GuillaumeHemmen/docker-bench-security
1
0
Fork 0
mirror of https://github.com/docker/docker-bench-security.git synced 2025-01-19 08:42:33 +01:00
Code Issues Projects Releases Packages Wiki Activity
502 commits 3 branches 11 tags 4.9 MiB
Commit graph

41 commits

Author SHA1 Message Date
Thomas Sjögren
8142de8334 convert all checks to functions 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2018-01-16 13:46:49 +01:00
Thomas Sjögren
ec4060ea2f add score and totalChecks to 2_ 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-10-23 15:39:32 +02:00
Thomas Sjögren
78b1f5dc86 check 2.x json log 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-10-10 14:46:08 +02:00
Julien Garcia Gonzalez
1d07abf659
update 2.14 2017-09-21 08:15:09 +02:00
Thomas Sjögren
dac6a62ba1 space 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-07-07 12:10:37 +02:00
Thomas Sjögren
d93bc6b075 update section 2, clean tests 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-07-07 10:23:40 +02:00
Thomas Sjögren
5d9101cfc2 .Server.Experimental pre-1.13 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-04-21 13:51:09 +02:00
Thomas Sjögren
a97bdfbe0d add note tag on informal checks 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-03-23 11:29:58 +01:00
Thomas Sjögren
754e0ed02b tlsverify implies tls 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-03-21 16:17:08 +01:00
Thomas Sjögren
91e625b8e4 Modify get_docker_configuration_file_args in order to handle daemon.json better, 
and also address missing files issue.

Closes #231
Closes #232

Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-03-21 14:49:42 +01:00
Thomas Sjögren
260a3a76f1 Merge pull request #225 from andreasstieger/netstat 
2.17: correct netstat usage and filtering
 2017-02-24 13:26:48 +01:00
Andreas Stieger
c30a43c1fd 2.17: account for :::2377 netstat output 
Fixes #224 - no. 4

Signed-off-by: Andreas Stieger <astieger@suse.com>
 2017-02-24 13:24:02 +01:00
Andreas Stieger
421c6dd866 2.17: may incorrectly match 5 digit port numbers 
Fixes #224 - no. 3

Signed-off-by: Andreas Stieger <astieger@suse.com>
 2017-02-24 13:23:57 +01:00
Andreas Stieger
7c66b6373a 2.17: grep -e recognizes IPv4 separator any character - escape 
Fixes #224 - no. 2

Signed-off-by: Andreas Stieger <astieger@suse.com>
 2017-02-24 13:23:48 +01:00
Andreas Stieger
c15dc6c568 2.17: netstat non-numeric output may not interpreted correctly 
The port may be aliased in /etc/services
Fixes #224 - no. 1

Signed-off-by: Andreas Stieger <astieger@suse.com>
 2017-02-24 13:23:33 +01:00
Thomas Sjögren
3d87e6d743 Merge pull request #218 from konstruktoid/issue_157 
Check configuration file settings
 2017-02-24 11:28:50 +01:00
Thomas Sjögren
011ec950e9 use docker info, as all other tests 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-02-23 17:07:33 +01:00
Thomas Sjögren
7787fc0ec9 correct check_2_21, closes #221 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-02-23 17:01:47 +01:00
Thomas Sjögren
7575020fd5 check config file settings 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-02-23 16:33:53 +01:00
Thomas Sjögren
584847e5b4 update swarm tests 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-02-22 10:11:44 +01:00
Thomas Sjögren
7d992029e6 remove code, if CMD instead of exit code 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-02-17 15:03:29 +01:00
Thomas Sjögren
69435a0b3e update section 2 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-01-24 13:41:30 +01:00
Thomas Sjögren
77617321df update info messages, not scored 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-01-23 17:06:10 +01:00
Thomas Sjögren
7aa4682c87 #182 netsat 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-01-23 13:38:28 +01:00
Thomas Sjögren
95e6ac8253 #182 checks 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-01-23 13:13:48 +01:00
Thomas Sjögren
27773128f8 Merge branch 'master' into docker-benchmark-1.12.0 2017-01-23 12:14:23 +01:00
Thomas Sjögren
b3cd7a1755 Merge pull request #168 from MrSecure/fix-tls-verify 
Fixes #167 - use get_docker_cumulative_command_line_args to check TLS
 2017-01-20 12:08:12 +01:00
Ravi Kumar Vadapalli
6aae32f4e5 Support for 'CIS Docker Benchmark 1.12.0' 
Signed-off-by: Ravi Kumar Vadapalli <vadapalli.ravikumar@gmail.com>
 2016-12-20 20:31:58 +05:30
Kevin Lim
89e4769877 fix test 2.2 check for log level 
Signed-off-by: Kevin Lim <kevin.lim@sap.com>
 2016-09-28 14:25:42 -07:00
Mr. Secure
ee3e8dedb3 Fixes #167 - use get_docker_cumulative_command_line_args to check TLS settings 
Additionally, split warning into 2 parts:  no TLS, TLS w/o verification

Signed-off-by: Mr. Secure <ben.github@mrsecure.org>
 2016-09-24 19:42:39 -05:00
Thomas Sjögren
3cafe284dd update chap 2 to cis 1.11 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2016-04-14 22:25:11 +02:00
Andreas Stieger
d2ba1d9f72 Fix #97, #98, #99 by using new helper functions 
Signed-off-by: Andreas Stieger <astieger@suse.com>
 2015-11-27 15:35:37 +01:00
Mr. Secure
f791d06cff apply TLS checks to any socket other than unix:// or fd:// 
break the docker command line arguments into one option per line,
then find all socket items (H or host), exclude the unix:// and
fd:// sockets, and if there are any left, check for TLS options

Signed-off-by: Mr. Secure <ben.github@mrsecure.org>
 2015-11-13 19:51:46 -06:00
MrSecure
81730f536a check for TCP listener 
Signed-off-by: Mr. Secure <ben.github@mrsecure.org>
 2015-10-30 07:48:11 -05:00
Joachim Lusiardi
fc8eefb8a6 Fix for issue #47. 
Introduces a new function in helper_lib.sh to query the command line
arguments of the running instances of a binary. This is done to get
rid of the problem of "-lf" versus "-alf" for pgrep.

Signed-off-by: Joachim Lusiardi <joachim@lusiardi.de>
 2015-06-29 22:27:34 +02:00
Thomas Sjögren
20db7d8a4d catch all -H, not only tcp:// 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-06-15 23:04:02 +02:00
Thomas Sjögren
2d25ddbcaf Issue #24, remove -U, -u 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-06-11 02:35:54 +02:00
Thomas Sjögren
b6a4bd7504 dont echo the grep result 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-06-01 22:51:47 +02:00
Werner Buck
f4aab9c8c5 Double quote to prevent globbing and word splitting. 
Do not use legacy backticks.
Proper use of printf
Do not use wc -l with grep, instead use grep -c
Use pgrep

Signed-off-by: Werner Buck <wernerbuck@gmail.com>
 2015-05-31 12:26:37 +02:00
Thomas Sjögren
7082102612 add ps variable and limit output to root 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-05-30 13:01:19 +02:00
Diogo Monica
18d5a13240 First version of the CIS Docker Benchmark v1.0.0 2015-05-13 15:26:45 -07:00