GuillaumeHemmen/docker-bench-security
1
0
Fork 0
mirror of https://github.com/docker/docker-bench-security.git synced 2025-01-18 16:22:33 +01:00
Code Issues Projects Releases Packages Wiki Activity
727 commits 3 branches 11 tags 4.9 MiB
Commit graph

727 commits

This branch
This branch
All branches
Author SHA1 Message Date
Razvan Stoica
519f20befd Append JSON logs when run multiple times 2021-03-09 16:06:38 +02:00
Razvan Stoica
c3511209f9 Add support for logging remediation measures in JSON format 2021-03-09 13:35:40 +02:00
Razvan Stoica
8e0daa11de Print date and time in ISO 8601 UTC format 2021-03-09 13:27:32 +02:00
Razvan Stoica
94900eedb9 Change global variable used only locally to local variable for simplification 2021-03-09 12:42:48 +02:00
Razvan Stoica
4b4fdd9f77
Add current year to the copyright header 2021-03-08 13:38:07 +02:00
Thomas Sjögren
c8984e9591
Merge pull request #464 from archaeogeek/patch-2 
Update 4_container_images.sh
 2021-02-25 22:10:39 +00:00
Jo Cook
e9b9bfd270
Update 4_container_images.sh 
Correcting an extremely minor grammatical error (sorry)
 2021-02-25 19:04:05 +00:00
Thomas Sjögren
dcf478884b
Merge pull request #463 from archaeogeek/patch-1 
Update README.md
 2021-02-23 20:28:31 +00:00
Jo Cook
3732a475cb
Update README.md 
Extended my two edits to specify that they only apply if running in a container.
 2021-02-23 17:25:12 +00:00
Jo Cook
cf7c50bf33
Update README.md 
Clarified that log files are created inside the container so that new users (ie me) don't spend ages wondering where the logs are!
 2021-02-23 12:15:22 +00:00
Thomas Sjögren
7c881b4b0b
Merge pull request #461 from jammasterj89/master 
Fix check_2 to -le 644
 2021-01-15 13:39:29 +00:00
jammasterj89
f8c9b0fd5b
Replace multiple -eq with -le 
Replace multiple -eq with -le for file permission checks. Except for line 228 which uses slightly different logic so is -ge.

Signed-off-by: Niall T 19202716+jammasterj89@users.noreply.github.com
 2021-01-15 11:20:59 +00:00
jammasterj89
47e4cc173c
Fix check_2 to -le 644 
Issue #459 raised that check_2 was only checking for 644 or 600 permissions, this now checks for anything less than or equal to 644.

Signed-off-by: Niall T 19202716+jammasterj89@users.noreply.github.com
 2021-01-15 10:29:11 +00:00
Thomas Sjögren
8bd04d683f
Merge pull request #460 from jammasterj89/master 
Update alpine to 3.13.0
 2021-01-15 10:21:31 +00:00
Thomas Sjögren
d3d25c8fc8
Update Dockerfile 
Co-authored-by: Sebastiaan van Stijn <thaJeztah@users.noreply.github.com>
 2021-01-15 10:20:35 +00:00
jammasterj89
f47f61538e
Update alpine to 3.13.0 
Updated alpine version to latest - 3.13.0

Signed-off-by: Niall T <19202716+jammasterj89@users.noreply.github.com>
 2021-01-15 09:30:14 +00:00
Thomas Sjögren
75fe107048
Merge pull request #457 from sa7mon/patch-1 
Grammar fixes in README
 2020-11-30 16:26:33 +00:00
Dan Salmon
b7d8805ce1
Update README.md 
Grammar fixes
 2020-11-30 14:44:00 +00:00
Thomas Sjögren
ca0db8898f
Merge pull request #454 from Constantin07/do_not_leave_dangling_container_after_run 
Remove container after run.
 2020-11-18 09:22:08 +00:00
Constantin Bugneac
1ea667f2f0 Remove container after run. 2020-11-17 21:49:07 +00:00
Thomas Sjögren
6ad1a1ef77
Merge pull request #451 from konstruktoid/imgname 
print img if empty RepoTags, and fix tabbing
 2020-11-02 08:27:59 +00:00
Thomas Sjögren
3877abd975 print img if empty RepoTags, and fix tabbing 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-11-02 09:26:20 +01:00
Thomas Sjögren
93c619f018
Merge pull request #445 from thaJeztah/no_experimental 
Deprecate rule 2.16 for Docker > 19.03
 2020-10-02 17:31:15 +00:00
Sebastiaan van Stijn
0f3dfe70fe
Deprecate rule 2.16 for Docker > 19.03 
The upcoming 20.x docker release will always have experimental features
enabled, which will stop this test from working.

