GuillaumeHemmen/docker-bench-security
1
0
Fork 0
mirror of https://github.com/docker/docker-bench-security.git synced 2025-01-19 16:52:33 +01:00
Code Issues Projects Releases Packages Wiki Activity
386 commits 3 branches 11 tags 4.9 MiB
Commit graph

129 commits

Author SHA1 Message Date
Thomas Sjögren
260a3a76f1 Merge pull request #225 from andreasstieger/netstat 
2.17: correct netstat usage and filtering
 2017-02-24 13:26:48 +01:00
Andreas Stieger
c30a43c1fd 2.17: account for :::2377 netstat output 
Fixes #224 - no. 4

Signed-off-by: Andreas Stieger <astieger@suse.com>
 2017-02-24 13:24:02 +01:00
Andreas Stieger
421c6dd866 2.17: may incorrectly match 5 digit port numbers 
Fixes #224 - no. 3

Signed-off-by: Andreas Stieger <astieger@suse.com>
 2017-02-24 13:23:57 +01:00
Andreas Stieger
7c66b6373a 2.17: grep -e recognizes IPv4 separator any character - escape 
Fixes #224 - no. 2

Signed-off-by: Andreas Stieger <astieger@suse.com>
 2017-02-24 13:23:48 +01:00
Andreas Stieger
c15dc6c568 2.17: netstat non-numeric output may not interpreted correctly 
The port may be aliased in /etc/services
Fixes #224 - no. 1

Signed-off-by: Andreas Stieger <astieger@suse.com>
 2017-02-24 13:23:33 +01:00
Thomas Sjögren
3d87e6d743 Merge pull request #218 from konstruktoid/issue_157 
Check configuration file settings
 2017-02-24 11:28:50 +01:00
Thomas Sjögren
011ec950e9 use docker info, as all other tests 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-02-23 17:07:33 +01:00
Thomas Sjögren
7787fc0ec9 correct check_2_21, closes #221 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-02-23 17:01:47 +01:00
Thomas Sjögren
91eb958dd3 get file locations from config file 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-02-23 16:33:54 +01:00
Thomas Sjögren
7575020fd5 check config file settings 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-02-23 16:33:53 +01:00
Thomas Sjögren
584847e5b4 update swarm tests 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-02-22 10:11:44 +01:00
Thomas Sjögren
7d992029e6 remove code, if CMD instead of exit code 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-02-17 15:03:29 +01:00
Thomas Sjögren
bd236b1ac0 add host / as sensitive 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-02-13 11:36:16 +01:00
Thomas Sjögren
e78f1b8045 replace contains with grep 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-02-10 15:35:06 +01:00
Thomas Sjögren
4e126efdbb 5.25 check correction 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-01-27 11:00:36 +01:00
Thomas Sjögren
6c35842734 5.19 check correction 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-01-27 11:00:25 +01:00
Thomas Sjögren
7fc5dc33a7 sh if lint 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-01-27 10:59:57 +01:00
Thomas Sjögren
68ed3dd845 default capabilities are OK to add, closes #207 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-01-25 12:07:14 +01:00
Thomas Sjögren
ea39505778 use grep if auditctl isnt present, closes #150 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-01-25 10:22:08 +01:00
Thomas Sjögren
7f87db0768 1.13 Section 5 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-01-24 15:26:19 +01:00
Thomas Sjögren
69435a0b3e update section 2 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-01-24 13:41:30 +01:00
Thomas Sjögren
ab6c2cd02f Update section 1 to 1.13 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-01-24 09:45:24 +01:00
Thomas Sjögren
b766037da8 update permission checks 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-01-23 17:26:07 +01:00
Thomas Sjögren
77617321df update info messages, not scored 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-01-23 17:06:10 +01:00
Thomas Sjögren
933f1b6da9 output formating 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-01-23 16:16:02 +01:00
Thomas Sjögren
7aa4682c87 #182 netsat 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-01-23 13:38:28 +01:00
Thomas Sjögren
95e6ac8253 #182 checks 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-01-23 13:13:48 +01:00
Thomas Sjögren
07dbba6400 #182 remove legacy code 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-01-23 12:52:31 +01:00
Thomas Sjögren
6a2176b34e #182 messages and syntax 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-01-23 12:40:32 +01:00
Thomas Sjögren
27773128f8 Merge branch 'master' into docker-benchmark-1.12.0 2017-01-23 12:14:23 +01:00
Thomas Sjögren
b3cd7a1755 Merge pull request #168 from MrSecure/fix-tls-verify 
Fixes #167 - use get_docker_cumulative_command_line_args to check TLS
 2017-01-20 12:08:12 +01:00
Thomas Sjögren
91e684da65 1.13.0 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-01-20 11:53:18 +01:00
Thomas Sjögren
67c7562937 1.12.6 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-01-11 11:44:37 +01:00
Ravi Kumar Vadapalli
6aae32f4e5 Support for 'CIS Docker Benchmark 1.12.0' 
Signed-off-by: Ravi Kumar Vadapalli <vadapalli.ravikumar@gmail.com>
 2016-12-20 20:31:58 +05:30
Thomas Sjögren
27bb58c5cb current version in 1.12.5 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2016-12-16 09:17:41 +01:00
Thomas Sjögren
2f6ddfd500 docker version 1.12.4 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2016-12-13 08:34:01 +01:00
Thomas Sjögren
7d4ee87105 bump version to 1.12.3 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2016-10-27 11:40:55 +02:00
Thomas Sjögren
84a764e3d8 Merge pull request #169 from kevinll/master 
fix test 2.2 check for log level
Close #166
 2016-10-13 22:26:56 +02:00
Thomas Sjögren
e45d4e3bb8 1.12.2 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2016-10-13 22:15:35 +02:00
Kevin Lim
89e4769877 fix test 2.2 check for log level 
Signed-off-by: Kevin Lim <kevin.lim@sap.com>
 2016-09-28 14:25:42 -07:00
Mr. Secure
ee3e8dedb3 Fixes #167 - use get_docker_cumulative_command_line_args to check TLS settings 
Additionally, split warning into 2 parts:  no TLS, TLS w/o verification

Signed-off-by: Mr. Secure <ben.github@mrsecure.org>
 2016-09-24 19:42:39 -05:00
Thomas Sjögren
adfee878b8 1.12.1 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2016-08-19 23:11:03 +02:00
Thomas Sjögren
fdac630c36 bump docker version to 1.12 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2016-07-29 18:40:40 +02:00
Thomas Sjögren
9ba6afe0f2 1.11.2 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2016-06-02 21:51:11 +02:00
Thomas Sjögren
80e571f759 new version 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2016-04-28 21:51:24 +02:00
Thomas Sjögren
81b093632a update chap 6 to cis 1.11 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2016-04-15 00:23:03 +02:00
Thomas Sjögren
9e94259903 update chap 5 to cis 1.11 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2016-04-15 00:12:00 +02:00
Thomas Sjögren
c544e417b0 update chap 4 to cis 1.11 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2016-04-14 23:15:16 +02:00
Thomas Sjögren
e3da5eacf0 update chap 3 to cis 1.11 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2016-04-14 22:57:25 +02:00
Thomas Sjögren
3cafe284dd update chap 2 to cis 1.11 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2016-04-14 22:25:11 +02:00