Skip to content

Commit

Permalink
Add namespace and class to example.
Browse files Browse the repository at this point in the history
  • Loading branch information
@degenaro
degenaro committed Feb 23, 2022
1 parent a4d1262 commit 174e528
Show file tree
Hide file tree
Showing 6 changed files with 125 additions and 55 deletions.
Binary file modified trestle_k8s/Kubernetes-Yaml-to-OSCAL-Mapping.xlsx
View file
Binary file not shown.
24 changes: 22 additions & 2 deletions trestle_k8s/k8s-to-oscal.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,9 @@ def __next__(self):
class YamlToOscal:
"""Manage YAML to OSCAL transformations."""

def _ns(self) -> str:
return 'https://kubernetes.github.io/compliance-trestle/schemas/oscal/ar/scc'

def _uuid(self) -> str:
return str(uuid.uuid4())

Expand Down Expand Up @@ -110,6 +113,15 @@ def _add_prop(self, props: List[Property], name: str, yaml_data: Dict, keys: Lis
except KeyError:
pass

def _add_prop_with_ns(self, props: List[Property], name: str, yaml_data: Dict, keys: List[str], ns, class_) -> None:
try:
value = self._get_value(yaml_data, keys)
prop = Property(name=self._normalize(name), value=self._whitespace(value), ns=ns, class_=class_)
props.append(prop)
return prop
except KeyError:
pass

def _get_result_observations(self, yaml_data: Dict, subjects: List[SubjectReference]) -> List[Observation]:
observations = []
results = yaml_data['results']
Expand All @@ -132,7 +144,11 @@ def _get_result_observations(self, yaml_data: Dict, subjects: List[SubjectRefere
for resource in resources:
self._add_prop(observation.props, 'results.' + key + '.' + resource, resources, [resource])
else:
self._add_prop(observation.props, 'results.' + key, result, [key])
map = { 'policy':'scc_rule', 'result':'scc_result', 'message':'scc_description'}
if key in map.keys():
self._add_prop_with_ns(observation.props, 'results.' + key, result, [key], self._ns() , map[key])
else:
self._add_prop(observation.props, 'results.' + key, result, [key])
observations.append(observation)
return observations

