GuillaumeHemmen/docker-bench-security
1
0
Fork 0
mirror of https://github.com/docker/docker-bench-security.git synced 2025-11-04 02:58:59 +00:00
Code Issues Projects Releases Packages Wiki Activity

New README

Browse source 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
This commit is contained in:
Thomas Sjögren 2015-06-14 23:03:11 +02:00
commit 5c3c36c5ca
1 changed files with 17 additions and 11 deletions

28
README.md
View file

@ -13,10 +13,12 @@ We packaged docker bench as a small container for your convenience. Note that th
The easiest way to run your hosts against the CIS Docker 1.6 benchmark is by running our pre-built container:
```
docker run -it --net host --pid host -v /var/lib:/var/lib -v /var/run/docker.sock:/var/run/docker.sock \
-v /usr/lib/systemd:/usr/lib/systemd -v /etc:/etc --label docker-bench-security \
diogomonica/docker-bench-security
```sh
docker run -it --net host --pid host -v /var/lib:/var/lib \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /usr/lib/systemd:/usr/lib/systemd \
-v /etc:/etc --label docker-bench-security \
diogomonica/docker-bench-security
```
Docker bench requires Docker 1.6.2 or later in order to run, since it depends on the `--label` to exclude the current container from being inspected. If you can't upgrade to 1.6.2, I feel free to remove the `--label` flag or run the shell script locally (see below).
@ -27,19 +29,23 @@ Additionally, there was a bug in Docker 1.6.0 that would not allow mounting `-v
If you wish to build and run this container yourself, you can follow the following steps:
```
```sh
git clone https://github.com/diogomonica/docker-bench-security.git
cd docker-bench-security; docker build -t docker-bench-security .
docker run -it --net host --pid host -v /var/lib:/var/lib -v /var/run/docker.sock:/var/run/docker.sock \
-v /usr/lib/systemd:/usr/lib/systemd -v /etc:/etc --label security-benchmark \
docker-bench-security
cd docker-bench-security
docker build -t docker-bench-security .
docker run -it --net host --pid host -v /var/lib:/var/lib \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /usr/lib/systemd:/usr/lib/systemd \
-v /etc:/etc --label security-benchmark \
docker-bench-security
```
Also, this script can also be simply run from your base host by running:
```
```sh
git clone https://github.com/diogomonica/docker-bench-security.git
cd docker-bench-security; sh docker-bench-security.sh
cd docker-bench-security
sh docker-bench-security.sh
```
This script was build to be POSIX 2004 compliant, so it should be portable across any Unix platform.