docker-bench-security

mirror of https://github.com/docker/docker-bench-security.git synced 2025-01-18 16:22:33 +01:00

Author	SHA1	Message	Date
Razvan Stoica	7144b947de	Tests update	2021-03-16 10:05:49 +02:00
Razvan Stoica	11886d47d8	Fixed invalid JSON log	2021-03-11 15:00:12 +02:00
Razvan Stoica	c623d3afdd	Print the remediation measure only if the check is not passed	2021-03-11 09:32:29 +02:00
Razvan Stoica	85117ea1a2	Improve wording	2021-03-11 08:30:01 +02:00
Razvan Stoica	6c586b4e08	Print remediation measures at the end of the logs	2021-03-10 21:47:52 +02:00
Razvan Stoica	9ae0d92b5d	Fix "nohealthlocal: command not found" error	2021-03-10 14:58:58 +02:00
Razvan Stoica	c00ef4330b	Add details about remediations measure for host configuration tests	2021-03-09 21:43:25 +02:00
Razvan Stoica	94900eedb9	Change global variable used only locally to local variable for simplification	2021-03-09 12:42:48 +02:00
Jo Cook	e9b9bfd270	Update 4_container_images.sh Correcting an extremely minor grammatical error (sorry)	2021-02-25 19:04:05 +00:00
jammasterj89	f8c9b0fd5b	Replace multiple -eq with -le Replace multiple -eq with -le for file permission checks. Except for line 228 which uses slightly different logic so is -ge. Signed-off-by: Niall T 19202716+jammasterj89@users.noreply.github.com	2021-01-15 11:20:59 +00:00
jammasterj89	47e4cc173c	Fix check_2 to -le 644 Issue #459 raised that check_2 was only checking for 644 or 600 permissions, this now checks for anything less than or equal to 644. Signed-off-by: Niall T 19202716+jammasterj89@users.noreply.github.com	2021-01-15 10:29:11 +00:00
Thomas Sjögren	3877abd975	print img if empty RepoTags, and fix tabbing Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2020-11-02 09:26:20 +01:00
Sebastiaan van Stijn	0f3dfe70fe	Deprecate rule 2.16 for Docker > 19.03 The upcoming 20.x docker release will always have experimental features enabled, which will stop this test from working. More details can be found in docker/cli##2774 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2020-10-02 18:01:57 +02:00
mark	d85c73316a	Updated mountpoint check to support user namespace	2020-09-29 12:41:25 +02:00
mark	919816dbbf	Changed to 'df' to support user namespaces	2020-09-28 08:04:17 +02:00
Roman Mueller	b3182ca8f5	Remove prefix of check ID	2020-06-02 15:57:33 +02:00
Thomas Sjögren	8aec461d46	more flexible binary usage, better support for mac os Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2020-05-08 13:09:52 +02:00
Thomas Sjögren	98acc66436	map desc_ to benchmark headings Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2020-05-08 12:38:08 +02:00
Ilya Dus	d42fedc370	fix(sh): check default ubuntu locations of docker.service and docker.socket files Signed-off-by: Ilya Dus <ilyadoos@gmail.com>	2020-04-10 16:26:25 +03:00
Thomas Sjögren	937ec4958a	Merge pull request #419 from zawazawa0316/fix_5 Fix check conditions	2020-03-09 14:54:32 +00:00
zawazawa0316	33566331d1	fix line 230 Signed-off-by: zawazawa0316 <37421794+zawazawa0316@users.noreply.github.com>	2020-03-09 23:48:10 +09:00
zawazawa0316	b046f930bc	remove single space at line 230 Signed-off-by: zawazawa0316 <37421794+zawazawa0316@users.noreply.github.com>	2020-03-09 23:45:25 +09:00
zawazawa0316	12f19d9f64	Fix check conditions Signed-off-by: zawazawa0316 <37421794+zawazawa0316@users.noreply.github.com>	2020-03-07 05:24:24 +09:00
zawazawa0316	b16da2c2ed	Fix check condition Signed-off-by: zawazawa0316 <37421794+zawazawa0316@users.noreply.github.com>	2020-03-03 21:51:49 +09:00
Thomas Sjögren	269b71eed8	locate configuration file before we run the tests #410 Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2019-12-17 15:03:54 +01:00
Thomas Sjögren	c8c5615061	correct grep #410 Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2019-12-16 09:57:21 +01:00
