Commit graph

898 commits

Author SHA1 Message Date
Razvan Stoica
b757aa7334 Connection to the apk repositories is HTTPS by default 2021-03-16 09:58:57 +02:00
Razvan Stoica
2986d618f4 Ignore all. Whitelist only essential things. 2021-03-16 09:53:32 +02:00
Razvan Stoica
ee5972cb69 Add new folders to improve code segmentation 2021-03-16 09:50:12 +02:00
Razvan Stoica
bf11d68522 Add new check groups 2021-03-11 16:17:11 +02:00
Razvan Stoica
11886d47d8 Fixed invalid JSON log 2021-03-11 15:00:12 +02:00
Razvan Stoica
82ecb7e089 README file updated with new default logs location 2021-03-11 13:29:15 +02:00
Razvan Stoica
ed23f2d285 Change default log locations 2021-03-11 13:24:58 +02:00
Razvan Stoica
ad62371ace Move all pictures to a dedicated folder 2021-03-11 13:12:05 +02:00
Razvan Stoica
59a63dd49a Print more details in help message 2021-03-11 10:21:13 +02:00
Razvan Stoica
c623d3afdd Print the remediation measure only if the check is not passed 2021-03-11 09:32:29 +02:00
Razvan Stoica
b3a36e8d94 Print Section B only if it contains remediation measures 2021-03-11 09:26:31 +02:00
Razvan Stoica
82bbe1d562 Update benchmark log photo 2021-03-11 09:12:46 +02:00
Razvan Stoica
1623c4585e Set a relative image link 2021-03-11 08:34:55 +02:00
Razvan Stoica
85117ea1a2 Improve wording 2021-03-11 08:30:01 +02:00
Razvan Stoica
f769a32e9b Update benchmark log photo 2021-03-11 08:26:35 +02:00
Razvan Stoica
6c586b4e08 Print remediation measures at the end of the logs 2021-03-10 21:47:52 +02:00
Razvan Stoica
9ae0d92b5d Fix "nohealthlocal: command not found" error 2021-03-10 14:58:58 +02:00
Razvan Stoica
2132b03b92 Usage instructions aligned between the README.md and docker-bench-security.sh files 2021-03-10 10:01:18 +02:00
Razvan Stoica
c00ef4330b Add details about remediations measure for host configuration tests 2021-03-09 21:43:25 +02:00
Razvan Stoica
58205d4ef5 Add new programs to the list of required programs 2021-03-09 17:50:00 +02:00
Razvan Stoica
519f20befd Append JSON logs when run multiple times 2021-03-09 16:06:38 +02:00
Razvan Stoica
c3511209f9 Add support for logging remediation measures in JSON format 2021-03-09 13:35:40 +02:00
Razvan Stoica
8e0daa11de Print date and time in ISO 8601 UTC format 2021-03-09 13:27:32 +02:00
Razvan Stoica
94900eedb9 Change global variable used only locally to local variable for simplification 2021-03-09 12:42:48 +02:00
Thomas Sjögren
1aa919e918
Merge pull request #466 from razvanstoica89/master
Add current year to the copyright header
2021-03-08 11:45:13 +00:00
Razvan Stoica
4b4fdd9f77
Add current year to the copyright header 2021-03-08 13:38:07 +02:00
Thomas Sjögren
c8984e9591
Merge pull request #464 from archaeogeek/patch-2
Update 4_container_images.sh
2021-02-25 22:10:39 +00:00
Jo Cook
e9b9bfd270
Update 4_container_images.sh
Correcting an extremely minor grammatical error (sorry)
2021-02-25 19:04:05 +00:00
Thomas Sjögren
dcf478884b
Merge pull request #463 from archaeogeek/patch-1
Update README.md
2021-02-23 20:28:31 +00:00
Jo Cook
3732a475cb
Update README.md
Extended my two edits to specify that they only apply if running in a container.
2021-02-23 17:25:12 +00:00
Jo Cook
cf7c50bf33
Update README.md
Clarified that log files are created inside the container so that new users (ie me) don't spend ages wondering where the logs are!
2021-02-23 12:15:22 +00:00
Thomas Sjögren
7c881b4b0b
Merge pull request #461 from jammasterj89/master
Fix check_2 to -le 644
2021-01-15 13:39:29 +00:00
jammasterj89
f8c9b0fd5b
Replace multiple -eq with -le
Replace multiple -eq with -le for file permission checks. Except for line 228 which uses slightly different logic so is -ge.

