GuillaumeHemmen/docker-bench-security
1
0
Fork 0
mirror of https://github.com/docker/docker-bench-security.git synced 2025-01-19 00:32:34 +01:00
Code Issues Projects Releases Packages Wiki Activity
554 commits 3 branches 11 tags 4.9 MiB
Commit graph

48 commits

Author SHA1 Message Date
Thomas Sjögren
391e09f76a linting 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2018-11-01 10:24:36 +01:00
Thomas Sjögren
eb9ea59fe5 load dependencies in correct order 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2018-10-25 12:05:48 +02:00
Thomas Sjögren
2cbfd83f53 add nocolor option #321 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2018-10-25 11:34:14 +02:00
Thomas Sjögren
9dd2fa5ce0
Merge pull request #335 from konstruktoid/issue330 
sed option extravaganza #330
 2018-10-25 08:48:07 +02:00
Thomas Sjögren
afa289d9b7 sed option extravaganza #330 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2018-10-24 10:01:27 +02:00
Thomas Sjögren
36b73c4398 add include option #286 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2018-10-15 16:21:00 +02:00
Mark Stemm
ec7d8ce690 Improve docker-bench-security json output 
Add a test object for each test performed by the script. Each object has
an id N.M, a desc property describing the test, and the result. Some
tests include additional information about the test e.g. "No TLS
Certificate Found". That can be found in an optional details property of
the test object.

Also, some tests might also return a list of containers, images, users,
etc. This is included in an optional items property of the test object.

Instead of having all test results as top-level objects, break the test
results into sections. Each section has an id + description e.g. "1" and
"Host Configuration". The tests for that section are an array below that
object.

All of the additional json output is implemented by adding new functions
startsectionjson(), endsectionjson(), starttestjson(), and
resulttestjson() that take the id/desc/etc as arguments and print the
proper json properties. It also required adding an "end" test to each
script that calls endsectionjson().

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2018-10-11 13:39:55 -07:00
Michael Stahn
d24ee50420 fix for path variable 
Signed-off-by: Michael Stahn <michael.stahn.42@gmail.com>
 2018-06-26 21:57:15 +02:00
Thomas Sjögren
11230d052e formatting 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2018-05-10 15:41:27 +02:00
Thomas Sjögren
6c0dce7b19 yell function and version varible 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2018-05-10 15:19:10 +02:00
Thomas Sjögren
f78145214a add -e option to exclude checks 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2018-05-10 14:45:59 +02:00
Mike Ritter
b37dfb95e3 Minor fix to ensure exclude only works against container name 
Signed-off-by: Mike Ritter <mike.ritter@target.com>
 2018-02-27 18:24:25 -06:00
Mike Ritter
a3094ac5c6 New Features 
Signed-off-by: Mike Ritter <mike.ritter@target.com>
 2018-02-27 08:43:51 -06:00
Thomas Sjögren
57365ba1e4 fail if check doesnt exist 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2018-01-18 11:29:02 +01:00
Thomas Sjögren
6ec6ee0638 add check option, and function names 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2018-01-16 13:44:43 +01:00
Thomas Sjögren
25b40c94a2
Merge branch 'master' into issue265 2018-01-12 11:49:04 +01:00
Karol Babioch
997ce7330e Replace netstat by ss 
ss(8) is a modern replacement for netstat(8). The former is slowly replacing
the latter in major Linux distributions, which makes it necessary to switch
at some point.

This addresses #278.

