docker-bench-security

mirror of https://github.com/docker/docker-bench-security.git synced 2025-08-23 18:08:49 +00:00

Author	SHA1	Message	Date
ghostplant	a3e3079b65	Merge `969d660c40` into `2de8e71d01`	2017-02-15 14:20:20 +00:00
Thomas Sjögren	69435a0b3e	update section 2 Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2017-01-24 13:41:30 +01:00
Thomas Sjögren	77617321df	update info messages, not scored Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2017-01-23 17:06:10 +01:00
Thomas Sjögren	7aa4682c87	#182 netsat Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2017-01-23 13:38:28 +01:00
Thomas Sjögren	95e6ac8253	#182 checks Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2017-01-23 13:13:48 +01:00
Thomas Sjögren	27773128f8	Merge branch 'master' into docker-benchmark-1.12.0	2017-01-23 12:14:23 +01:00
Thomas Sjögren	b3cd7a1755	Merge pull request #168 from MrSecure/fix-tls-verify Fixes #167 - use get_docker_cumulative_command_line_args to check TLS	2017-01-20 12:08:12 +01:00
Ravi Kumar Vadapalli	6aae32f4e5	Support for 'CIS Docker Benchmark 1.12.0' Signed-off-by: Ravi Kumar Vadapalli <vadapalli.ravikumar@gmail.com>	2016-12-20 20:31:58 +05:30
Kevin Lim	89e4769877	fix test 2.2 check for log level Signed-off-by: Kevin Lim <kevin.lim@sap.com>	2016-09-28 14:25:42 -07:00
Mr. Secure	ee3e8dedb3	Fixes #167 - use get_docker_cumulative_command_line_args to check TLS settings Additionally, split warning into 2 parts: no TLS, TLS w/o verification Signed-off-by: Mr. Secure <ben.github@mrsecure.org>	2016-09-24 19:42:39 -05:00
cuiwei13	969d660c40	add checking to avoid using overlayfs (due to no quota support, similar to aufs driver issue, which is protential for containers to run out of disk space easily with a simple command: dd if=/dev/zero of=hack ). Signed-off-by: cuiwei13 <cuiwei13@pku.edu.cn>	2016-05-18 17:17:18 +08:00
Thomas Sjögren	3cafe284dd	update chap 2 to cis 1.11 Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2016-04-14 22:25:11 +02:00
Andreas Stieger	d2ba1d9f72	Fix #97 , #98 , #99 by using new helper functions Signed-off-by: Andreas Stieger <astieger@suse.com>	2015-11-27 15:35:37 +01:00
Mr. Secure	f791d06cff	apply TLS checks to any socket other than unix:// or fd:// break the docker command line arguments into one option per line, then find all socket items (H or host), exclude the unix:// and fd:// sockets, and if there are any left, check for TLS options Signed-off-by: Mr. Secure <ben.github@mrsecure.org>	2015-11-13 19:51:46 -06:00
MrSecure	81730f536a	check for TCP listener Signed-off-by: Mr. Secure <ben.github@mrsecure.org>	2015-10-30 07:48:11 -05:00
Joachim Lusiardi	fc8eefb8a6	Fix for issue #47 . Introduces a new function in helper_lib.sh to query the command line arguments of the running instances of a binary. This is done to get rid of the problem of "-lf" versus "-alf" for pgrep. Signed-off-by: Joachim Lusiardi <joachim@lusiardi.de>	2015-06-29 22:27:34 +02:00
Thomas Sjögren	20db7d8a4d	catch all -H, not only tcp:// Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2015-06-15 23:04:02 +02:00
Thomas Sjögren	2d25ddbcaf	Issue #24 , remove -U, -u Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2015-06-11 02:35:54 +02:00
Thomas Sjögren	b6a4bd7504	dont echo the grep result Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2015-06-01 22:51:47 +02:00
Werner Buck	f4aab9c8c5	Double quote to prevent globbing and word splitting. Do not use legacy backticks. Proper use of printf Do not use wc -l with grep, instead use grep -c Use pgrep Signed-off-by: Werner Buck <wernerbuck@gmail.com>	2015-05-31 12:26:37 +02:00
Thomas Sjögren	7082102612	add ps variable and limit output to root Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2015-05-30 13:01:19 +02:00
Diogo Monica	18d5a13240	First version of the CIS Docker Benchmark v1.0.0	2015-05-13 15:26:45 -07:00

22 commits