GuillaumeHemmen/docker-bench-security
1
0
Fork 0
mirror of https://github.com/docker/docker-bench-security.git synced 2025-11-04 02:58:59 +00:00
Code Issues Projects Releases Packages Wiki Activity
808 commits 3 branches 11 tags 18 MiB
Commit graph

288 commits

Author SHA1 Message Date
serica
0ae544dd03 fix style and false warning in check_5_3 2021-11-30 18:38:36 -08:00
João Fernandes
a409e03d99
 		Fix typo in check_5_21 2021-11-11 20:39:22 +00:00
João Fernandes
7e89ea067d
 		Fix typo in check_4_11 
Fix the text description for check_4_11 .
 2021-11-11 20:39:00 +00:00
Thomas Sjögren
ec3ddf2acd
 		Merge pull request from nikitastupin/feature-list-open-ports 
Implement listing of open ports
 2021-10-31 12:50:27 +01:00
Thomas Sjögren
fd93a6ee93
 		Merge pull request from nikitastupin/feature-specific-capability-checks 
Add checks for capabilities that allows container escape
 2021-10-31 12:26:40 +01:00
Thomas Sjögren
683c5a92b5 fix socket check 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2021-07-12 15:22:12 +02:00
Nikita Stupin
cf93e9ed07 Add checks for capabilities that allows container escape 2021-07-08 13:10:12 +03:00
Nikita Stupin
dacc7372bf Implement listing of open ports 2021-07-08 13:00:21 +03:00
aagot
08a7b09d4d
 		Update 2_docker_daemon_configuration.sh 2021-06-25 14:38:02 +02:00
Thomas Sjögren
c1457e6ad3 initial commit of tests/99_community_checks.sh v1.3.1 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2021-05-25 20:49:46 +02:00
Thomas Sjögren
32c5e5f1fb initial commit of tests/8_docker_enterprise_configuration.sh v1.3.1 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2021-05-25 20:49:46 +02:00
Thomas Sjögren
4e379bbaf9 initial commit of tests/7_docker_swarm_configuration.sh v1.3.1 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2021-05-25 20:49:46 +02:00
Thomas Sjögren
3a9deae328 initial commit of tests/6_docker_security_operations.sh v1.3.1 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2021-05-25 20:49:46 +02:00
Thomas Sjögren
bd05445528 initial commit of tests/5_container_runtime.sh v1.3.1 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2021-05-25 20:49:46 +02:00
Thomas Sjögren
28fa0393da initial commit of tests/4_container_images.sh v1.3.1 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2021-05-25 20:49:46 +02:00
Thomas Sjögren
6f574b07c1 initial commit of tests/3_docker_daemon_configuration_files.sh v1.3.1 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2021-05-25 20:49:45 +02:00
Thomas Sjögren
6a685524eb initial commit of tests/2_docker_daemon_configuration.sh v1.3.1 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2021-05-25 20:49:45 +02:00
Thomas Sjögren
4a4ae81a03 initial commit of tests/1_host_configuration.sh v1.3.1 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2021-05-25 20:49:45 +02:00
Thomas Sjögren
addefc6ee4 update documentation 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2021-05-25 20:43:33 +02:00
Razvan Stoica
e4d9bd1556 Set remediationImpact for 5.31 test to None. 2021-04-14 11:17:22 +03:00
Razvan Stoica
15aa1eecd5 Update remediation impact message for test 5.31 2021-04-14 10:58:53 +03:00
Razvan Stoica
c67469d96b Fix systemctl error when running inside a container 2021-03-29 16:20:01 +03:00
Razvan Stoica
81ac358e82 Remove temporary files 2021-03-29 15:32:34 +03:00
Razvan Stoica
d0443cc817 Bug fixing and improving source code readability 2021-03-29 15:22:14 +03:00
Razvan Stoica
8a934aebf1 Remove the Debian family-specific installation command 2021-03-28 09:47:49 +03:00
Razvan Stoica
f31e60c379 Add more remediation stuff 2021-03-22 09:43:56 +02:00
Razvan Stoica
cc8171fbfe Add remediation stuff on enterprise configuration 2021-03-18 10:32:02 +02:00
Razvan Stoica
3a7fe3bb24 Add remediation stuff on swarm configuration 2021-03-18 10:31:22 +02:00
Razvan Stoica
25de0bd826 Add remediation stuff on security operations 2021-03-18 10:30:30 +02:00
Razvan Stoica
c05c58674a Add remediation stuff on daemon configuration 2021-03-18 10:29:28 +02:00
Razvan Stoica
7e89fdd364 Add remediation stuff on host configuration 2021-03-18 10:28:45 +02:00
Razvan Stoica
7144b947de Tests update 2021-03-16 10:05:49 +02:00
Razvan Stoica
11886d47d8 Fixed invalid JSON log 2021-03-11 15:00:12 +02:00
Razvan Stoica
c623d3afdd Print the remediation measure only if the check is not passed 2021-03-11 09:32:29 +02:00
Razvan Stoica
85117ea1a2 Improve wording 2021-03-11 08:30:01 +02:00
Razvan Stoica
6c586b4e08 Print remediation measures at the end of the logs 2021-03-10 21:47:52 +02:00
Razvan Stoica
9ae0d92b5d Fix "nohealthlocal: command not found" error 2021-03-10 14:58:58 +02:00
Razvan Stoica
c00ef4330b Add details about remediations measure for host configuration tests 2021-03-09 21:43:25 +02:00
Razvan Stoica
94900eedb9 Change global variable used only locally to local variable for simplification 2021-03-09 12:42:48 +02:00
Jo Cook
e9b9bfd270
 		Update 4_container_images.sh 
Correcting an extremely minor grammatical error (sorry)
 2021-02-25 19:04:05 +00:00
jammasterj89
f8c9b0fd5b
 		Replace multiple -eq with -le 
Replace multiple -eq with -le for file permission checks. Except for line 228 which uses slightly different logic so is -ge.

Signed-off-by: Niall T 19202716+jammasterj89@users.noreply.github.com
 2021-01-15 11:20:59 +00:00
jammasterj89
47e4cc173c
 		Fix check_2 to -le 644 
Issue  raised that check_2 was only checking for 644 or 600 permissions, this now checks for anything less than or equal to 644.

Signed-off-by: Niall T 19202716+jammasterj89@users.noreply.github.com
 2021-01-15 10:29:11 +00:00
Thomas Sjögren
3877abd975 print img if empty RepoTags, and fix tabbing 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-11-02 09:26:20 +01:00
Sebastiaan van Stijn
0f3dfe70fe
 		Deprecate rule 2.16 for Docker > 19.03 
The upcoming 20.x docker release will always have experimental features
enabled, which will stop this test from working.

More details can be found in docker/cli##2774

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2020-10-02 18:01:57 +02:00
mark
d85c73316a Updated mountpoint check to support user namespace 2020-09-29 12:41:25 +02:00
mark
919816dbbf Changed to 'df' to support user namespaces 2020-09-28 08:04:17 +02:00
Roman Mueller
b3182ca8f5 Remove prefix of check ID 2020-06-02 15:57:33 +02:00
Thomas Sjögren
8aec461d46 more flexible binary usage, better support for mac os 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-05-08 13:09:52 +02:00
Thomas Sjögren
98acc66436 map desc_ to benchmark headings 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-05-08 12:38:08 +02:00
Ilya Dus
d42fedc370 fix(sh): check default ubuntu locations of docker.service and docker.socket files 
Signed-off-by: Ilya Dus <ilyadoos@gmail.com>
 2020-04-10 16:26:25 +03:00