Expand Down Expand Up @@ -160,7 +176,11 @@ def _get_local_definitions(self, yaml_data: Dict) -> LocalDefinitions1:
props = []
for key in yaml_data['scope']:
compound_key = 'scope.' + key
self._add_prop(props, compound_key, yaml_data, compound_key.split('.'))
map = { 'namespace':'scc_scope' }
if key in map.keys():
self._add_prop_with_ns(props, compound_key, yaml_data, compound_key.split('.'), self._ns() , map[key])
else:
self._add_prop(props, compound_key, yaml_data, compound_key.split('.'))
inventory_item = InventoryItem(uuid=self._uuid(), description='inventory', props=props)
rval = LocalDefinitions1()
rval.inventory_items = [inventory_item]
Expand Down
52 changes: 35 additions & 17 deletions trestle_k8s/oscal-samples/sample-cis-k8s.json
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
{
"results": [
{
"uuid": "840195ca-3ceb-42e3-a40c-7d643a6600f9",
"uuid": "92a3672f-7d10-4738-8cd1-5a080468c0f1",
"title": "sample-cis-bench-api-server",
"description": "kube-cis",
"start": "2022-02-21T16:20:49+00:00",
"start": "2022-02-23T12:32:46+00:00",
"prop": [
{
"name": "apiVersion",
Expand Down Expand Up @@ -54,20 +54,26 @@
},
"observations": [
{
"uuid": "01f587ea-3a49-453b-b7cf-555ebff3ae6c",
"uuid": "a6412809-b357-4bd6-a260-354605f66b5e",
"description": "kube-cis",
"props": [
{
"name": "results.policy",
"value": "api-server:anonymous-auth"
"ns": "https://kubernetes.github.io/compliance-trestle/schemas/oscal/ar/scc",
"value": "api-server:anonymous-auth",
"class": "scc_rule"
},
{
"name": "results.message",
"value": "ensure that --anonymous-auth argument is set to false"
"ns": "https://kubernetes.github.io/compliance-trestle/schemas/oscal/ar/scc",
"value": "ensure that --anonymous-auth argument is set to false",
"class": "scc_description"
},
{
"name": "results.result",
"value": "warn"
"ns": "https://kubernetes.github.io/compliance-trestle/schemas/oscal/ar/scc",
"value": "warn",
"class": "scc_result"
},
{
"name": "results.scored",
Expand All @@ -85,23 +91,29 @@
"methods": [
"TEST-AUTOMATED"
],
"collected": "2022-02-21T16:20:49+00:00"
"collected": "2022-02-23T12:32:46+00:00"
},
{
"uuid": "f1ced0f1-ce1c-4980-95af-3a5fc02ca083",
"uuid": "cfbf4e94-3d89-4420-87cb-73cfd1f1c2d3",
"description": "kube-cis",
"props": [
{
"name": "results.policy",
"value": "api-server:basic-auth-file"
"ns": "https://kubernetes.github.io/compliance-trestle/schemas/oscal/ar/scc",
"value": "api-server:basic-auth-file",
"class": "scc_rule"
},
{
"name": "results.message",
"value": "ensure that --basic-auth-file argument is not set"
"ns": "https://kubernetes.github.io/compliance-trestle/schemas/oscal/ar/scc",
"value": "ensure that --basic-auth-file argument is not set",
"class": "scc_description"
},
{
"name": "results.result",
"value": "fail"
"ns": "https://kubernetes.github.io/compliance-trestle/schemas/oscal/ar/scc",
"value": "fail",
"class": "scc_result"
},
{
"name": "results.scored",
Expand All @@ -119,23 +131,29 @@
"methods": [
"TEST-AUTOMATED"
],
"collected": "2022-02-21T16:20:49+00:00"
"collected": "2022-02-23T12:32:46+00:00"
},
{
"uuid": "2b9baba5-9f40-4419-b357-7e1923c53fc5",
"uuid": "72bac34a-665d-42d5-845c-cfc59a2c25f3",
"description": "kube-cis",
"props": [
{
"name": "results.policy",
"value": "api-server:token-auth-file"
"ns": "https://kubernetes.github.io/compliance-trestle/schemas/oscal/ar/scc",
"value": "api-server:token-auth-file",
"class": "scc_rule"
},
{
"name": "results.message",
"value": "ensure that --token-auth-file argument is not set"
"ns": "https://kubernetes.github.io/compliance-trestle/schemas/oscal/ar/scc",
"value": "ensure that --token-auth-file argument is not set",
"class": "scc_description"
},
{
"name": "results.result",
"value": "warn"
"ns": "https://kubernetes.github.io/compliance-trestle/schemas/oscal/ar/scc",
"value": "warn",
"class": "scc_result"
},
{
"name": "results.scored",
Expand All @@ -153,7 +171,7 @@
"methods": [
"TEST-AUTOMATED"
],
"collected": "2022-02-21T16:20:49+00:00"
"collected": "2022-02-23T12:32:46+00:00"
}
]
}
Expand Down
36 changes: 24 additions & 12 deletions trestle_k8s/oscal-samples/sample-co.json
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
{
"results": [
{
"uuid": "ee655d81-c25b-4303-9c68-265df4e01c26",
"uuid": "bd7299a4-bcfa-4b8a-aaa7-154a9aee973a",
"title": "sample-fedramp-compliance-operator",
"description": "openshift-compliance-operator",
"start": "2022-02-21T16:20:49+00:00",
"start": "2022-02-23T12:32:46+00:00",
"prop": [
{
"name": "apiVersion",
Expand Down Expand Up @@ -58,20 +58,26 @@
},
"observations": [
{
"uuid": "f8ffa814-720d-4087-ac28-4bfc2bebf9b7",
"uuid": "c3ceb451-d0b9-4cf0-ae48-5537aa26e2f6",
"description": "openshift-compliance-operator",
"props": [
{
"name": "results.policy",
"value": "xccdf_org.ssgproject.content_rule_audit_rules_etc_group_open"
"ns": "https://kubernetes.github.io/compliance-trestle/schemas/oscal/ar/scc",
"value": "xccdf_org.ssgproject.content_rule_audit_rules_etc_group_open",
"class": "scc_rule"
},
{
"name": "results.message",
