docker-bench-security

mirror of https://github.com/docker/docker-bench-security.git synced 2025-01-31 14:22:33 +01:00

Author	SHA1	Message	Date
cuiwei13	969d660c40	add checking to avoid using overlayfs (due to no quota support, similar to aufs driver issue, which is protential for containers to run out of disk space easily with a simple command: dd if=/dev/zero of=hack ). Signed-off-by: cuiwei13 <cuiwei13@pku.edu.cn>	2016-05-18 17:17:18 +08:00
Thomas Sjögren	80e571f759	new version Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2016-04-28 21:51:24 +02:00
Thomas Sjögren	81b093632a	update chap 6 to cis 1.11 Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2016-04-15 00:23:03 +02:00
Thomas Sjögren	9e94259903	update chap 5 to cis 1.11 Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2016-04-15 00:12:00 +02:00
Thomas Sjögren	c544e417b0	update chap 4 to cis 1.11 Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2016-04-14 23:15:16 +02:00
Thomas Sjögren	e3da5eacf0	update chap 3 to cis 1.11 Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2016-04-14 22:57:25 +02:00
Thomas Sjögren	3cafe284dd	update chap 2 to cis 1.11 Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2016-04-14 22:25:11 +02:00
Thomas Sjögren	1454b300a0	add 1.4 again Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2016-04-14 21:27:24 +02:00
Thomas Sjögren	6be21785c4	update chap 1 to cis 1.11 Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2016-04-14 21:15:33 +02:00
Thomas Sjögren	03ec1b96b7	docker_current_version Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2016-04-14 20:18:49 +02:00
Thomas Sjögren	8d6f1e81c2	ps flags not in output Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2016-03-29 23:52:39 +02:00
Thomas Sjögren	d3ff26c5fa	version 1.10.3 Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2016-03-11 22:01:32 +01:00
Thomas Sjögren	3d7f124b89	Merge pull request #118 from konstruktoid/issue117 use stat to verify permissions	2016-03-11 21:32:55 +01:00
Matt Fellows	4d8ffc5943	Fix spelling mistake (proccesses -> processes) Signed-off-by: Matt Fellows <matt.fellows@onegeek.com.au>	2016-02-25 11:08:43 +11:00
Thomas Sjögren	94d8a611d8	1.10.2 release Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2016-02-23 21:24:27 +01:00
Thomas Sjögren	001811bf87	use stat to verify permissions Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2016-02-16 23:23:27 +01:00
Thomas Sjögren	68082d0727	current version 1.10.1 and correct date Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2016-02-15 20:58:19 +01:00
Thomas Sjögren	7c6a637b62	update to v1.10.0 Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2016-02-05 20:56:25 +01:00
Thomas Sjögren	00a1270c9b	inspect output changed Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2015-12-22 19:46:32 +01:00
Thomas Sjögren	606f70f83f	flexible paths for docker.socket as well Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2015-12-12 16:16:50 +01:00
Thomas Sjögren	e8c6b94143	check docker.service Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2015-12-12 16:08:46 +01:00
Thomas Sjögren	a53e1bec44	Merge pull request #105 from andreasstieger/version-check Improve version check, fixes #103	2015-12-07 20:00:03 +01:00
Andreas Stieger	e285c472d6	Support remote users and groups for group check. Fixes #104 Grepping /etc/group discards users and grous coming from NIS, LDAP, AD. Use getent group which covers all. Signed-off-by: Andreas Stieger <astieger@suse.com>	2015-12-01 16:17:48 +01:00
Andreas Stieger	3f538f537f	Vendors now support docker packages, add language for #103 Signed-off-by: Andreas Stieger <astieger@suse.com>	2015-12-01 16:09:15 +01:00
Andreas Stieger	2c6285d4ef	Improve statement of version check 1.6, fixes #103 Add an as-of date. Signed-off-by: Andreas Stieger <astieger@suse.com>	2015-12-01 15:43:13 +01:00