Thomas Sjögren	ddad135d13	shellcheck Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2019-10-16 09:49:18 +02:00
Thomas Sjögren	d680213a7b	fix /etc/sysconfig/docker closes #397 Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2019-10-04 14:50:48 +02:00
Thomas Sjögren	d1934b614e	Merge pull request #390 from jammasterj89/master Issue #383 ability to exclude images Closes #383, #369	2019-08-29 15:10:53 +02:00
jammasterj89	e1d26673ee	Remove check_images Removed check_images due to removal of -t parameter and $images being set in docker-bench-security.sh Signed-off-by: Niall T <jammasterj89@gmail.com>	2019-08-29 13:37:50 +01:00
jammasterj89	4bb6e19965	Added check_images Added check_images which moves the previous $imgList into this function and removed the else as this is handled within the main .sh Signed-off-by: Niall T <jammasterj89@gmail.com>	2019-08-29 13:37:10 +01:00
Thomas Sjögren	0cac0e339d	catch community editions Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2019-08-29 10:29:38 +02:00
Thomas Sjögren	77a3bc65d7	fix 5.28 Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2019-08-28 12:59:49 +02:00
Thomas Sjögren	71f63a192a	tmp fix for json Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2019-08-28 12:36:49 +02:00
Thomas Sjögren	17c6262d2f	formating Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2019-08-28 12:14:35 +02:00
Thomas Sjögren	d7f1d9753a	ignore section 8 if community edition Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2019-08-28 11:49:22 +02:00
Thomas Sjögren	a785c02c59	add INFO for section 8 Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2019-08-28 10:26:44 +02:00
Thomas Sjögren	7110df800b	section 8 docker enterprise skeleton Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2019-08-27 16:11:38 +02:00
Thomas Sjögren	bcd6e5dd55	json sections Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2019-08-27 16:10:59 +02:00
Thomas Sjögren	ca3714bc16	first pass on section 7 Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2019-08-27 16:03:29 +02:00
Thomas Sjögren	3d6dd81956	first pass on section 6 Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2019-08-27 15:52:06 +02:00
Thomas Sjögren	0b007baf7e	first pass on section 5 Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2019-08-27 15:43:29 +02:00
Thomas Sjögren	e5c22c5f01	first pass on section 4 Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2019-08-27 15:25:54 +02:00
Thomas Sjögren	f968597051	first pass on section 3 Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2019-08-27 15:13:19 +02:00
Thomas Sjögren	6c6d0836a4	first pass on section 2 Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2019-08-27 14:54:08 +02:00
Thomas Sjögren	82644982a8	move old 2.13 to community checks Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2019-08-27 14:53:42 +02:00
Thomas Sjögren	d963b93fcc	update info output Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2019-08-26 15:13:50 +02:00
Thomas Sjögren	28f16f0afd	add 1.2.9, #ref https://github.com/docker/docker-bench-security/pull/359 Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2019-08-26 14:41:37 +02:00
Thomas Sjögren	6105f02a16	first pass on section 1 Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2019-08-26 14:37:25 +02:00
Thomas Sjögren	326e31f403	use only year and month for version check #309 Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2019-04-13 16:33:57 +02:00
Thomas Sjögren	1c8699bcf3	revert grep thought fail Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2019-03-20 09:57:19 +01:00
Thomas Sjögren	740439d352	accept only if ADD in / #362 Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2019-03-19 14:54:38 +01:00
Thomas Sjögren	cec124a162	exclude first ADD since its most often the base #362 Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2019-03-19 14:27:02 +01:00
