GuillaumeHemmen/docker-bench-security
1
0
Fork 0
mirror of https://github.com/docker/docker-bench-security.git synced 2025-01-18 16:22:33 +01:00
Code Issues Projects Releases Packages Wiki Activity
785 commits 3 branches 11 tags 4.9 MiB
Commit graph

277 commits

Author SHA1 Message Date
Thomas Sjögren
4e379bbaf9 initial commit of tests/7_docker_swarm_configuration.sh v1.3.1 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2021-05-25 20:49:46 +02:00
Thomas Sjögren
3a9deae328 initial commit of tests/6_docker_security_operations.sh v1.3.1 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2021-05-25 20:49:46 +02:00
Thomas Sjögren
bd05445528 initial commit of tests/5_container_runtime.sh v1.3.1 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2021-05-25 20:49:46 +02:00
Thomas Sjögren
28fa0393da initial commit of tests/4_container_images.sh v1.3.1 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2021-05-25 20:49:46 +02:00
Thomas Sjögren
6f574b07c1 initial commit of tests/3_docker_daemon_configuration_files.sh v1.3.1 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2021-05-25 20:49:45 +02:00
Thomas Sjögren
6a685524eb initial commit of tests/2_docker_daemon_configuration.sh v1.3.1 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2021-05-25 20:49:45 +02:00
Thomas Sjögren
4a4ae81a03 initial commit of tests/1_host_configuration.sh v1.3.1 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2021-05-25 20:49:45 +02:00
Thomas Sjögren
addefc6ee4 update documentation 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2021-05-25 20:43:33 +02:00
Razvan Stoica
e4d9bd1556 Set remediationImpact for 5.31 test to None. 2021-04-14 11:17:22 +03:00
Razvan Stoica
15aa1eecd5 Update remediation impact message for test 5.31 2021-04-14 10:58:53 +03:00
Razvan Stoica
c67469d96b Fix systemctl error when running inside a container 2021-03-29 16:20:01 +03:00
Razvan Stoica
81ac358e82 Remove temporary files 2021-03-29 15:32:34 +03:00
Razvan Stoica
d0443cc817 Bug fixing and improving source code readability 2021-03-29 15:22:14 +03:00
Razvan Stoica
8a934aebf1 Remove the Debian family-specific installation command 2021-03-28 09:47:49 +03:00
Razvan Stoica
f31e60c379 Add more remediation stuff 2021-03-22 09:43:56 +02:00
Razvan Stoica
cc8171fbfe Add remediation stuff on enterprise configuration 2021-03-18 10:32:02 +02:00
Razvan Stoica
3a7fe3bb24 Add remediation stuff on swarm configuration 2021-03-18 10:31:22 +02:00
Razvan Stoica
25de0bd826 Add remediation stuff on security operations 2021-03-18 10:30:30 +02:00
Razvan Stoica
c05c58674a Add remediation stuff on daemon configuration 2021-03-18 10:29:28 +02:00
Razvan Stoica
7e89fdd364 Add remediation stuff on host configuration 2021-03-18 10:28:45 +02:00
Razvan Stoica
7144b947de Tests update 2021-03-16 10:05:49 +02:00
Razvan Stoica
11886d47d8 Fixed invalid JSON log 2021-03-11 15:00:12 +02:00
Razvan Stoica
c623d3afdd Print the remediation measure only if the check is not passed 2021-03-11 09:32:29 +02:00
Razvan Stoica
85117ea1a2 Improve wording 2021-03-11 08:30:01 +02:00
Razvan Stoica
6c586b4e08 Print remediation measures at the end of the logs 2021-03-10 21:47:52 +02:00
Razvan Stoica
9ae0d92b5d Fix "nohealthlocal: command not found" error 2021-03-10 14:58:58 +02:00
Razvan Stoica
c00ef4330b Add details about remediations measure for host configuration tests 2021-03-09 21:43:25 +02:00
Razvan Stoica
94900eedb9 Change global variable used only locally to local variable for simplification 2021-03-09 12:42:48 +02:00
Jo Cook
e9b9bfd270
Update 4_container_images.sh 
Correcting an extremely minor grammatical error (sorry)
 2021-02-25 19:04:05 +00:00
jammasterj89
f8c9b0fd5b
Replace multiple -eq with -le 
Replace multiple -eq with -le for file permission checks. Except for line 228 which uses slightly different logic so is -ge.