Thomas Sjögren	80794e5638	get .service file location from systemd Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2015-11-27 19:26:03 +01:00
Thomas Sjögren	eda8e3a963	Merge pull request #100 from andreasstieger/cli Fix command line option parsing issues Closes #97 #98 #99	2015-11-27 18:45:23 +01:00
Andreas Stieger	d2ba1d9f72	Fix #97 , #98 , #99 by using new helper functions Signed-off-by: Andreas Stieger <astieger@suse.com>	2015-11-27 15:35:37 +01:00
Thomas Sjögren	2e6d3b290a	latest version is 1.9.1 Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2015-11-21 20:51:05 +01:00
Thomas Sjögren	f2f1195550	Merge pull request #91 from MrSecure/29-tcp-required check for TCP socket before checking for TLS	2015-11-14 20:54:41 +01:00
Mr. Secure	f791d06cff	apply TLS checks to any socket other than unix:// or fd:// break the docker command line arguments into one option per line, then find all socket items (H or host), exclude the unix:// and fd:// sockets, and if there are any left, check for TLS options Signed-off-by: Mr. Secure <ben.github@mrsecure.org>	2015-11-13 19:51:46 -06:00
Andreas Stieger	cd7efa2afc	Fix test 3.25, correctly check for root:docker ownership, fixes #95 Signed-off-by: Andreas Stieger <astieger@suse.com>	2015-11-11 18:58:03 +01:00
Andreas Stieger	c5cb9cdc5c	POSIX test command requires -S for UNIX domain sockets, fixes #94 Signed-off-by: Andreas Stieger <astieger@suse.com>	2015-11-11 18:57:58 +01:00
Thomas Sjögren	9b9f17cabc	1.9.0 released Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2015-11-04 18:23:25 +01:00
MrSecure	81730f536a	check for TCP listener Signed-off-by: Mr. Secure <ben.github@mrsecure.org>	2015-10-30 07:48:11 -05:00
Thomas Sjögren	50dc806232	current version is 1.8.2 Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2015-10-01 21:46:33 +02:00
Csaba Palfi	831a373a61	make process count check even simpler Signed-off-by: Csaba Palfi <csaba@palfi.me>	2015-08-17 17:41:47 +01:00
Csaba Palfi	d7926a0f31	make process count check a bit easier to read Signed-off-by: Csaba Palfi <csaba@palfi.me>	2015-08-17 17:29:42 +01:00
Thomas Sjögren	75a7f955cc	prettier Docker exec fail output Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2015-08-13 22:06:03 +02:00
Thomas Sjögren	5f4bfdb98c	'CapAdd=<nil>' Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2015-08-13 21:46:21 +02:00
Thomas Sjögren	64bc5323e6	current version is 1.8.0 Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2015-08-13 21:35:55 +02:00
Ivan Angelov	7ada35cd90	Count unique image ids only Signed-off-by: Ivan Angelov <iangelov@users.noreply.github.com>	2015-08-10 17:19:06 +02:00
Thomas Sjögren	45671a70f3	catch server versions Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2015-07-11 20:36:04 +02:00
Thomas Sjögren	4a289d9a15	Merge pull request #59 from konstruktoid/perm_checks Perm checks	2015-07-10 02:11:10 +02:00
Thomas Sjögren	6fca0428e7	missed one tls* Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2015-07-10 02:10:26 +02:00
Thomas Sjögren	b3fd225df8	fix incorrect file variables Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2015-07-10 01:43:11 +02:00
Thomas Sjögren	8b0efa170f	split cmdline Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2015-07-10 01:30:38 +02:00
Thomas Sjögren	3c6b0df012	handle -dev version Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2015-07-10 00:40:31 +02:00
Thomas Sjögren	19d3d39e50	Merge pull request #48 from jlusiardi/fix_issue_47 Fix for issue #47.	2015-07-01 20:16:27 +02:00
Joachim Lusiardi	fae2639313	Addition to fix for issue #47 . Missed the potentially wrong invocations of pgrep also in section 3 of the tests. Replace "pgrep -lf" there as well. Signed-off-by: Joachim Lusiardi <joachim@lusiardi.de>	2015-06-29 22:27:59 +02:00

1 2

86 commits