GuillaumeHemmen/docker-bench-security
1
0
Fork 0
mirror of https://github.com/docker/docker-bench-security.git synced 2025-01-19 00:32:34 +01:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #29 from jfrazelle/make-readme-codeblocks-prettier

Browse source 
make readme codeblocks prettier
This commit is contained in:
Diogo Mónica 2015-06-11 16:56:00 -07:00
commit 00b2c55589
1 changed files with 17 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
README.md
View file

@ -13,10 +13,12 @@ We packaged docker bench as a small container for your convenience. Note that th
The easiest way to run your hosts against the CIS Docker 1.6 benchmark is by running our pre-built container: The easiest way to run your hosts against the CIS Docker 1.6 benchmark is by running our pre-built container:
``` ```sh
docker run -it --net host --pid host -v /var/run/docker.sock:/var/run/docker.sock \ docker run -it --net host --pid host \
-v /usr/lib/systemd:/usr/lib/systemd -v /etc:/etc --label docker-bench-security \ -v /var/run/docker.sock:/var/run/docker.sock \
diogomonica/docker-bench-security -v /usr/lib/systemd:/usr/lib/systemd \
-v /etc:/etc --label docker-bench-security \
diogomonica/docker-bench-security
``` ```
Docker bench requires Docker 1.6.2 or later in order to run, since it depends on the `--label` to exclude the current container from being inspected. If you can't upgrade to 1.6.2, I feel free to remove the `--label` flag or run the shell script locally (see below). Docker bench requires Docker 1.6.2 or later in order to run, since it depends on the `--label` to exclude the current container from being inspected. If you can't upgrade to 1.6.2, I feel free to remove the `--label` flag or run the shell script locally (see below).
@ -27,19 +29,23 @@ Additionally, there was a bug in Docker 1.6.0 that would not allow mounting `-v
If you wish to build and run this container yourself, you can follow the following steps: If you wish to build and run this container yourself, you can follow the following steps:
``` ```sh
git clone https://github.com/diogomonica/docker-bench-security.git git clone https://github.com/diogomonica/docker-bench-security.git
cd docker-bench-security; docker build -t docker-bench-security . cd docker-bench-security
docker run -it --net host --pid host -v /var/run/docker.sock:/var/run/docker.sock \ docker build -t docker-bench-security .
-v /usr/lib/systemd:/usr/lib/systemd -v /etc:/etc --label security-benchmark \ docker run -it --net host --pid host \
docker-bench-security -v /var/run/docker.sock:/var/run/docker.sock \
-v /usr/lib/systemd:/usr/lib/systemd \
-v /etc:/etc --label security-benchmark \
docker-bench-security
``` ```
Also, this script can also be simply run from your base host by running: Also, this script can also be simply run from your base host by running:
``` ```sh
git clone https://github.com/diogomonica/docker-bench-security.git git clone https://github.com/diogomonica/docker-bench-security.git
cd docker-bench-security; sh docker-bench-security.sh cd docker-bench-security
sh docker-bench-security.sh
``` ```
This script was build to be POSIX 2004 compliant, so it should be portable across any Unix platform. This script was build to be POSIX 2004 compliant, so it should be portable across any Unix platform.