More details can be found in docker/cli##2774

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2020-10-02 18:01:57 +02:00
Thomas Sjögren
f3e9c791ce
Merge pull request #444 from markdumay/partition 
Support user namespaces in partition check (1.2.1)
 2020-09-29 11:24:17 +00:00
mark
d85c73316a Updated mountpoint check to support user namespace 2020-09-29 12:41:25 +02:00
mark
919816dbbf Changed to 'df' to support user namespaces 2020-09-28 08:04:17 +02:00
Thomas Sjögren
b6478e9367
Merge pull request #374 from draios/limit-num-items-reported 
Limit the number of reported items
 2020-07-13 11:22:49 +00:00
Mark Stemm
4cfb58f675 Limit the number of reported items 
In some evironments, there may be a very large number of images,
containers, etc not satisfying a given test. For example, in one
environment, we saw *378k* images not satisfying 4.6, mostly because
the customer was never cleaning up old images.

To avoid overly long lists of items, add a new option "-n LIMIT" that
limits the number of items included in JSON output. When the limit is
reached, the list will be truncated and a trailing (truncated) will be
added. Here's an example:

```
{"id": "5.9", "desc": "Ensure the host's network namespace is not
shared", "result": "WARN", "details": "Containers running with
networking mode 'host':  k8s_POD_storage-provisioner_kube-system_ef960ef5-62c5-11e9-802f-08002719228f_0
k8s_POD_kube-proxy-xfln8_kube-system_ee70c4c3-62c5-11e9-802f-08002719228f_0 (truncated)",
"items":
["k8s_POD_storage-provisioner_kube-system_ef960ef5-62c5-11e9-802f-08002719228f_0","k8s_POD_kube-proxy-xfln8_kube-system_ee70c4c3-62c5-11e9-802f-08002719228f_0","(truncated)"]},
```

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2020-07-10 13:00:29 -07:00
Thomas Sjögren
41593e80d0
Merge pull request #439 from roman-mueller/fix_description 
Remove prefix of check ID in description
 2020-06-02 14:10:21 +00:00
Roman Mueller
b3182ca8f5 Remove prefix of check ID 2020-06-02 15:57:33 +02:00
Thomas Sjögren
d6969dd2a4
Merge pull request #438 from konstruktoid/alpine 
alpine:3.12
 2020-06-01 07:31:05 +00:00
Thomas Sjögren
aa984c44db alpine:3.12 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-06-01 09:30:09 +02:00
Thomas Sjögren
1e0a10b71f
Merge pull request #436 from konstruktoid/macnetstat 
more flexible binary usage, better support for mac os
 2020-05-08 11:10:57 +00:00
Thomas Sjögren
8aec461d46 more flexible binary usage, better support for mac os 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-05-08 13:09:52 +02:00
Thomas Sjögren
375d32c0db
Merge pull request #435 from konstruktoid/scoring 
map desc_ to benchmark headings
 2020-05-08 10:41:41 +00:00
Thomas Sjögren
98acc66436 map desc_ to benchmark headings 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-05-08 12:38:08 +02:00
Thomas Sjögren
735938a8f1
Merge pull request #434 from HristoStoyanovMM/CIS_Level1_only_checks 
Add CIS Level 1 only functions
 2020-05-08 08:46:28 +00:00
herc1
4612146563 Add CIS Level 1 only functions 
Signed-off-by: HristoStoyanovMM <hristo.stoyanov@mentormate.com>
 2020-05-07 19:44:56 +03:00
Thomas Sjögren
79ef925df1
Merge pull request #430 from konstruktoid/ISSUE422b 
by an appropriate
 2020-04-17 11:12:51 +00:00
Thomas Sjögren
5210cc9ff9 by an appropriate 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-04-17 13:11:37 +02:00
Thomas Sjögren
d32d4f3ce3
Merge pull request #429 from konstruktoid/ISSUE422 
fix MacOSX volume, and lint
 2020-04-17 06:26:30 +00:00
Thomas Sjögren
1c2b912aa2 fix MacOSX volume, and lint 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-04-17 08:25:44 +02:00
Thomas Sjögren
d53ac42de1
Merge pull request #428 from konstruktoid/ISSUE424 
update README, correct volume binary paths
 2020-04-16 15:18:38 +00:00
Thomas Sjögren
3c38419c5b update README, correct volume binary paths 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-04-16 17:17:51 +02:00
Thomas Sjögren
2cdfa3df25
Merge pull request #423 from illyaMs/master 
[Ubuntu] Fix issue with docker.service and docker.socket files not found
 2020-04-15 09:05:50 +00:00
Thomas Sjögren
2972b685fc
Merge pull request #427 from konstruktoid/ISSUE425 
use opensuse/leap, and remove awk linkage
 2020-04-15 08:55:27 +00:00
Thomas Sjögren
9f92e46df8 use opensuse/leap, and remove awk linkage 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-04-15 10:54:17 +02:00
Ilya Dus
51bc75eb55 fix(docs): explain the need of mounting /lib/systemd/system folder for Ubuntu 
Signed-off-by: Ilya Dus <ilyadoos@gmail.com>
 2020-04-10 16:27:32 +03:00
Ilya Dus
d42fedc370 fix(sh): check default ubuntu locations of docker.service and docker.socket files 
Signed-off-by: Ilya Dus <ilyadoos@gmail.com>
 2020-04-10 16:26:25 +03:00