Signed-off-by: Karol Babioch <kbabioch@suse.de>
 2018-01-11 16:52:54 +01:00
Thomas Sjögren
8424b0a6ba add check and score info 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-10-23 15:38:08 +02:00
Thomas Sjögren
4bbfc5465e mention dvs version 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-10-13 11:37:54 +02:00
Thomas Sjögren
809da21c4a skeleton json 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-10-10 13:54:59 +02:00
Thomas Sjögren
5af0568986 1.3.4-pre 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-10-06 16:04:51 +02:00
Thomas Sjögren
2226ad1b90 update versions, CIS Docker Community Edition Benchmark 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-07-07 10:22:57 +02:00
Thomas Sjögren
a3dd83a529 bump to 1.3.2 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-03-23 11:37:15 +01:00
Thomas Sjögren
7d992029e6 remove code, if CMD instead of exit code 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-02-17 15:03:29 +01:00
Thomas Sjögren
372dc08f26 CIS Docker 1.13 Benchmark, bump version 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-01-24 09:45:08 +01:00
Thomas Sjögren
a91d2fca56 1.12 benchmark 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-01-23 12:05:01 +01:00
Thomas Sjögren
15dc14ce3e bump minor version, closes #161 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2016-07-29 20:30:11 +02:00
Thomas Sjögren
426765b698 update yell to 1.11 as well 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2016-04-30 23:03:18 +02:00
Thomas Sjögren
4a628c6520 mention 1.11 benchmark instead of 1.6 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2016-04-30 22:31:08 +02:00
Thomas Sjögren
32282729dc missing file as non-root user 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-09-05 16:23:34 +02:00
Thomas Sjögren
a0f66dba13 dont sleep before showing flags 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-09-05 15:51:51 +02:00
Thomas Sjögren
151bb6d16f write init date to output file as well 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-09-05 15:44:44 +02:00
Paul Morgan
085b260a7b exit with proper status on CLI options 
* if `-h` is used: exit good
* if a non-valid CLI option is used without `-h`: exit bad

Signed-off-by: Paul Morgan <jumanjiman@gmail.com>
 2015-09-04 21:13:05 -04:00
Paul Morgan
aaffcb8df1 show logging option when user asks for help 
* avoid printf to simplify usage() syntax
* add reminder to update usage() when CLI option is added
* preserve indentation for help output

Signed-off-by: Paul Morgan <jumanjiman@gmail.com>
 2015-09-04 21:13:05 -04:00
Paul Morgan
ed6b0fa348 remove unused CLI options 
* -f is not used in `getopts`
* -i is not used in `getopts`
* -l needs trailing `:` to mandate `path/to/log/file`
* leading `:` is unnecessary in standard shell

Signed-off-by: Paul Morgan <jumanjiman@gmail.com>
 2015-09-04 19:24:25 -04:00
Pete Sellars
57ac3cee99 Fix filtering out docker-bench-security container from results 
Signed-off-by: Pete Sellars <psellars@gmail.com>
 2015-08-05 22:15:22 +12:00
Diogo Monica
45f0b049ff Changing description to match label 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-24 22:08:14 -07:00
Thomas Sjögren
815b369237 label rule for 1.8 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-07-25 14:20:56 +02:00
alberto
de68752f30 Get all running containers by name instead of by shor-uuid to improve readability in logs 
Signed-off-by: alberto <alberto@tutum.co>
 2015-07-23 11:31:23 +02:00
Diogo Monica
f18f5edff0 Change the scripts header to mention Docker Benchmark for Security 2015-06-28 11:04:53 -07:00
Thomas Sjögren
2dbfdd112f consistent labeling 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-06-19 23:31:44 +02:00
Thomas Sjögren
820bb581b7 add stat. reorder 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-06-17 23:23:59 +02:00
Jessica Frazelle
0231a7f5de Make the main script an executable for if I want to run it on my host 
Fix image sprawl to work

Fix port range

Signed-off-by: Jessica Frazelle <princess@docker.com>
 2015-06-09 00:10:44 -07:00
Werner Buck
f4aab9c8c5 Double quote to prevent globbing and word splitting. 
Do not use legacy backticks.
Proper use of printf
Do not use wc -l with grep, instead use grep -c
Use pgrep

Signed-off-by: Werner Buck <wernerbuck@gmail.com>
 2015-05-31 12:26:37 +02:00
Thomas Sjögren
4fcac56d34 add /usr/sbin/ 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-05-31 01:40:23 +02:00
Thomas Sjögren
9a35eb97d1 add /usr/local/bin to PATH 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-05-31 01:20:38 +02:00
Thomas Sjögren
32bdece6ac restrictive PATH 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-05-30 13:00:29 +02:00
Diogo Monica
a4cd4aa511 Rename to docker-bench-security 2015-05-27 15:08:25 -07:00
Renamed from docker-bench.sh (Browse further)