GuillaumeHemmen/docker-bench-security
1
0
Fork 0
mirror of https://github.com/docker/docker-bench-security.git synced 2025-01-18 16:22:33 +01:00
Code Issues Projects Releases Packages Wiki Activity
649 commits 3 branches 11 tags 4.9 MiB
Commit graph

231 commits

Author SHA1 Message Date
Thomas Sjögren
ddad135d13 shellcheck 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-10-16 09:49:18 +02:00
Thomas Sjögren
d680213a7b fix /etc/sysconfig/docker 
closes #397

Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-10-04 14:50:48 +02:00
Thomas Sjögren
d1934b614e
Merge pull request #390 from jammasterj89/master 
Issue #383 ability to exclude images
Closes #383, #369
 2019-08-29 15:10:53 +02:00
jammasterj89
e1d26673ee Remove check_images 
Removed check_images due to removal of -t parameter and $images being set in docker-bench-security.sh

Signed-off-by: Niall T <jammasterj89@gmail.com>
 2019-08-29 13:37:50 +01:00
jammasterj89
4bb6e19965 Added check_images 
Added check_images which moves the previous $imgList into this function and removed the else as this is handled within the main .sh

Signed-off-by: Niall T <jammasterj89@gmail.com>
 2019-08-29 13:37:10 +01:00
Thomas Sjögren
0cac0e339d catch community editions 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-08-29 10:29:38 +02:00
Thomas Sjögren
77a3bc65d7 fix 5.28 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-08-28 12:59:49 +02:00
Thomas Sjögren
71f63a192a tmp fix for json 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-08-28 12:36:49 +02:00
Thomas Sjögren
17c6262d2f formating 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-08-28 12:14:35 +02:00
Thomas Sjögren
d7f1d9753a ignore section 8 if community edition 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-08-28 11:49:22 +02:00
Thomas Sjögren
a785c02c59 add INFO for section 8 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-08-28 10:26:44 +02:00
Thomas Sjögren
7110df800b section 8 docker enterprise skeleton 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-08-27 16:11:38 +02:00
Thomas Sjögren
bcd6e5dd55 json sections 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-08-27 16:10:59 +02:00
Thomas Sjögren
ca3714bc16 first pass on section 7 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-08-27 16:03:29 +02:00
Thomas Sjögren
3d6dd81956 first pass on section 6 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-08-27 15:52:06 +02:00
Thomas Sjögren
0b007baf7e first pass on section 5 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-08-27 15:43:29 +02:00
Thomas Sjögren
e5c22c5f01 first pass on section 4 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-08-27 15:25:54 +02:00
Thomas Sjögren
f968597051 first pass on section 3 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-08-27 15:13:19 +02:00
Thomas Sjögren
6c6d0836a4 first pass on section 2 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-08-27 14:54:08 +02:00
Thomas Sjögren
82644982a8 move old 2.13 to community checks 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-08-27 14:53:42 +02:00
Thomas Sjögren
d963b93fcc update info output 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-08-26 15:13:50 +02:00
Thomas Sjögren
28f16f0afd add 1.2.9, #ref https://github.com/docker/docker-bench-security/pull/359 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-08-26 14:41:37 +02:00
Thomas Sjögren
6105f02a16 first pass on section 1 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-08-26 14:37:25 +02:00
Thomas Sjögren
326e31f403 use only year and month for version check #309 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-04-13 16:33:57 +02:00
Thomas Sjögren
1c8699bcf3 revert grep thought fail 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-03-20 09:57:19 +01:00
Thomas Sjögren
740439d352 accept only if ADD in / #362 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-03-19 14:54:38 +01:00
Thomas Sjögren
cec124a162 exclude first ADD since its most often the base #362 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-03-19 14:27:02 +01:00
Thomas Sjögren
d942b12e0a INFO shouldnt increase score #362 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-03-14 10:32:39 +01:00
Boris Gorbylev
689a5a62c5
Fixed check 2.9 
Signed-off-by: Boris Gorbylev <ekho@ekho.name>
 2019-02-21 19:15:38 +03:00
Thomas Sjögren
7e3ecaf17d catch root with uid and name as well #358 CVE-2019-5736 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-02-13 14:58:34 +01:00
Thomas Sjögren
a911c23915 4.9 resulttestjson "INFO" #356 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-01-24 16:46:51 +01:00
Anthony Roger
1dd7956760 feat: add the ability to select the images to be check from registry in order to integrate in ci 
Signed-off-by: Anthony Roger <aroger@softwaymedical.fr>
 2018-12-11 14:39:16 +01:00
telepresencebot2
4bf876296a fix test 7.4 using 5.25 as a model 
Signed-off-by: Taylor Lucy <talucy@franklinamerican.com>
 2018-11-14 14:30:51 -06:00
Thomas Sjögren
391e09f76a linting 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2018-11-01 10:24:36 +01:00
Thomas Sjögren
d5b900ce05 use mountpoint and DockerRootDir #332 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2018-10-23 15:26:41 +02:00
Mark Stemm
ec7d8ce690 Improve docker-bench-security json output 
Add a test object for each test performed by the script. Each object has
an id N.M, a desc property describing the test, and the result. Some
tests include additional information about the test e.g. "No TLS
Certificate Found". That can be found in an optional details property of
the test object.

