GuillaumeHemmen/docker-bench-security
1
0
Fork 0
mirror of https://github.com/docker/docker-bench-security.git synced 2024-11-01 08:31:44 +01:00
Code Issues Projects Releases Packages Wiki Activity
754 commits 3 branches 11 tags 4.9 MiB
Commit graph

27 commits

Author SHA1 Message Date
Razvan Stoica
7144b947de Tests update 2021-03-16 10:05:49 +02:00
Razvan Stoica
6c586b4e08 Print remediation measures at the end of the logs 2021-03-10 21:47:52 +02:00
Razvan Stoica
94900eedb9 Change global variable used only locally to local variable for simplification 2021-03-09 12:42:48 +02:00
Thomas Sjögren
98acc66436 map desc_ to benchmark headings 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-05-08 12:38:08 +02:00
Thomas Sjögren
3d6dd81956 first pass on section 6 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-08-27 15:52:06 +02:00
Mark Stemm
ec7d8ce690 Improve docker-bench-security json output 
Add a test object for each test performed by the script. Each object has
an id N.M, a desc property describing the test, and the result. Some
tests include additional information about the test e.g. "No TLS
Certificate Found". That can be found in an optional details property of
the test object.

Also, some tests might also return a list of containers, images, users,
etc. This is included in an optional items property of the test object.

Instead of having all test results as top-level objects, break the test
results into sections. Each section has an id + description e.g. "1" and
"Host Configuration". The tests for that section are an array below that
object.

All of the additional json output is implemented by adding new functions
startsectionjson(), endsectionjson(), starttestjson(), and
resulttestjson() that take the id/desc/etc as arguments and print the
proper json properties. It also required adding an "end" test to each
script that calls endsectionjson().

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2018-10-11 13:39:55 -07:00
Daniele Marcocci
77074962b1 fix count total_containers for swarm mode 
Signed-off-by: Daniele Marcocci <daniele.marcocci@par-tec.it>
 2018-05-18 10:17:42 +02:00
Thomas Sjögren
8142de8334 convert all checks to functions 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2018-01-16 13:46:49 +01:00
Thomas Sjögren
7ebe21823d add score and totalChecks to 6_ 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-10-23 15:41:03 +02:00
Thomas Sjögren
e1adab029d check 6.x json log 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-10-13 10:28:42 +02:00
Thomas Sjögren
84baf80b7d no short forms 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-07-07 13:03:45 +02:00
Thomas Sjögren
125eaf90cd inspect requires images 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-07-07 12:07:00 +02:00
Thomas Sjögren
e1e902b3ed update checks 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-07-07 11:19:02 +02:00
Thomas Sjögren
77617321df update info messages, not scored 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-01-23 17:06:10 +01:00
Thomas Sjögren
81b093632a update chap 6 to cis 1.11 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2016-04-15 00:23:03 +02:00
Thomas Sjögren
00a1270c9b inspect output changed 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-12-22 19:46:32 +01:00
Ivan Angelov
7ada35cd90 Count unique image ids only 
Signed-off-by: Ivan Angelov <iangelov@users.noreply.github.com>
 2015-08-10 17:19:06 +02:00
Thomas Sjögren
b5c571df18 shellcheck fixes 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-06-21 23:03:34 +02:00
Jessica Frazelle
0231a7f5de Make the main script an executable for if I want to run it on my host 
Fix image sprawl to work

Fix port range

Signed-off-by: Jessica Frazelle <princess@docker.com>
 2015-06-09 00:10:44 -07:00
Thomas Sjögren
e29a886254 warn if only -lt half of the images are in use 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-06-01 22:37:28 +02:00
Thomas Sjögren
9cccfa6902 get the correct number of images 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-06-01 22:20:03 +02:00
Werner Buck
f4aab9c8c5 Double quote to prevent globbing and word splitting. 
Do not use legacy backticks.
Proper use of printf
Do not use wc -l with grep, instead use grep -c
Use pgrep

Signed-off-by: Werner Buck <wernerbuck@gmail.com>
 2015-05-31 12:26:37 +02:00
Diogo Monica
03ac3f5bd3 Make ifs style be consistent 2015-05-14 20:26:32 -07:00
Diogo Monica
8d06000296 Fixed running containers calculation 2015-05-13 19:43:12 -07:00
Diogo Monica
1c795f146e Added filtering to ignore security-benchmark container 2015-05-13 19:22:39 -07:00
Diogo Monica
1ebf49c35a Fixed the script to ignore containers with label security-benchmark 2015-05-13 17:08:12 -07:00
Diogo Monica
18d5a13240 First version of the CIS Docker Benchmark v1.0.0 2015-05-13 15:26:45 -07:00