mirror of
https://github.com/docker/docker-bench-security.git
synced 2025-01-19 00:32:34 +01:00
commit
e169d99736
3 changed files with 14 additions and 5 deletions
10
README.md
10
README.md
|
@ -50,11 +50,11 @@ version 1.13.0 or later.
|
||||||
```sh
|
```sh
|
||||||
-h optional Print this help message
|
-h optional Print this help message
|
||||||
-l FILE optional Log output in FILE
|
-l FILE optional Log output in FILE
|
||||||
-c CHECK optional Run specific check
|
-c CHECK optional Run specific check or group of checks
|
||||||
```
|
```
|
||||||
|
|
||||||
By default the Docker Bench for Security script will run all available tests and
|
By default the Docker Bench for Security script will run all available CIS tests
|
||||||
produce logs in the current directory named `docker-bench-security.sh.log.json`
|
and produce logs in the current directory named `docker-bench-security.sh.log.json`
|
||||||
and `docker-bench-security.sh.log`.
|
and `docker-bench-security.sh.log`.
|
||||||
The CIS based checks are named `check_<section>_<number>`, e.g. `check_2_6`
|
The CIS based checks are named `check_<section>_<number>`, e.g. `check_2_6`
|
||||||
and community contributed checks are named `check_c_<number>`.
|
and community contributed checks are named `check_c_<number>`.
|
||||||
|
@ -62,6 +62,10 @@ A complete list of checks are present in [functions_lib.sh](functions_lib.sh).
|
||||||
|
|
||||||
`sh docker-bench-security.sh -l /tmp/docker-bench-security.sh.log -c check_2_2`
|
`sh docker-bench-security.sh -l /tmp/docker-bench-security.sh.log -c check_2_2`
|
||||||
|
|
||||||
|
Note that when submitting checks, provide information why it is a
|
||||||
|
reasonable test to add and please include some kind of official documentation
|
||||||
|
verifying that information.
|
||||||
|
|
||||||
## Building Docker Bench for Security
|
## Building Docker Bench for Security
|
||||||
|
|
||||||
If you wish to build and run this container yourself, you can follow the
|
If you wish to build and run this container yourself, you can follow the
|
||||||
|
|
|
@ -112,7 +112,12 @@ main () {
|
||||||
if [ -z "$check" ]; then
|
if [ -z "$check" ]; then
|
||||||
cis
|
cis
|
||||||
else
|
else
|
||||||
|
if command -v "$check" 2>/dev/null 1>&2; then
|
||||||
"$check"
|
"$check"
|
||||||
|
else
|
||||||
|
echo "Check \"$check\" doesn't seem to exist."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
printf "\n"
|
printf "\n"
|
||||||
|
|
|
@ -8,7 +8,7 @@ check_c() {
|
||||||
check_c_1() {
|
check_c_1() {
|
||||||
check_c_1="C.1 - This is a example check"
|
check_c_1="C.1 - This is a example check"
|
||||||
totalChecks=$((totalChecks + 1))
|
totalChecks=$((totalChecks + 1))
|
||||||
if docker info --format='{{ .Architecture }}' | grep 'x86_64'; then
|
if docker info --format='{{ .Architecture }}' | grep 'x86_64' 2>/dev/null 1>&2; then
|
||||||
pass "$check_c_1"
|
pass "$check_c_1"
|
||||||
logjson "c.1" "PASS"
|
logjson "c.1" "PASS"
|
||||||
else
|
else
|
||||||
|
|
Loading…
Reference in a new issue