQLRKn9+UJsJoCOMz5jyT2URzToUp5DMie/Ey4vcb1w/5UH1Ltq6WcuRVI1ONmLPsfrNRRAHVLMNWrUrcDWbRDHPMpHEbOwlnSudsijWAKQ4iFmCu8ZMsz8HcuIHMzDWmYjYsEw4ME8Sj1yrbkCRtsPYr8youZGo/kGY57isic3mnFye9SNEsIdjoZ0hkpk6DapIXYcTxbYJW2CyE1qsJfYoI8SihbBULx2PPG491OL9ixvFSi4zqVRSVFQQogS1KOa59wg0p2oMjgbnmSmc1Y55WM+BcmlmF/mAMZRsOCY1inm6MfJMbSsKBYZVw0KjV1X3+wKxRrJhBSbj1V/kCBzWCBh0TtHN2QYOuC9o+raBhtwXtflDQpn18QUONoKEUtE0E2JePTFwFfJ3ADkgc2meXuNkeiQO9xEWjrtQm2Vt7ZP95hVvvVLjTCoVbRo1vA6BVeN1fBJzgkW21h4LmN6Kge2gKfq3Q2O3Jsv2NsqwUe+5KU3+yVdcG+/3dU1SaYXs46HwnDoJ2cLD+tLOdDz3tzOEJOGjtWs9O8nXshNMJTaeITJ5TGm+vajlDcfpE2Uww4ksLXImjCLQuxUd8aa/6Z4khPdUjlmXNfaamz9b0OY19xu6efr5KaJpm0dkUqQvUxQ11gcPmSKMxzNDgaWjwNDR4Gho8jV1zFJ+tPU6+w/G8w+xx4HuOMdR+Jqy+IjjS2mO4pTnOcMqFeA65UXTd8dh1jwOiejzuBREcC0NnV926WNUro18UrANi6Xkj61CbbsuuEfLsB+VuM5agY1ie/YxSFY1dYMJugdmC0yDYngXy5w58ndMe+Bodfe2pe+9pdus1iWmeWzVq+7OrBJndKkHHBFM0yx91FNup8rcxcPQf \ No newline at end of file diff --git a/trestle_k8s/images/k8s-to-oscal.drawio.png b/trestle_k8s/images/k8s-to-oscal.drawio.png deleted file mode 100644 index e33b0aa..0000000 Binary files a/trestle_k8s/images/k8s-to-oscal.drawio.png and /dev/null differ diff --git a/trestle_k8s/k8s-to-oscal.py b/trestle_k8s/k8s-to-oscal.py deleted file mode 100644 index c283810..0000000 --- a/trestle_k8s/k8s-to-oscal.py +++ /dev/null @@ -1,274 +0,0 @@ -# -*- mode:python; coding:utf-8 -*- -# Copyright (c) 2022 IBM Corp. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -"""kubernetes-results-to-OSCAL.""" -import datetime -import glob -import logging -import pathlib -import uuid -from typing import Any, Dict, List - -from trestle.oscal.assessment_results import ControlSelection -from trestle.oscal.assessment_results import LocalDefinitions1 -from trestle.oscal.assessment_results import Observation -from trestle.oscal.assessment_results import Result -from trestle.oscal.assessment_results import ReviewedControls -from trestle.oscal.common import InventoryItem -from trestle.oscal.common import Property -from trestle.oscal.common import SubjectReference -from trestle.transforms.results import Results - -import yaml - -logging.basicConfig(level=logging.DEBUG, format='%(asctime)s %(levelname).1s %(message)s', datefmt='%Y/%m/%d %H:%M:%S') -logger = logging.getLogger(__name__) - -_timestamp = datetime.datetime.utcnow().replace(microsecond=0).replace(tzinfo=datetime.timezone.utc).isoformat() - - -class SourceFolder: - """Manage source folder.""" - - def __init__(self, ifolder: str) -> None: - """Initialize instance.""" - self.list = glob.glob(ifolder + '*.yaml') - self.list.sort() - - def __iter__(self): - """Initialize iterator.""" - self.n = 0 - return self - - def __next__(self): - """Next.""" - if self.n < len(self.list): - self.n += 1 - return self.list[self.n - 1] - else: - raise StopIteration - - -class YamlToOscal: - """Manage YAML to OSCAL transformations.""" - - def _ns(self) -> str: - """Return namespace.""" - return 'https://kubernetes.github.io/compliance-trestle/schemas/oscal/ar/scc' - - def _uuid(self) -> str: - """Return uuid.""" - return str(uuid.uuid4()) - - def _title(self, yaml_data: Dict) -> str: - """Return title.""" - return self._get_value(yaml_data, ['metadata', 'name']) - - def _description(self, yaml_data: Dict) -> str: - """Return description.""" - for label in ['wgpolicyk8s.io/engine', 'policy.kubernetes.io/engine']: - try: - return self._get_value(yaml_data, ['metadata', 'labels', label]) - except KeyError: - continue - return None - - def _control_selections(self) -> List[ControlSelection]: - """Return control-selection list.""" - rval = [] - rval.append(ControlSelection()) - return rval - - def _reviewed_controls(self) -> ReviewedControls: - """Return reviewed controls.""" - rval = ReviewedControls(control_selections=self._control_selections()) - return rval - - def _whitespace(self, text: str) -> str: - """Replace line ends with blanks.""" - return str(text).replace('\n', ' ') - - def _normalize(self, text: str) -> str: - """Replace slashes with underscores.""" - return text.replace('/', '_') - - def _get_value(self, yaml_data: Dict, keys: List[str]) -> Any: - """Descend yaml layers to get value for order list of keys.""" - try: - value = yaml_data - for key in keys: - value = value[key] - except KeyError: - raise KeyError - return value - - def _add_prop(self, props: List[Property], name: str, yaml_data: Dict, keys: List[str]) -> Property: - """Add property to list.""" - try: - value = self._get_value(yaml_data, keys) - prop = Property(name=self._normalize(name), value=self._whitespace(value)) - props.append(prop) - return prop - except KeyError: - return None - - def _add_prop_with_ns(self, props: List[Property], name: str, yaml_data: Dict, keys: List[str], ns, class_) -> None: - """Add property with ns and class to list.""" - try: - value = self._get_value(yaml_data, keys) - prop = Property(name=self._normalize(name), value=self._whitespace(value), ns=ns, class_=class_) - props.append(prop) - return prop - except KeyError: - return None - - def _get_result_observations(self, yaml_data: Dict, subjects: List[SubjectReference]) -> List[Observation]: - """Return result observations list.""" - observations = [] - results = yaml_data['results'] - for result in results: - observation = Observation( - uuid=self._uuid(), - description=self._description(yaml_data), - methods=['TEST-AUTOMATED'], - props=[], - subjects=subjects, - collected=_timestamp - ) - for key in result.keys(): - if key in ['properties']: - props = result[key] - for prop in props: - self._add_prop(observation.props, 'results.' + key + '.' + prop, props, [prop]) - elif key in ['resources']: - resources = result[key][0] - for resource in resources: - self._add_prop(observation.props, 'results.' + key + '.' + resource, resources, [resource]) - else: - class_map = {'policy': 'scc_rule', 'result': 'scc_result', 'message': 'scc_description'} - if key in class_map.keys(): - self._add_prop_with_ns( - observation.props, 'results.' + key, result, [key], self._ns(), class_map[key] - ) - else: - self._add_prop(observation.props, 'results.' + key, result, [key]) - observations.append(observation) - return observations - - def _get_result_properties(self, yaml_data: Dict) -> List[Property]: - """Return result property list.""" - props = [] - for key in [ - 'apiVersion', - 'kind', - 'metadata.namespace', - 'metadata.annotations.name', - 'metadata.annotations.category', - 'metadata.annotations.file', - 'metadata.annotations.version', - 'summary.pass', - 'summary.fail', - 'summary.warn', - 'summary.error', - 'summary.skip', - ]: - self._add_prop(props, key, yaml_data, key.split('.')) - return props - - def _get_local_definitions(self, yaml_data: Dict) -> LocalDefinitions1: - """Return local definitions.""" - try: - props = [] - for key in yaml_data['scope']: - compound_key = 'scope.' + key - class_map = {'namespace': 'scc_scope'} - if key in class_map.keys(): - self._add_prop_with_ns( - props, compound_key, yaml_data, compound_key.split('.'), self._ns(), class_map[key] - ) - else: - self._add_prop(props, compound_key, yaml_data, compound_key.split('.')) - inventory_item = InventoryItem(uuid=self._uuid(), description='inventory', props=props) - rval = LocalDefinitions1() - rval.inventory_items = [inventory_item] - except KeyError: - rval = None - return rval - - def _get_subjects(self, local_definitions: List[LocalDefinitions1]) -> List[SubjectReference]: - """Return subject list.""" - try: - subjects = [] - for item in local_definitions.inventory_items: - subject_reference = SubjectReference(subject_uuid=item.uuid, type='inventory-item') - subjects.append(subject_reference) - except AttributeError: - subjects = None - except TypeError: - subjects = None - return subjects - - def _get_result(self, yaml_data: Dict) -> Result: - """Return result.""" - result = Result( - uuid=self._uuid(), - title=self._title(yaml_data), - description=self._description(yaml_data), - start=_timestamp, - reviewed_controls=self._reviewed_controls(), - ) - result.props = self._get_result_properties(yaml_data) - result.local_definitions = self._get_local_definitions(yaml_data) - subjects = self._get_subjects(result.local_definitions) - result.observations = self._get_result_observations(yaml_data, subjects) - return result - - def transform(self, yaml_data_list: List[Dict]) -> Results: - """Transform yaml to OSCAL json.""" - results = Results() - for yaml_data in yaml_data_list: - result = self._get_result(yaml_data) - results.__root__.append(result) - return results - - -def main(): - """Transform k8s results to OSCAL.""" - ytoo = YamlToOscal() - # output - ofolder = 'oscal' - opath = pathlib.Path(ofolder) - opath.mkdir(parents=True, exist_ok=True) - # input - ifolder = 'wg-policy-prototypes/policy-report/samples/' - source_folder = SourceFolder(ifolder) - # create output OSCAL json file for each input k8s yaml file - try: - for ifile in source_folder: - ipath = pathlib.Path(ifile) - ofile = opath / (ipath.stem + '.json') - yaml_data = [] - with open(ipath, 'r', encoding='utf-8') as yaml_file: - for yaml_section in yaml.safe_load_all(yaml_file): - yaml_data.append(yaml_section) - results = ytoo.transform(yaml_data) - results.oscal_write(pathlib.Path(ofile)) - logger.info(f'created: {ofile.name}') - except yaml.YAMLError as e: - logger.error(e) - raise Exception(f'Exception processing {ipath.name}') - - -if __name__ == '__main__': - main() diff --git a/trestle_k8s/oscal-samples/sample-cis-k8s.json b/trestle_k8s/oscal-samples/sample-cis-k8s.json deleted file mode 100644 index 1c8f179..0000000 --- a/trestle_k8s/oscal-samples/sample-cis-k8s.json +++ /dev/null @@ -1,179 +0,0 @@ -{ - "results": [ - { - "uuid": "92a3672f-7d10-4738-8cd1-5a080468c0f1", - "title": "sample-cis-bench-api-server", - "description": "kube-cis", - "start": "2022-02-23T12:32:46+00:00", - "prop": [ - { - "name": "apiVersion", - "value": "wgpolicyk8s.io/v1alpha2" - }, - { - "name": "kind", - "value": "PolicyReport" - }, - { - "name": "metadata.annotations.name", - "value": "CIS Kubernetes Benchmarks" - }, - { - "name": "metadata.annotations.category", - "value": "API Server" - }, - { - "name": "metadata.annotations.version", - "value": "v1.5.1 - 02-14-2020" - }, - { - "name": "summary.pass", - "value": "8" - }, - { - "name": "summary.fail", - "value": "2" - }, - { - "name": "summary.warn", - "value": "0" - }, - { - "name": "summary.error", - "value": "0" - }, - { - "name": "summary.skip", - "value": "0" - } - ], - "reviewed-controls": { - "control-selections": [ - {} - ] - }, - "observations": [ - { - "uuid": "a6412809-b357-4bd6-a260-354605f66b5e", - "description": "kube-cis", - "props": [ - { - "name": "results.policy", - "ns": "https://kubernetes.github.io/compliance-trestle/schemas/oscal/ar/scc", - "value": "api-server:anonymous-auth", - "class": "scc_rule" - }, - { - "name": "results.message", - "ns": "https://kubernetes.github.io/compliance-trestle/schemas/oscal/ar/scc", - "value": "ensure that --anonymous-auth argument is set to false", - "class": "scc_description" - }, - { - "name": "results.result", - "ns": "https://kubernetes.github.io/compliance-trestle/schemas/oscal/ar/scc", - "value": "warn", - "class": "scc_result" - }, - { - "name": "results.scored", - "value": "True" - }, - { - "name": "results.properties.category", - "value": "API Server" - }, - { - "name": "results.properties.index", - "value": "1.2.2" - } - ], - "methods": [ - "TEST-AUTOMATED" - ], - "collected": "2022-02-23T12:32:46+00:00" - }, - { - "uuid": "cfbf4e94-3d89-4420-87cb-73cfd1f1c2d3", - "description": "kube-cis", - "props": [ - { - "name": "results.policy", - "ns": "https://kubernetes.github.io/compliance-trestle/schemas/oscal/ar/scc", - "value": "api-server:basic-auth-file", - "class": "scc_rule" - }, - { - "name": "results.message", - "ns": "https://kubernetes.github.io/compliance-trestle/schemas/oscal/ar/scc", - "value": "ensure that --basic-auth-file argument is not set", - "class": "scc_description" - }, - { - "name": "results.result", - "ns": "https://kubernetes.github.io/compliance-trestle/schemas/oscal/ar/scc", - "value": "fail", - "class": "scc_result" - }, - { - "name": "results.scored", - "value": "True" - }, - { - "name": "results.properties.category", - "value": "API Server" - }, - { - "name": "results.properties.index", - "value": "1.2.2" - } - ], - "methods": [ - "TEST-AUTOMATED" - ], - "collected": "2022-02-23T12:32:46+00:00" - }, - { - "uuid": "72bac34a-665d-42d5-845c-cfc59a2c25f3", - "description": "kube-cis", - "props": [ - { - "name": "results.policy", - "ns": "https://kubernetes.github.io/compliance-trestle/schemas/oscal/ar/scc", - "value": "api-server:token-auth-file", - "class": "scc_rule" - }, - { - "name": "results.message", - "ns": "https://kubernetes.github.io/compliance-trestle/schemas/oscal/ar/scc", - "value": "ensure that --token-auth-file argument is not set", - "class": "scc_description" - }, - { - "name": "results.result", - "ns": "https://kubernetes.github.io/compliance-trestle/schemas/oscal/ar/scc", - "value": "warn", - "class": "scc_result" - }, - { - "name": "results.scored", - "value": "False" - }, - { - "name": "results.properties.category", - "value": "API Server" - }, - { - "name": "results.properties.index", - "value": "1.2.2" - } - ], - "methods": [ - "TEST-AUTOMATED" - ], - "collected": "2022-02-23T12:32:46+00:00" - } - ] - } - ] -} \ No newline at end of file diff --git a/trestle_k8s/oscal-samples/sample-co.json b/trestle_k8s/oscal-samples/sample-co.json deleted file mode 100644 index cceb16a..0000000 --- a/trestle_k8s/oscal-samples/sample-co.json +++ /dev/null @@ -1,147 +0,0 @@ -{ - "results": [ - { - "uuid": "bd7299a4-bcfa-4b8a-aaa7-154a9aee973a", - "title": "sample-fedramp-compliance-operator", - "description": "openshift-compliance-operator", - "start": "2022-02-23T12:32:46+00:00", - "prop": [ - { - "name": "apiVersion", - "value": "wgpolicyk8s.io/v1alpha2" - }, - { - "name": "kind", - "value": "PolicyReport" - }, - { - "name": "metadata.annotations.name", - "value": "FedRAMP