GuillaumeHemmen/docker-bench-security
1
0
Fork 0
mirror of https://github.com/docker/docker-bench-security.git synced 2025-01-19 08:42:33 +01:00
Code Issues Projects Releases Packages Wiki Activity
225 commits 3 branches 11 tags 4.9 MiB
Commit graph

21 commits

Author SHA1 Message Date
Thomas Sjögren
8d6f1e81c2 ps flags not in output 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2016-03-29 23:52:39 +02:00
Matt Fellows
4d8ffc5943 Fix spelling mistake (proccesses -> processes) 
Signed-off-by: Matt Fellows <matt.fellows@onegeek.com.au>
 2016-02-25 11:08:43 +11:00
Thomas Sjögren
00a1270c9b inspect output changed 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-12-22 19:46:32 +01:00
Csaba Palfi
831a373a61 make process count check even simpler 
Signed-off-by: Csaba Palfi <csaba@palfi.me>
 2015-08-17 17:41:47 +01:00
Csaba Palfi
d7926a0f31 make process count check a bit easier to read 
Signed-off-by: Csaba Palfi <csaba@palfi.me>
 2015-08-17 17:29:42 +01:00
Thomas Sjögren
75a7f955cc prettier Docker exec fail output 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-08-13 22:06:03 +02:00
Thomas Sjögren
5f4bfdb98c 'CapAdd=<nil>' 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-08-13 21:46:21 +02:00
Thomas Sjögren
2907078fd2 actually catch ssh 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-06-21 23:11:23 +02:00
Liron Levin
b2093036df Fix CIS 5.8 - Reverse container port and reduce privileged port to 1024 
-- According to CIS, 5.8 apply to priviliged port on the host not on the
container:
`processes are not allowed to use them for various security reasons.
Docker allows a
container port to be mapped to a privileged port.`
-- Also privileged port should be less than 1024 inclusive

Signed-off-by: liron-l <levinlir@gmail.com>
Signed-off-by: Liron Levin <liron@twistlock.com>
 2015-06-21 07:25:24 +03:00
Zvi "Viz" Effron
3616f15cba Fix test 5.14 to not always pass when multiple ports are published. 
Signed-off-by: Zvi "Viz" Effron <zeffron@riotgames.com>
 2015-06-15 11:26:13 -07:00
Jessica Frazelle
0231a7f5de Make the main script an executable for if I want to run it on my host 
Fix image sprawl to work

Fix port range

Signed-off-by: Jessica Frazelle <princess@docker.com>
 2015-06-09 00:10:44 -07:00
Thomas Sjögren
2e92ed5a01 exec_check had extra space 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-06-01 22:46:58 +02:00
Thomas Sjögren
787f4325b2 update 5.7 exec_check to new style 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-06-01 22:44:37 +02:00
Werner Buck
f4aab9c8c5 Double quote to prevent globbing and word splitting. 
Do not use legacy backticks.
Proper use of printf
Do not use wc -l with grep, instead use grep -c
Use pgrep

Signed-off-by: Werner Buck <wernerbuck@gmail.com>
 2015-05-31 12:26:37 +02:00
Thomas Sjögren
643beee453 fail=1 when Docker exec fails 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-05-30 13:03:01 +02:00
Diogo Monica
4194b1e65c Adding double quotes to 2015-05-25 20:31:46 -07:00
Diogo Monica
03ac3f5bd3 Make ifs style be consistent 2015-05-14 20:26:32 -07:00
Diogo Monica
1c795f146e Added filtering to ignore security-benchmark container 2015-05-13 19:22:39 -07:00
Diogo Monica
1ebf49c35a Fixed the script to ignore containers with label security-benchmark 2015-05-13 17:08:12 -07:00
Diogo Monica
e63766e945 Added more empty modes. This does not seem to be consistent 2015-05-13 16:13:03 -07:00
Diogo Monica
18d5a13240 First version of the CIS Docker Benchmark v1.0.0 2015-05-13 15:26:45 -07:00