"value": "Record Events that Modify User/Group Information via open syscall - /etc/group Creation of groups through direct edition of /etc/group could be an indicator of malicious activity on a system. Auditing these events could serve as evidence of potential system compromise."
"ns": "https://kubernetes.github.io/compliance-trestle/schemas/oscal/ar/scc",
"value": "Record Events that Modify User/Group Information via open syscall - /etc/group Creation of groups through direct edition of /etc/group could be an indicator of malicious activity on a system. Auditing these events could serve as evidence of potential system compromise.",
"class": "scc_description"
},
{
"name": "results.result",
"value": "fail"
"ns": "https://kubernetes.github.io/compliance-trestle/schemas/oscal/ar/scc",
"value": "fail",
"class": "scc_result"
},
{
"name": "results.scored",
Expand All @@ -93,23 +99,29 @@
"methods": [
"TEST-AUTOMATED"
],
"collected": "2022-02-21T16:20:49+00:00"
"collected": "2022-02-23T12:32:46+00:00"
},
{
"uuid": "fdd26e07-2a80-4584-b91d-4a345af547cf",
"uuid": "8bf607b3-3323-4e60-8ac4-d0a8fadf6ea3",
"description": "openshift-compliance-operator",
"props": [
{
"name": "results.policy",
"value": "xccdf_org.ssgproject.content_rule_sshd_limit_user_access"
"ns": "https://kubernetes.github.io/compliance-trestle/schemas/oscal/ar/scc",
"value": "xccdf_org.ssgproject.content_rule_sshd_limit_user_access",
"class": "scc_rule"
},
{
"name": "results.message",
"value": "Limit Users' SSH Access Specifying which accounts are allowed SSH access into the system reduces the possibility of unauthorized access to the system."
"ns": "https://kubernetes.github.io/compliance-trestle/schemas/oscal/ar/scc",
"value": "Limit Users' SSH Access Specifying which accounts are allowed SSH access into the system reduces the possibility of unauthorized access to the system.",
"class": "scc_description"
},
{
"name": "results.result",
"value": "warn"
"ns": "https://kubernetes.github.io/compliance-trestle/schemas/oscal/ar/scc",
"value": "warn",
"class": "scc_result"
},
{
"name": "results.scored",
Expand All @@ -127,7 +139,7 @@
"methods": [
"TEST-AUTOMATED"
],
"collected": "2022-02-21T16:20:49+00:00"
"collected": "2022-02-23T12:32:46+00:00"
}
]
}
Expand Down
40 changes: 26 additions & 14 deletions trestle_k8s/oscal-samples/sample-falco-policy.json
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
{
"results": [
{
"uuid": "30ed73f5-fc78-43cf-bdc3-94e73c497db5",
"uuid": "6bd25f89-4a80-45c9-b0c5-138304e98c6e",
"title": "falco-alerts-policy",
"description": "falco-agent",
"start": "2022-02-21T16:20:49+00:00",
"start": "2022-02-23T12:32:46+00:00",
"prop": [
{
"name": "apiVersion",
Expand All @@ -30,20 +30,26 @@
},
"observations": [
{
"uuid": "5cdb63e7-34e7-422f-8979-63a4e64b461b",
"uuid": "fe919a82-879e-4b0f-9851-b02ae369696f",
"description": "falco-agent",
"props": [
{
"name": "results.policy",
"value": "Change thread namespace"
"ns": "https://kubernetes.github.io/compliance-trestle/schemas/oscal/ar/scc",
"value": "Change thread namespace",
"class": "scc_rule"
},
{
"name": "results.message",
"value": "Falco alert created due to the Change thread namespace rule"
"ns": "https://kubernetes.github.io/compliance-trestle/schemas/oscal/ar/scc",
"value": "Falco alert created due to the Change thread namespace rule",
"class": "scc_description"
},
{
"name": "results.result",
"value": "fail"
"ns": "https://kubernetes.github.io/compliance-trestle/schemas/oscal/ar/scc",
"value": "fail",
"class": "scc_result"
},
{
"name": "results.scored",
Expand Down Expand Up @@ -89,15 +95,15 @@
"methods": [
"TEST-AUTOMATED"
],
"collected": "2022-02-21T16:20:49+00:00"
"collected": "2022-02-23T12:32:46+00:00"
}
]
},
{
"uuid": "f5729c7e-a57f-4044-a515-1a6cce748856",
"uuid": "75462c11-d166-4ce6-9a45-c3c677bc4c37",
"title": "falco-alerts-policy",
"description": "falco-agent",
"start": "2022-02-21T16:20:49+00:00",
"start": "2022-02-23T12:32:46+00:00",
"prop": [
{
"name": "apiVersion",
Expand All @@ -119,20 +125,26 @@
},
"observations": [
{
"uuid": "7d8d933e-d1fb-494d-a6f2-19ad0d7132e7",
"uuid": "44d0d935-51e1-4343-8eb7-4460286bfade",
"description": "falco-agent",
"props": [
{
"name": "results.policy",
"value": "audit"
"ns": "https://kubernetes.github.io/compliance-trestle/schemas/oscal/ar/scc",
"value": "audit",
"class": "scc_rule"
},
{
"name": "results.message",
"value": "audit rule violation from the kubernetes api server"
"ns": "https://kubernetes.github.io/compliance-trestle/schemas/oscal/ar/scc",
"value": "audit rule violation from the kubernetes api server",
"class": "scc_description"
},
{
"name": "results.result",
"value": "fail"
"ns": "https://kubernetes.github.io/compliance-trestle/schemas/oscal/ar/scc",
"value": "fail",
"class": "scc_result"
},
{
"name": "results.scored",
Expand Down Expand Up @@ -170,7 +182,7 @@
"methods": [
"TEST-AUTOMATED"
],
"collected": "2022-02-21T16:20:49+00:00"
"collected": "2022-02-23T12:32:46+00:00"
}
]
}
Expand Down
Loading

0 comments on commit 174e528

Please sign in to comment.