GuillaumeHemmen/docker-bench-security
1
0
Fork 0
mirror of https://github.com/docker/docker-bench-security.git synced 2024-11-01 00:21:45 +01:00
Code Issues Projects Releases Packages Wiki Activity
898 commits 3 branches 11 tags 4.9 MiB
Commit graph

307 commits

Author SHA1 Message Date
Thomas Sjögren
5d5ca0a3da
correct tests and instructions 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2024-04-16 07:29:45 +00:00
Thomas Sjögren
820abe98c3
Merge pull request #539 from konstruktoid/issue538 
check if restart policy is 5 or less
 2024-02-11 11:25:09 +01:00
MaPoe
958f5fa6c3 feat: update swarm mode check id from 7.1 to 5.1 2023-12-17 15:57:54 +01:00
halfluke
b6e4380937 fix537 2023-10-21 01:43:46 +01:00
Thomas Sjögren
e680ab2465
update restart_policy w/o swarm 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2023-09-25 15:29:45 +00:00
Thomas Sjögren
ab2190819d
check if restart policy is 5 or less 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2023-09-25 09:05:44 +00:00
Thomas Sjögren
26f80fb331
Fix image sprawl miscalculation 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2023-08-25 12:17:48 +00:00
andreagalle
0dc2d2b1e6 should fix the: Error response from daemon: This node is not a swarm manager. issue 2023-04-26 07:04:53 +00:00
andreagalle
412f514bb4 just a typo 2023-04-12 14:51:01 +00:00
andreagalle
f97b420af9 couple typos & performance improvements 2023-04-12 14:46:13 +00:00
andreagalle
c8c90ee523 checking for the MaxAttempts=5 too at service level 2023-04-12 13:27:36 +00:00
Thomas Sjögren
ce38d3dd3c
Merge pull request #513 from konstruktoid/150 
align tests to CIS Docker Benchmark 1.5.0
 2023-03-06 13:01:33 +01:00
Thomas Sjögren
cbd07bb051
align tests to CIS Benchmark 1.5.0 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2023-03-06 12:59:56 +01:00
Thomas Sjögren
f375045741
Merge pull request #511 from konstruktoid/issue510 
add support for .NanoCpus
 2023-02-02 22:12:27 +01:00
Thomas Sjögren
941518887b
add support for .NanoCpus 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2023-02-02 11:47:18 +01:00
QuentinServais
ee718c40c0
Fix check_2_7 TLS check with json config 2022-12-27 23:39:17 +01:00
Thomas Sjögren
558fca319f grep host* in config file before testing 2.7 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2022-05-09 12:26:01 +02:00
Thomas Sjögren
68c8e53dac add 4.12 check 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2022-03-07 13:05:22 +01:00
Thomas Sjögren
0d5874877b if the docker daemon is configure with no-new-privileges, pass check 5.25 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2021-12-02 11:10:12 +01:00
serica
0ae544dd03 fix style and false warning in check_5_3 2021-11-30 18:38:36 -08:00
João Fernandes
a409e03d99
Fix typo in check_5_21 2021-11-11 20:39:22 +00:00
João Fernandes
7e89ea067d
Fix typo in check_4_11 
Fix the text description for check_4_11 .
 2021-11-11 20:39:00 +00:00
Thomas Sjögren
ec3ddf2acd
Merge pull request #475 from nikitastupin/feature-list-open-ports 
Implement listing of open ports
 2021-10-31 12:50:27 +01:00
Thomas Sjögren
fd93a6ee93
Merge pull request #476 from nikitastupin/feature-specific-capability-checks 
Add checks for capabilities that allows container escape
 2021-10-31 12:26:40 +01:00
Thomas Sjögren
683c5a92b5 fix socket check 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2021-07-12 15:22:12 +02:00
Nikita Stupin
cf93e9ed07 Add checks for capabilities that allows container escape 2021-07-08 13:10:12 +03:00
Nikita Stupin
dacc7372bf Implement listing of open ports 2021-07-08 13:00:21 +03:00
aagot
08a7b09d4d
Update 2_docker_daemon_configuration.sh 2021-06-25 14:38:02 +02:00
Thomas Sjögren
c1457e6ad3 initial commit of tests/99_community_checks.sh v1.3.1 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2021-05-25 20:49:46 +02:00
Thomas Sjögren
32c5e5f1fb initial commit of tests/8_docker_enterprise_configuration.sh v1.3.1 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2021-05-25 20:49:46 +02:00
Thomas Sjögren
4e379bbaf9 initial commit of tests/7_docker_swarm_configuration.sh v1.3.1 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2021-05-25 20:49:46 +02:00
Thomas Sjögren
3a9deae328 initial commit of tests/6_docker_security_operations.sh v1.3.1 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2021-05-25 20:49:46 +02:00
Thomas Sjögren
bd05445528 initial commit of tests/5_container_runtime.sh v1.3.1 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2021-05-25 20:49:46 +02:00
Thomas Sjögren
28fa0393da initial commit of tests/4_container_images.sh v1.3.1 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2021-05-25 20:49:46 +02:00
Thomas Sjögren
6f574b07c1 initial commit of tests/3_docker_daemon_configuration_files.sh v1.3.1 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2021-05-25 20:49:45 +02:00
Thomas Sjögren
6a685524eb initial commit of tests/2_docker_daemon_configuration.sh v1.3.1 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2021-05-25 20:49:45 +02:00
Thomas Sjögren
4a4ae81a03 initial commit of tests/1_host_configuration.sh v1.3.1 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2021-05-25 20:49:45 +02:00
Thomas Sjögren
addefc6ee4 update documentation 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2021-05-25 20:43:33 +02:00
Razvan Stoica
e4d9bd1556 Set remediationImpact for 5.31 test to None. 2021-04-14 11:17:22 +03:00
Razvan Stoica
15aa1eecd5 Update remediation impact message for test 5.31 2021-04-14 10:58:53 +03:00
Razvan Stoica
c67469d96b Fix systemctl error when running inside a container 2021-03-29 16:20:01 +03:00
Razvan Stoica
81ac358e82 Remove temporary files 2021-03-29 15:32:34 +03:00
Razvan Stoica
d0443cc817 Bug fixing and improving source code readability 2021-03-29 15:22:14 +03:00
Razvan Stoica
8a934aebf1 Remove the Debian family-specific installation command 2021-03-28 09:47:49 +03:00
Razvan Stoica
f31e60c379 Add more remediation stuff 2021-03-22 09:43:56 +02:00
Razvan Stoica
cc8171fbfe Add remediation stuff on enterprise configuration 2021-03-18 10:32:02 +02:00
Razvan Stoica
3a7fe3bb24 Add remediation stuff on swarm configuration 2021-03-18 10:31:22 +02:00
Razvan Stoica
25de0bd826 Add remediation stuff on security operations 2021-03-18 10:30:30 +02:00
Razvan Stoica
c05c58674a Add remediation stuff on daemon configuration 2021-03-18 10:29:28 +02:00
Razvan Stoica
7e89fdd364 Add remediation stuff on host configuration 2021-03-18 10:28:45 +02:00