GuillaumeHemmen/docker-bench-security
1
0
Fork 0
mirror of https://github.com/docker/docker-bench-security.git synced 2025-01-19 00:32:34 +01:00
Code Issues Projects Releases Packages Wiki Activity
875 commits 3 branches 11 tags 4.9 MiB
Commit graph

875 commits

This branch
This branch
All branches
Author SHA1 Message Date
Thomas Sjögren
4a289d9a15 Merge pull request #59 from konstruktoid/perm_checks 
Perm checks
 2015-07-10 02:11:10 +02:00
Thomas Sjögren
6fca0428e7 missed one tls* 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-07-10 02:10:26 +02:00
Thomas Sjögren
056768e78d Merge pull request #58 from konstruktoid/version 
handle -dev version
 2015-07-10 01:52:01 +02:00
Thomas Sjögren
b3fd225df8 fix incorrect file variables 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-07-10 01:43:11 +02:00
Thomas Sjögren
8b0efa170f split cmdline 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-07-10 01:30:38 +02:00
Thomas Sjögren
3c6b0df012 handle -dev version 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-07-10 00:40:31 +02:00
Thomas Sjögren
79ddbebcd4 Merge pull request #55 from fatherlinux/master 
Created customized Dockerfiles for RHEL and CentOS
 2015-07-06 21:40:55 +02:00
Scott McCarty
9429cdd79f Changed the repository to my fork fatherlinux/docker-bench-security 
Signed-off-by: Scott McCarty <smccarty@redhat.com>
 2015-07-06 13:07:07 -04:00
Thomas Sjögren
c02b1f5da9 Merge pull request #56 from konstruktoid/shellcheck 
shellcheck
 2015-07-04 00:07:23 +02:00
Thomas Sjögren
675bbc84db shellcheck 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-07-04 00:05:13 +02:00
Scott McCarty
b942031979 Created customized Dockerfiles for RHEL and CentOS 
Signed-off-by: Scott McCarty <smccarty@redhat.com>
 2015-07-02 14:23:58 -04:00
Thomas Sjögren
10ecf0282c Merge pull request #53 from konstruktoid/dockerfile_order 
Dockerfile order
 2015-07-01 21:05:04 +02:00
Thomas Sjögren
dbb8b8067e Merge pull request #54 from konstruktoid/distros_debian 
Add Debian Dockerfile
 2015-07-01 21:03:28 +02:00
Thomas Sjögren
f3d9b5cc2e Use distros/Dockerfile.alpine 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-07-01 21:00:51 +02:00
Thomas Sjögren
cbb351bbf3 FROM must be the first instruction 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-07-01 20:59:09 +02:00
Thomas Sjögren
828bfb4a16 Add Debian Dockerfile 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-07-01 20:57:26 +02:00
Thomas Sjögren
19d3d39e50 Merge pull request #48 from jlusiardi/fix_issue_47 
Fix for issue #47.
 2015-07-01 20:16:27 +02:00
Joachim Lusiardi
2d29af704e Improve fix for issue 47 using prep -x -o 
The use of `pgrep -x`was proposed by @rnelson0. `pgrep -x -o` should limit the result to the oldest exactly matching execution of a binary called `docker`.

Signed-off-by: Joachim Lusiardi <joachim@lusiardi.de>
 2015-06-29 22:28:14 +02:00
Joachim Lusiardi
fae2639313 Addition to fix for issue #47. 
Missed the potentially wrong invocations of pgrep also in section 3
of the tests. Replace "pgrep -lf" there as well.

Signed-off-by: Joachim Lusiardi <joachim@lusiardi.de>
 2015-06-29 22:27:59 +02:00
Joachim Lusiardi
fc8eefb8a6 Fix for issue #47. 
Introduces a new function in helper_lib.sh to query the command line
arguments of the running instances of a binary. This is done to get
rid of the problem of "-lf" versus "-alf" for pgrep.