Thomas Sjögren	d942b12e0a	INFO shouldnt increase score #362 Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2019-03-14 10:32:39 +01:00
Boris Gorbylev	689a5a62c5	Fixed check 2.9 Signed-off-by: Boris Gorbylev <ekho@ekho.name>	2019-02-21 19:15:38 +03:00
Thomas Sjögren	7e3ecaf17d	catch root with uid and name as well #358 CVE-2019-5736 Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2019-02-13 14:58:34 +01:00
Thomas Sjögren	a911c23915	4.9 resulttestjson "INFO" #356 Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2019-01-24 16:46:51 +01:00
Anthony Roger	1dd7956760	feat: add the ability to select the images to be check from registry in order to integrate in ci Signed-off-by: Anthony Roger <aroger@softwaymedical.fr>	2018-12-11 14:39:16 +01:00
telepresencebot2	4bf876296a	fix test 7.4 using 5.25 as a model Signed-off-by: Taylor Lucy <talucy@franklinamerican.com>	2018-11-14 14:30:51 -06:00
Thomas Sjögren	391e09f76a	linting Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2018-11-01 10:24:36 +01:00
Thomas Sjögren	d5b900ce05	use mountpoint and DockerRootDir #332 Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2018-10-23 15:26:41 +02:00
Mark Stemm	ec7d8ce690	Improve docker-bench-security json output Add a test object for each test performed by the script. Each object has an id N.M, a desc property describing the test, and the result. Some tests include additional information about the test e.g. "No TLS Certificate Found". That can be found in an optional details property of the test object. Also, some tests might also return a list of containers, images, users, etc. This is included in an optional items property of the test object. Instead of having all test results as top-level objects, break the test results into sections. Each section has an id + description e.g. "1" and "Host Configuration". The tests for that section are an array below that object. All of the additional json output is implemented by adding new functions startsectionjson(), endsectionjson(), starttestjson(), and resulttestjson() that take the id/desc/etc as arguments and print the proper json properties. It also required adding an "end" test to each script that calls endsectionjson(). Signed-off-by: Mark Stemm <mark.stemm@gmail.com>	2018-10-11 13:39:55 -07:00
Thomas Sjögren	773625a894	ref #325 daemon.json permissions Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2018-09-27 09:49:32 +02:00
Thomas Sjögren	feced0f6b2	Merge pull request #313 from nbrownuk/issue295-fix-tls-config-check Fixes incorrect reporting of TLS configuration in test 2.6	2018-08-08 11:58:47 +02:00
Thomas Sjögren	f1137cd36a	dont decrease 5.29 #316 Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2018-08-06 09:51:06 +02:00
Joe Williams	cfb3357a12	fix docker user json output This prints out the docker users in a similar fashion to the other tests, including `INFO` rather than just the system command output. Signed-off-by: Joe Williams <joe.williams@github.com>	2018-07-26 15:07:59 -04:00
Nigel Brown	167c3507a2	Fixes incorrect reporting of TLS configuration in test 2.6 Signed-off-by: Nigel Brown <nigel@windsock.io>	2018-07-10 14:35:30 +01:00
Thomas Sjögren	c8894d3b26	deprecated --disable-legacy-registry Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2018-07-01 20:53:20 +02:00
Thomas Sjögren	78700f2600	consistent currentScore Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2018-07-01 20:04:20 +02:00
Thomas Sjögren	ebfb20c65f	4.7 is not scored Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2018-07-01 20:01:10 +02:00
Daniele Marcocci	77074962b1	fix count total_containers for swarm mode Signed-off-by: Daniele Marcocci <daniele.marcocci@par-tec.it>	2018-05-18 10:17:42 +02:00
Mike Ritter	a3094ac5c6	New Features Signed-off-by: Mike Ritter <mike.ritter@target.com>	2018-02-27 08:43:51 -06:00