Also, some tests might also return a list of containers, images, users,
etc. This is included in an optional items property of the test object.

Instead of having all test results as top-level objects, break the test
results into sections. Each section has an id + description e.g. "1" and
"Host Configuration". The tests for that section are an array below that
object.

All of the additional json output is implemented by adding new functions
startsectionjson(), endsectionjson(), starttestjson(), and
resulttestjson() that take the id/desc/etc as arguments and print the
proper json properties. It also required adding an "end" test to each
script that calls endsectionjson().

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2018-10-11 13:39:55 -07:00
Thomas Sjögren
773625a894 ref #325 daemon.json permissions 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2018-09-27 09:49:32 +02:00
Thomas Sjögren
feced0f6b2
Merge pull request #313 from nbrownuk/issue295-fix-tls-config-check 
Fixes incorrect reporting of TLS configuration in test 2.6
 2018-08-08 11:58:47 +02:00
Thomas Sjögren
f1137cd36a dont decrease 5.29 #316 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2018-08-06 09:51:06 +02:00
Joe Williams
cfb3357a12 fix docker user json output 
This prints out the docker users in a similar fashion to the other tests, including `INFO` rather than just the system command output.

Signed-off-by: Joe Williams <joe.williams@github.com>
 2018-07-26 15:07:59 -04:00
Nigel Brown
167c3507a2 Fixes incorrect reporting of TLS configuration in test 2.6 
Signed-off-by: Nigel Brown <nigel@windsock.io>
 2018-07-10 14:35:30 +01:00
Thomas Sjögren
c8894d3b26 deprecated --disable-legacy-registry 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2018-07-01 20:53:20 +02:00
Thomas Sjögren
78700f2600 consistent currentScore 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2018-07-01 20:04:20 +02:00
Thomas Sjögren
ebfb20c65f 4.7 is not scored 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2018-07-01 20:01:10 +02:00
Daniele Marcocci
77074962b1 fix count total_containers for swarm mode 
Signed-off-by: Daniele Marcocci <daniele.marcocci@par-tec.it>
 2018-05-18 10:17:42 +02:00
Mike Ritter
a3094ac5c6 New Features 
Signed-off-by: Mike Ritter <mike.ritter@target.com>
 2018-02-27 08:43:51 -06:00
Thomas Sjögren
bdeaeaa05a fix 2.18 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2018-02-09 11:02:04 +01:00
Thomas Sjögren
2aa9719dd6 silence example check output 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2018-01-18 11:29:20 +01:00
Thomas Sjögren
8fe0b5ea02 add example community check 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2018-01-17 16:11:04 +01:00
Thomas Sjögren
8142de8334 convert all checks to functions 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2018-01-16 13:46:49 +01:00