Merge 5d6be7a11b into 0cbb99d1f1

Dockerfile

@@ -1,6 +1,15 @@
-FROM alpine:3.1
+FROM debian:wheezy
 
-RUN apk --update add docker
+RUN apt-get update && \
+    apt-get -y upgrade && \
+    apt-get -y install auditd ca-certificates curl gawk net-tools procps --no-install-recommends && \
+    curl -sSL https://get.docker.com/ | sh && \
+    apt-get -y purge git openssh* patch rsync* && \
+    apt-get -y clean && \
+    apt-get -y autoremove && \
+    rm -rf /var/lib/apt/lists/* \
+      /usr/share/doc /usr/share/doc-base \
+      /usr/share/man /usr/share/locale /usr/share/zoneinfo
 
 RUN mkdir /docker-bench-security
 

README.md

@@ -12,9 +12,8 @@ We packaged docker bench as a small container for your convenience. Note that th
 
 The easiest way to run your hosts against the CIS Docker 1.6 benchmark is by running our pre-built container:
 
-
 ```sh
-docker run -it --net host --pid host \
+docker run -it --cap-add audit_control --net host --pid host \
     -v /var/run/docker.sock:/var/run/docker.sock \
     -v /usr/lib/systemd:/usr/lib/systemd \
     -v /etc:/etc --label docker-bench-security \
@@ -33,7 +32,7 @@ If you wish to build and run this container yourself, you can follow the followi
 git clone https://github.com/diogomonica/docker-bench-security.git
 cd docker-bench-security
 docker build -t docker-bench-security .
-docker run -it --net host --pid host \
+docker run -it --cap-add audit_control --net host --pid host \
     -v /var/run/docker.sock:/var/run/docker.sock \
     -v /usr/lib/systemd:/usr/lib/systemd \
     -v /etc:/etc --label security-benchmark \