Signed-off-by: Niall T 19202716+jammasterj89@users.noreply.github.com
 2021-01-15 11:20:59 +00:00
jammasterj89
47e4cc173c
Fix check_2 to -le 644 
Issue #459 raised that check_2 was only checking for 644 or 600 permissions, this now checks for anything less than or equal to 644.

Signed-off-by: Niall T 19202716+jammasterj89@users.noreply.github.com
 2021-01-15 10:29:11 +00:00
Thomas Sjögren
3877abd975 print img if empty RepoTags, and fix tabbing 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-11-02 09:26:20 +01:00
Sebastiaan van Stijn
0f3dfe70fe
Deprecate rule 2.16 for Docker > 19.03 
The upcoming 20.x docker release will always have experimental features
enabled, which will stop this test from working.

More details can be found in docker/cli##2774

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2020-10-02 18:01:57 +02:00
mark
d85c73316a Updated mountpoint check to support user namespace 2020-09-29 12:41:25 +02:00
mark
919816dbbf Changed to 'df' to support user namespaces 2020-09-28 08:04:17 +02:00
Roman Mueller
b3182ca8f5 Remove prefix of check ID 2020-06-02 15:57:33 +02:00
Thomas Sjögren
8aec461d46 more flexible binary usage, better support for mac os 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-05-08 13:09:52 +02:00
Thomas Sjögren
98acc66436 map desc_ to benchmark headings 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-05-08 12:38:08 +02:00
Ilya Dus
d42fedc370 fix(sh): check default ubuntu locations of docker.service and docker.socket files 
Signed-off-by: Ilya Dus <ilyadoos@gmail.com>
 2020-04-10 16:26:25 +03:00
Thomas Sjögren
937ec4958a
Merge pull request #419 from zawazawa0316/fix_5 
Fix check conditions
 2020-03-09 14:54:32 +00:00
zawazawa0316
33566331d1 fix line 230 
Signed-off-by: zawazawa0316 <37421794+zawazawa0316@users.noreply.github.com>
 2020-03-09 23:48:10 +09:00
zawazawa0316
b046f930bc remove single space at line 230 
Signed-off-by: zawazawa0316 <37421794+zawazawa0316@users.noreply.github.com>
 2020-03-09 23:45:25 +09:00
zawazawa0316
12f19d9f64 Fix check conditions 
Signed-off-by: zawazawa0316 <37421794+zawazawa0316@users.noreply.github.com>
 2020-03-07 05:24:24 +09:00
zawazawa0316
b16da2c2ed Fix check condition 
Signed-off-by: zawazawa0316 <37421794+zawazawa0316@users.noreply.github.com>
 2020-03-03 21:51:49 +09:00
Thomas Sjögren
269b71eed8 locate configuration file before we run the tests #410 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-12-17 15:03:54 +01:00
Thomas Sjögren
c8c5615061 correct grep #410 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-12-16 09:57:21 +01:00
Thomas Sjögren
ddad135d13 shellcheck 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-10-16 09:49:18 +02:00
Thomas Sjögren
d680213a7b fix /etc/sysconfig/docker 
closes #397

Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-10-04 14:50:48 +02:00
Thomas Sjögren
d1934b614e
Merge pull request #390 from jammasterj89/master 
Issue #383 ability to exclude images
Closes #383, #369
 2019-08-29 15:10:53 +02:00
jammasterj89
e1d26673ee Remove check_images 
Removed check_images due to removal of -t parameter and $images being set in docker-bench-security.sh

Signed-off-by: Niall T <jammasterj89@gmail.com>
 2019-08-29 13:37:50 +01:00