GuillaumeHemmen/docker-bench-security
1
0
Fork 0
mirror of https://github.com/docker/docker-bench-security.git synced 2025-01-19 00:32:34 +01:00
Code Issues Projects Releases Packages Wiki Activity
828 commits 3 branches 11 tags 4.9 MiB
Commit graph

66 commits

Author SHA1 Message Date
Thomas Sjögren
27773128f8 Merge branch 'master' into docker-benchmark-1.12.0 2017-01-23 12:14:23 +01:00
Thomas Sjögren
b3cd7a1755 Merge pull request #168 from MrSecure/fix-tls-verify 
Fixes #167 - use get_docker_cumulative_command_line_args to check TLS
 2017-01-20 12:08:12 +01:00
Ravi Kumar Vadapalli
6aae32f4e5 Support for 'CIS Docker Benchmark 1.12.0' 
Signed-off-by: Ravi Kumar Vadapalli <vadapalli.ravikumar@gmail.com>
 2016-12-20 20:31:58 +05:30
Kevin Lim
89e4769877 fix test 2.2 check for log level 
Signed-off-by: Kevin Lim <kevin.lim@sap.com>
 2016-09-28 14:25:42 -07:00
Mr. Secure
ee3e8dedb3 Fixes #167 - use get_docker_cumulative_command_line_args to check TLS settings 
Additionally, split warning into 2 parts:  no TLS, TLS w/o verification

Signed-off-by: Mr. Secure <ben.github@mrsecure.org>
 2016-09-24 19:42:39 -05:00
Thomas Sjögren
3cafe284dd update chap 2 to cis 1.11 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2016-04-14 22:25:11 +02:00
Andreas Stieger
d2ba1d9f72 Fix #97, #98, #99 by using new helper functions 
Signed-off-by: Andreas Stieger <astieger@suse.com>
 2015-11-27 15:35:37 +01:00
Mr. Secure
f791d06cff apply TLS checks to any socket other than unix:// or fd:// 
break the docker command line arguments into one option per line,
then find all socket items (H or host), exclude the unix:// and
fd:// sockets, and if there are any left, check for TLS options

Signed-off-by: Mr. Secure <ben.github@mrsecure.org>
 2015-11-13 19:51:46 -06:00
MrSecure
81730f536a check for TCP listener 
Signed-off-by: Mr. Secure <ben.github@mrsecure.org>
 2015-10-30 07:48:11 -05:00
Joachim Lusiardi
fc8eefb8a6 Fix for issue #47. 
Introduces a new function in helper_lib.sh to query the command line
arguments of the running instances of a binary. This is done to get
rid of the problem of "-lf" versus "-alf" for pgrep.

Signed-off-by: Joachim Lusiardi <joachim@lusiardi.de>
 2015-06-29 22:27:34 +02:00
Thomas Sjögren
20db7d8a4d catch all -H, not only tcp:// 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-06-15 23:04:02 +02:00
Thomas Sjögren
2d25ddbcaf Issue #24, remove -U, -u 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-06-11 02:35:54 +02:00
Thomas Sjögren
b6a4bd7504 dont echo the grep result 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-06-01 22:51:47 +02:00
Werner Buck
f4aab9c8c5 Double quote to prevent globbing and word splitting. 
Do not use legacy backticks.
Proper use of printf
Do not use wc -l with grep, instead use grep -c
Use pgrep

Signed-off-by: Werner Buck <wernerbuck@gmail.com>
 2015-05-31 12:26:37 +02:00
Thomas Sjögren
7082102612 add ps variable and limit output to root 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-05-30 13:01:19 +02:00
Diogo Monica
18d5a13240 First version of the CIS Docker Benchmark v1.0.0 2015-05-13 15:26:45 -07:00