Signed-off-by: Joachim Lusiardi <joachim@lusiardi.de>
 2015-06-29 22:27:34 +02:00
Diogo Monica
f18f5edff0 Change the scripts header to mention Docker Benchmark for Security 2015-06-28 11:04:53 -07:00
Diogo Mónica
7efb4b1d95 Update README 2015-06-28 11:00:37 -07:00
Diogo Mónica
f9fc158951 Merge pull request #50 from konstruktoid/distro_dir 
Distro dir
 2015-06-28 10:34:49 -07:00
Thomas Sjögren
7afc408e49 remove Dockerfile from readme 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-06-26 02:18:56 +02:00
Thomas Sjögren
e2cd15bf52 Dockerfile name 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-06-23 22:48:37 +02:00
Thomas Sjögren
2a9d8a0da7 distro specific example 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-06-23 22:46:03 +02:00
Thomas Sjögren
a324c22e3c distro specific readme 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-06-23 22:45:43 +02:00
Thomas Sjögren
0df4448fb8 Merge pull request #49 from konstruktoid/apk_update 
keep the image up-to-date
 2015-06-23 21:36:28 +02:00
Thomas Sjögren
641bf4e864 keep the image up-to-date 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-06-23 21:32:35 +02:00
Thomas Sjögren
88566a8f9f Merge pull request #44 from konstruktoid/shellcheck 
shellcheck fixes
 2015-06-23 21:20:50 +02:00
Thomas Sjögren
553e2d7c30 Merge remote-tracking branch 'origin/master' into shellcheck 
* origin/master:
  actually catch ssh
  update do_version_check

Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>

Conflicts:
	tests/1_host_configuration.sh
	tests/5_container_runtime.sh
 2015-06-23 21:17:41 +02:00
Thomas Sjögren
10efc9ee61 Merge pull request #45 from konstruktoid/version_count 
update do_version_check and 5.7
 2015-06-23 21:05:16 +02:00
Thomas Sjögren
2907078fd2 actually catch ssh 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-06-21 23:11:23 +02:00
Thomas Sjögren
ef8ff4a9f3 update do_version_check 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-06-21 23:11:02 +02:00
Thomas Sjögren
b5c571df18 shellcheck fixes 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-06-21 23:03:34 +02:00
Thomas Sjögren
62a903246c Merge pull request #43 from konstruktoid/contrib_b 
tests tree
 2015-06-21 22:08:19 +02:00
Thomas Sjögren
072df180aa tests tree 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-06-21 22:07:07 +02:00
Thomas Sjögren
edf0646330 Merge pull request #40 from liron-l/master 
Fix CIS 5.8 - Reverse container port and reduce privileged port to 1024
 2015-06-21 21:45:01 +02:00
Liron Levin
ddc7553e7a Merge branch 'master' of github.com:liron-l/docker-bench-security 
Signed-off-by: Liron Levin <liron@twistlock.com>
 2015-06-21 07:26:39 +03:00
Liron Levin
b2093036df Fix CIS 5.8 - Reverse container port and reduce privileged port to 1024 
-- According to CIS, 5.8 apply to priviliged port on the host not on the
container:
`processes are not allowed to use them for various security reasons.
Docker allows a
container port to be mapped to a privileged port.`
-- Also privileged port should be less than 1024 inclusive

Signed-off-by: liron-l <levinlir@gmail.com>
Signed-off-by: Liron Levin <liron@twistlock.com>
 2015-06-21 07:25:24 +03:00
liron-l
0602870be5 Fix CIS 5.8 - Reverse container port and reduce privileged port to 1024 
-- According to CIS, 5.8 apply to priviliged port on the host not on the
container:
`processes are not allowed to use them for various security reasons.
Docker allows a
container port to be mapped to a privileged port.`
-- Also privileged port should be less than 1024 inclusive

Signed-off-by: liron-l <levinlir@gmail.com>
 2015-06-21 07:19:28 +03:00
Thomas Sjögren
b8afe35a5b Merge pull request #42 from konstruktoid/contrib 
CONTRIBUTING.md
 2015-06-19 23:55:05 +02:00
Thomas Sjögren
b808610b45 simplify dir tree 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-06-19 23:52:01 +02:00
Thomas Sjögren
0b32b8aa22 codecheck w shellcheck, checkbashisms 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-06-19 23:47:27 +02:00
Thomas Sjögren
3d2565742a same build instructions everywhere 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-06-19 23:46:43 +02:00
Thomas Sjögren
2a0241d839 Merge pull request #41 from konstruktoid/exclude_container 
consistent labeling
 2015-06-19 23:34:36 +02:00
Thomas Sjögren
2dbfdd112f consistent labeling 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-06-19 23:31:44 +02:00
Thomas Sjögren
d9bb6ce936 Merge pull request #39 from konstruktoid/issue_31 
Change from ls to stat, fix permissions
 2015-06-19 22:48:32 +02:00
Thomas Sjögren
1e0ef4cf97 crt dir and permissions 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-06-18 00:32:20 +02:00
Thomas Sjögren
0c61ddb6dd from ls to stat 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-06-17 23:52:53 +02:00