Moderate Benchmarks" - }, - { - "name": "metadata.annotations.category", - "value": "OCP4 CoreOS" - }, - { - "name": "metadata.annotations.file", - "value": "ssg-ocp4-ds.xml" - }, - { - "name": "metadata.annotations.version", - "value": "v1.5.1 - 02-14-2020" - }, - { - "name": "summary.pass", - "value": "8" - }, - { - "name": "summary.fail", - "value": "1" - }, - { - "name": "summary.warn", - "value": "1" - }, - { - "name": "summary.error", - "value": "0" - }, - { - "name": "summary.skip", - "value": "0" - } - ], - "reviewed-controls": { - "control-selections": [ - {} - ] - }, - "observations": [ - { - "uuid": "c3ceb451-d0b9-4cf0-ae48-5537aa26e2f6", - "description": "openshift-compliance-operator", - "props": [ - { - "name": "results.policy", - "ns": "https://kubernetes.github.io/compliance-trestle/schemas/oscal/ar/scc", - "value": "xccdf_org.ssgproject.content_rule_audit_rules_etc_group_open", - "class": "scc_rule" - }, - { - "name": "results.message", - "ns": "https://kubernetes.github.io/compliance-trestle/schemas/oscal/ar/scc", - "value": "Record Events that Modify User/Group Information via open syscall - /etc/group Creation of groups through direct edition of /etc/group could be an indicator of malicious activity on a system. Auditing these events could serve as evidence of potential system compromise.", - "class": "scc_description" - }, - { - "name": "results.result", - "ns": "https://kubernetes.github.io/compliance-trestle/schemas/oscal/ar/scc", - "value": "fail", - "class": "scc_result" - }, - { - "name": "results.scored", - "value": "True" - }, - { - "name": "results.severity", - "value": "medium" - }, - { - "name": "results.properties.suite", - "value": "fedramp-moderate" - }, - { - "name": "results.properties.scan", - "value": "workers-scan" - } - ], - "methods": [ - "TEST-AUTOMATED" - ], - "collected": "2022-02-23T12:32:46+00:00" - }, - { - "uuid": "8bf607b3-3323-4e60-8ac4-d0a8fadf6ea3", - "description": "openshift-compliance-operator", - "props": [ - { - "name": "results.policy", - "ns": "https://kubernetes.github.io/compliance-trestle/schemas/oscal/ar/scc", - "value": "xccdf_org.ssgproject.content_rule_sshd_limit_user_access", - "class": "scc_rule" - }, - { - "name": "results.message", - "ns": "https://kubernetes.github.io/compliance-trestle/schemas/oscal/ar/scc", - "value": "Limit Users' SSH Access Specifying which accounts are allowed SSH access into the system reduces the possibility of unauthorized access to the system.", - "class": "scc_description" - }, - { - "name": "results.result", - "ns": "https://kubernetes.github.io/compliance-trestle/schemas/oscal/ar/scc", - "value": "warn", - "class": "scc_result" - }, - { - "name": "results.scored", - "value": "False" - }, - { - "name": "results.properties.suite", - "value": "fedramp-moderate" - }, - { - "name": "results.properties.scan", - "value": "workers-scan" - } - ], - "methods": [ - "TEST-AUTOMATED" - ], - "collected": "2022-02-23T12:32:46+00:00" - } - ] - } - ] -} \ No newline at end of file diff --git a/trestle_k8s/oscal-samples/sample-falco-policy.json b/trestle_k8s/oscal-samples/sample-falco-policy.json deleted file mode 100644 index 9bbc344..0000000 --- a/trestle_k8s/oscal-samples/sample-falco-policy.json +++ /dev/null @@ -1,190 +0,0 @@ -{ - "results": [ - { - "uuid": "6bd25f89-4a80-45c9-b0c5-138304e98c6e", - "title": "falco-alerts-policy", - "description": "falco-agent", - "start": "2022-02-23T12:32:46+00:00", - "prop": [ - { - "name": "apiVersion", - "value": "wgpolicyk8s.io/v1alpha2" - }, - { - "name": "kind", - "value": "PolicyReport" - }, - { - "name": "metadata.namespace", - "value": "my-namespace" - }, - { - "name": "summary.fail", - "value": "1" - } - ], - "reviewed-controls": { - "control-selections": [ - {} - ] - }, - "observations": [ - { - "uuid": "fe919a82-879e-4b0f-9851-b02ae369696f", - "description": "falco-agent", - "props": [ - { - "name": "results.policy", - "ns": "https://kubernetes.github.io/compliance-trestle/schemas/oscal/ar/scc", - "value": "Change thread namespace", - "class": "scc_rule" - }, - { - "name": "results.message", - "ns": "https://kubernetes.github.io/compliance-trestle/schemas/oscal/ar/scc", - "value": "Falco alert created due to the Change thread namespace rule", - "class": "scc_description" - }, - { - "name": "results.result", - "ns": "https://kubernetes.github.io/compliance-trestle/schemas/oscal/ar/scc", - "value": "fail", - "class": "scc_result" - }, - { - "name": "results.scored", - "value": "False" - }, - { - "name": "results.resources.apiVersion", - "value": "v1" - }, - { - "name": "results.resources.kind", - "value": "Pod" - }, - { - "name": "results.resources.name", - "value": "a-pod" - }, - { - "name": "results.resources.namespace", - "value": "my-namespace" - }, - { - "name": "results.properties.details", - "value": "12:57:37.086240437: Notice Namespace change (setns) by unexpected program (user=root user_loginuid=-1 command=ovnkube --init-node ..." - }, - { - "name": "results.properties.container.id", - "value": "0f8d7e2a3296" - }, - { - "name": "results.properties.evt.arg.path", - "value": "/bin/directory-created-by-event-generator" - }, - { - "name": "results.properties.proc.cmdline", - "value": "event-generator run --loop ^syscall" - }, - { - "name": "results.properties.severity", - "value": "low" - } - ], - "methods": [ - "TEST-AUTOMATED" - ], - "collected": "2022-02-23T12:32:46+00:00" - } - ] - }, - { - "uuid": "75462c11-d166-4ce6-9a45-c3c677bc4c37", - "title": "falco-alerts-policy", - "description": "falco-agent", - "start": "2022-02-23T12:32:46+00:00", - "prop": [ - { - "name": "apiVersion", - "value": "wgpolicyk8s.io/v1alpha2" - }, - { - "name": "kind", - "value": "ClusterPolicyReport" - }, - { - "name": "summary.fail", - "value": "1" - } - ], - "reviewed-controls": { - "control-selections": [ - {} - ] - }, - "observations": [ - { - "uuid": "44d0d935-51e1-4343-8eb7-4460286bfade", - "description": "falco-agent", - "props": [ - { - "name": "results.policy", - "ns": "https://kubernetes.github.io/compliance-trestle/schemas/oscal/ar/scc", - "value": "audit", - "class": "scc_rule" - }, - { - "name": "results.message", - "ns": "https://kubernetes.github.io/compliance-trestle/schemas/oscal/ar/scc", - "value": "audit rule violation from the kubernetes api server", - "class": "scc_description" - }, - { - "name": "results.result", - "ns": "https://kubernetes.github.io/compliance-trestle/schemas/oscal/ar/scc", - "value": "fail", - "class": "scc_result" - }, - { - "name": "results.scored", - "value": "False" - }, - { - "name": "results.properties.details", - "value": "Warning K8s Operation performed by user not in allowed list of users" - }, - { - "name": "results.properties.severity", - "value": "medium" - }, - { - "name": "results.properties.user", - "value": "username" - }, - { - "name": "results.properties.target", - "value": "kubernetes/endpoints" - }, - { - "name": "results.properties.verb", - "value": "create" - }, - { - "name": "results.properties.uri", - "value": "/api/v1/namespaces/default/endpoints/kubernetes" - }, - { - "name": "results.properties.resp", - "value": "200" - } - ], - "methods": [ - "TEST-AUTOMATED" - ], - "collected": "2022-02-23T12:32:46+00:00" - } - ] - } - ] -} \ No newline at end of file diff --git a/trestle_k8s/oscal-samples/sample-rhacm-policy.json b/trestle_k8s/oscal-samples/sample-rhacm-policy.json deleted file mode 100644 index 9cff8a5..0000000 --- a/trestle_k8s/oscal-samples/sample-rhacm-policy.json +++ /dev/null @@ -1,137 +0,0 @@ -{ - "results": [ - { - "uuid": "ff4b5418-d429-4254-8121-d8b4bba3232f", - "title": "sample-rhacm-policy", - "description": "rhacm-configuration-policy", - "start": "2022-02-23T12:32:46+00:00", - "prop": [ - { - "name": "apiVersion", - "value": "wgpolicyk8s.io/v1alpha2" - }, - { - "name": "kind", - "value": "PolicyReport" - }, - { - "name": "summary.pass", - "value": "1" - }, - { - "name": "summary.fail", - "value": "11" - } - ], - "local-definitions": { - "inventory-items": [ - { - "uuid": "62460372-5f80-4e69-91fe-c403db0f3b8b", - "description": "inventory", - "props": [ - { - "name": "scope.apiVersion", - "value": "policy.open-cluster-management.io/v1" - }, - { - "name": "scope.kind", - "value": "Policy" - }, - { - "name": "scope.name", - "value": "policy-imagemanifestvuln" - }, - { - "name": "scope.namespace", - "ns": "https://kubernetes.github.io/compliance-trestle/schemas/oscal/ar/scc", - "value": "cluster1", - "class": "scc_scope" - } - ] - } - ] - }, - "reviewed-controls": { - "control-selections": [ - {} - ] - }, - "observations": [ - { - "uuid": "f6e2163e-903c-4413-b4e1-c30b60b1ca21", - "description": "rhacm-configuration-policy", - "props": [ - { - "name": "results.policy", - "ns": "https://kubernetes.github.io/compliance-trestle/schemas/oscal/ar/scc", - "value": "mustnothaveimagevuln", - "class": "scc_rule" - }, - { - "name": "results.message", - "ns": "https://kubernetes.github.io/compliance-trestle/schemas/oscal/ar/scc", - "value": "must not have imagemanifestvulns", - "class": "scc_description" - }, - { - "name": "results.result", - "ns": "https://kubernetes.github.io/compliance-trestle/schemas/oscal/ar/scc", - "value": "fail", - "class": "scc_result" - }, - { - "name": "results.scored", - "value": "False" - }, - { - "name": "results.resources.apiVersion", - "value": "secscan.quay.redhat.com/v1alpha1" - }, - { - "name": "results.resources.kind", - "value": "ImageManifestVuln" - }, - { - "name": "results.resources.name", - "value": "sha256.8d104847fc2371a983f7cb01c7c0a3ab35b7381d6bf7ce355d9b32a08c0031f0" - }, - { - "name": "results.resources.namespace", - "value": "openshift-cluster-version" - }, - { - "name": "results.properties.details", - "value": "NonCompliant; violation - imagemanifestvulns exist and should be deleted: [sha256.8d104847fc2371a983f7cb01c7c0a3ab35b7381d6bf7ce355d9b32a08c0031f0] in namespace openshift-cluster-version" - }, - { - "name": "results.properties.standards", - "value": "NIST-CSF" - }, - { - "name": "results.properties.categories", - "value": "DE.CM Security Continuous Monitoring" - }, - { - "name": "results.properties.controls", - "value": "DE.CM-8 Vulnerability scans" - }, - { - "name": "results.properties.severity", - "value": "high" - } - ], - "methods": [ - "TEST-AUTOMATED" - ], - "subjects": [ - { - "subject-uuid": "62460372-5f80-4e69-91fe-c403db0f3b8b", - "type": "inventory-item" - } - ], - "collected": "2022-02-23T12:32:46+00:00" - } - ] - } - ] -} \ No newline at end of file