From 9a87d5e3a723a4d1bad4b69e59376fd11fc74967 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thomas=20Sj=C3=B6gren?=
 <konstruktoid@users.noreply.github.com>
Date: Thu, 11 Jun 2015 23:42:30 +0200
Subject: [PATCH 1/4] auditctl requires cap_audit_control
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
---
 README.md | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index bcedb95..11da0bc 100644
--- a/README.md
+++ b/README.md
@@ -14,8 +14,9 @@ The easiest way to run your hosts against the CIS Docker 1.6 benchmark is by run
 
 
 ```
-docker run -it --net host --pid host -v /var/run/docker.sock:/var/run/docker.sock \
--v /usr/lib/systemd:/usr/lib/systemd -v /etc:/etc --label docker-bench-security \
+docker run -it --cap-add audit_control --net host --pid host \
+-v /var/run/docker.sock:/var/run/docker.sock -v /usr/lib/systemd:/usr/lib/systemd \
+-v /etc:/etc --label docker-bench-security \
 diogomonica/docker-bench-security
 ```
 
@@ -30,8 +31,9 @@ If you wish to build and run this container yourself, you can follow the followi
 ```
 git clone https://github.com/diogomonica/docker-bench-security.git
 cd docker-bench-security; docker build -t docker-bench-security .
-docker run -it --net host --pid host -v /var/run/docker.sock:/var/run/docker.sock \
--v /usr/lib/systemd:/usr/lib/systemd -v /etc:/etc --label security-benchmark \
+docker run -it --cap-add audit_control --net host --pid host \
+-v /var/run/docker.sock:/var/run/docker.sock -v /usr/lib/systemd:/usr/lib/systemd \
+-v /etc:/etc --label security-benchmark \
 docker-bench-security
 ```
 

From a9935845731e139d34d5de61bd36fcfcc6c276e4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thomas=20Sj=C3=B6gren?=
 <konstruktoid@users.noreply.github.com>
Date: Thu, 11 Jun 2015 23:43:20 +0200
Subject: [PATCH 2/4] use debian:wheezy as base image
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
---
 Dockerfile | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index a552ef4..5789db1 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,15 @@
-FROM alpine:3.1
+FROM debian:wheezy
 
-RUN apk --update add docker
+RUN apt-get update && \
+    apt-get -y upgrade && \
+    apt-get -y install auditd ca-certificates curl gawk net-tools procps --no-install-recommends && \
+    curl -sSL https://get.docker.com/ | sh && \
+    apt-get -y purge git openssh* patch rsync* && \
+    apt-get -y clean && \
+    apt-get -y autoremove && \
+    rm -rf /var/lib/apt/lists/* \
+      /usr/share/doc /usr/share/doc-base \
+      /usr/share/man /usr/share/locale /usr/share/zoneinfo
 
 RUN mkdir /docker-bench-security
 

From 69de1eb93dd53ecbc006889c0bfd8893ca555e1b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thomas=20Sj=C3=B6gren?=
 <konstruktoid@users.noreply.github.com>
Date: Sun, 14 Jun 2015 22:29:36 +0200
Subject: [PATCH 3/4] README

---
 README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index f2be9a3..3a81b3d 100644
--- a/README.md
+++ b/README.md
@@ -14,7 +14,7 @@ The easiest way to run your hosts against the CIS Docker 1.6 benchmark is by run
 
 
 ```sh
-docker run -it --net host --pid host \
+docker run -it --cap-add audit_control --net host --pid host \
     -v /var/run/docker.sock:/var/run/docker.sock \
     -v /usr/lib/systemd:/usr/lib/systemd \
     -v /etc:/etc --label docker-bench-security \
@@ -33,7 +33,7 @@ If you wish to build and run this container yourself, you can follow the followi
 git clone https://github.com/diogomonica/docker-bench-security.git
 cd docker-bench-security
 docker build -t docker-bench-security .
-docker run -it --net host --pid host \
+docker run -it --cap-add audit_control --net host --pid host \
     -v /var/run/docker.sock:/var/run/docker.sock \
     -v /usr/lib/systemd:/usr/lib/systemd \
     -v /etc:/etc --label security-benchmark \

From 9bd50d58026dbd20e620d839b2e325bcca1a7d4e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thomas=20Sj=C3=B6gren?=
 <konstruktoid@users.noreply.github.com>
Date: Thu, 11 Jun 2015 23:43:20 +0200
Subject: [PATCH 4/4] use debian:wheezy as base image
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
---
 Dockerfile | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index a552ef4..5789db1 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,15 @@
-FROM alpine:3.1
+FROM debian:wheezy
 
-RUN apk --update add docker
+RUN apt-get update && \
+    apt-get -y upgrade && \
+    apt-get -y install auditd ca-certificates curl gawk net-tools procps --no-install-recommends && \
+    curl -sSL https://get.docker.com/ | sh && \
+    apt-get -y purge git openssh* patch rsync* && \
+    apt-get -y clean && \
+    apt-get -y autoremove && \
+    rm -rf /var/lib/apt/lists/* \
+      /usr/share/doc /usr/share/doc-base \
+      /usr/share/man /usr/share/locale /usr/share/zoneinfo
 
 RUN mkdir /docker-bench-security