Signed-off-by: Niall T 19202716+jammasterj89@users.noreply.github.com
2021-01-15 11:20:59 +00:00
jammasterj89
47e4cc173c
Fix check_2 to -le 644
Issue #459 raised that check_2 was only checking for 644 or 600 permissions, this now checks for anything less than or equal to 644.

Signed-off-by: Niall T 19202716+jammasterj89@users.noreply.github.com
2021-01-15 10:29:11 +00:00
Thomas Sjögren
8bd04d683f
Merge pull request #460 from jammasterj89/master
Update alpine to 3.13.0
2021-01-15 10:21:31 +00:00
Thomas Sjögren
d3d25c8fc8
Update Dockerfile
Co-authored-by: Sebastiaan van Stijn <thaJeztah@users.noreply.github.com>
2021-01-15 10:20:35 +00:00
jammasterj89
f47f61538e
Update alpine to 3.13.0
Updated alpine version to latest - 3.13.0

Signed-off-by: Niall T <19202716+jammasterj89@users.noreply.github.com>
2021-01-15 09:30:14 +00:00
Thomas Sjögren
75fe107048
Merge pull request #457 from sa7mon/patch-1
Grammar fixes in README
2020-11-30 16:26:33 +00:00
Dan Salmon
b7d8805ce1
Update README.md
Grammar fixes
2020-11-30 14:44:00 +00:00
Thomas Sjögren
ca0db8898f
Merge pull request #454 from Constantin07/do_not_leave_dangling_container_after_run
Remove container after run.
2020-11-18 09:22:08 +00:00
Constantin Bugneac
1ea667f2f0 Remove container after run. 2020-11-17 21:49:07 +00:00
Thomas Sjögren
6ad1a1ef77
Merge pull request #451 from konstruktoid/imgname
print img if empty RepoTags, and fix tabbing
2020-11-02 08:27:59 +00:00
Thomas Sjögren
3877abd975 print img if empty RepoTags, and fix tabbing
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
2020-11-02 09:26:20 +01:00
Thomas Sjögren
93c619f018
Merge pull request #445 from thaJeztah/no_experimental
Deprecate rule 2.16 for Docker > 19.03
2020-10-02 17:31:15 +00:00
Sebastiaan van Stijn
0f3dfe70fe
Deprecate rule 2.16 for Docker > 19.03
The upcoming 20.x docker release will always have experimental features
enabled, which will stop this test from working.

More details can be found in docker/cli##2774

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-10-02 18:01:57 +02:00
Thomas Sjögren
f3e9c791ce
Merge pull request #444 from markdumay/partition
Support user namespaces in partition check (1.2.1)
2020-09-29 11:24:17 +00:00
mark
d85c73316a Updated mountpoint check to support user namespace 2020-09-29 12:41:25 +02:00
mark
919816dbbf Changed to 'df' to support user namespaces 2020-09-28 08:04:17 +02:00
Thomas Sjögren
b6478e9367
Merge pull request #374 from draios/limit-num-items-reported
Limit the number of reported items
2020-07-13 11:22:49 +00:00
Mark Stemm
4cfb58f675 Limit the number of reported items
In some evironments, there may be a very large number of images,
containers, etc not satisfying a given test. For example, in one
environment, we saw *378k* images not satisfying 4.6, mostly because
the customer was never cleaning up old images.

To avoid overly long lists of items, add a new option "-n LIMIT" that
limits the number of items included in JSON output. When the limit is
reached, the list will be truncated and a trailing (truncated) will be
added. Here's an example:

```
{"id": "5.9", "desc": "Ensure the host's network namespace is not
shared", "result": "WARN", "details": "Containers running with
networking mode 'host':  k8s_POD_storage-provisioner_kube-system_ef960ef5-62c5-11e9-802f-08002719228f_0
k8s_POD_kube-proxy-xfln8_kube-system_ee70c4c3-62c5-11e9-802f-08002719228f_0 (truncated)",
"items":
["k8s_POD_storage-provisioner_kube-system_ef960ef5-62c5-11e9-802f-08002719228f_0","k8s_POD_kube-proxy-xfln8_kube-system_ee70c4c3-62c5-11e9-802f-08002719228f_0","(truncated)"]},
```

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
2020-07-10 13:00:29 -07:00