Thomas Sjögren	bdeaeaa05a	fix 2.18 Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2018-02-09 11:02:04 +01:00
Thomas Sjögren	2aa9719dd6	silence example check output Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2018-01-18 11:29:20 +01:00
Thomas Sjögren	8fe0b5ea02	add example community check Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2018-01-17 16:11:04 +01:00
Thomas Sjögren	8142de8334	convert all checks to functions Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2018-01-16 13:46:49 +01:00
Thomas Sjögren	25b40c94a2	Merge branch 'master' into issue265	2018-01-12 11:49:04 +01:00
Thomas Sjögren	ce5ab6b063	update version check Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2018-01-12 11:42:52 +01:00
Thomas Sjögren	57acb04a96	catch seccomp:unconfined\|seccomp=unconfined Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2018-01-12 11:36:14 +01:00
Thomas Sjögren	bdba64c8c0	Merge pull request #280 from konstruktoid/version adapt to 18.01 docker version	2018-01-12 11:09:47 +01:00
Thomas Sjögren	e0a302eb40	adapt to 18.01 docker version Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2018-01-12 11:09:16 +01:00
Karol Babioch	997ce7330e	Replace netstat by ss ss(8) is a modern replacement for netstat(8). The former is slowly replacing the latter in major Linux distributions, which makes it necessary to switch at some point. This addresses #278. Signed-off-by: Karol Babioch <kbabioch@suse.de>	2018-01-11 16:52:54 +01:00
Thomas Sjögren	976463a87b	add score and totalChecks to 7_ Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2017-10-23 15:41:15 +02:00
Thomas Sjögren	7ebe21823d	add score and totalChecks to 6_ Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2017-10-23 15:41:03 +02:00
Thomas Sjögren	e32910172f	add score and totalChecks to 5_ Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2017-10-23 15:40:52 +02:00
Thomas Sjögren	de82250274	add score and totalChecks to 4_ Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2017-10-23 15:40:12 +02:00
Thomas Sjögren	f9be3996f4	add score and totalChecks to 3_ Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2017-10-23 15:39:52 +02:00
Thomas Sjögren	ec4060ea2f	add score and totalChecks to 2_ Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2017-10-23 15:39:32 +02:00
Thomas Sjögren	3d532a29ac	add score and totalChecks to 1_ Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2017-10-23 15:39:18 +02:00
Thomas Sjögren	fa9b227a7b	check 7.x json log Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2017-10-13 10:38:31 +02:00
Thomas Sjögren	e1adab029d	check 6.x json log Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2017-10-13 10:28:42 +02:00
Thomas Sjögren	be4dd69f3f	check 5.x json log Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2017-10-13 10:25:23 +02:00
Thomas Sjögren	b8fac4a7d2	check 4.x json log Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2017-10-13 10:02:48 +02:00
Thomas Sjögren	7a1b813cdc	check 3.x json log Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2017-10-13 09:53:15 +02:00
Thomas Sjögren	78b1f5dc86	check 2.x json log Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2017-10-10 14:46:08 +02:00
Thomas Sjögren	a3612c574e	check 1.x json log Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2017-10-10 14:33:32 +02:00
Thomas Sjögren	809da21c4a	skeleton json Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2017-10-10 13:54:59 +02:00
Thomas Sjögren	d062b1edce	Merge pull request #256 from konstruktoid/date_255 busybox date conversion	2017-10-06 09:57:41 +02:00
Thomas Sjögren	4ec0962704	Merge pull request #257 from jgsqware/2-14-check-dockerd update 2.14	2017-09-21 10:18:34 +02:00
Julien Garcia Gonzalez	683a728364	update 1.1 Signed-off-by: Julien Garcia Gonzalez <julien@giantswarm.io>	2017-09-21 08:53:07 +02:00

1 2 3 4 5 ...

307 commits