docker-bench-security

mirror of https://github.com/docker/docker-bench-security.git synced 2025-11-04 02:58:59 +00:00

Author	SHA1	Message	Date
Liron Levin	b2093036df	Fix CIS 5.8 - Reverse container port and reduce privileged port to 1024 -- According to CIS, 5.8 apply to priviliged port on the host not on the container: `processes are not allowed to use them for various security reasons. Docker allows a container port to be mapped to a privileged port.` -- Also privileged port should be less than 1024 inclusive Signed-off-by: liron-l <levinlir@gmail.com> Signed-off-by: Liron Levin <liron@twistlock.com>	2015-06-21 07:25:24 +03:00
Diogo Mónica	23a74b5bd0	Fixing local running of container in README	2015-06-17 11:25:52 -07:00
Diogo Mónica	e8c3571a84	Fixed Examples	2015-06-16 17:21:54 -07:00
Thomas Sjögren	158c5cf1ac	Merge pull request #36 from konstruktoid/issue_33 catch all -H, not only tcp://	2015-06-15 23:34:23 +02:00
Thomas Sjögren	20db7d8a4d	catch all -H, not only tcp:// Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2015-06-15 23:04:02 +02:00
Thomas Sjögren	49070a4af1	Merge pull request #35 from konstruktoid/cap_audit add cap_audit_control for auditctl to work	2015-06-15 22:19:41 +02:00
Thomas Sjögren	cf7b13d5ba	add cap_audit_control for auditctl to work Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2015-06-15 22:15:24 +02:00
Thomas Sjögren	af47962bc8	Merge pull request #26 from konstruktoid/issue_25 Issue #25, dont warn if file is missing and add /var/lib	2015-06-15 22:03:46 +02:00
Thomas Sjögren	eca8471c71	Merge branch 'master' of github.com:konstruktoid/docker-bench-security into issue_25 * 'master' of github.com:konstruktoid/docker-bench-security: Fix test 5.14 to not always pass when multiple ports are published. change to docker repository make readme codeblocks prettier Add first version of CONTRIBUTING.md Issue #24, remove -U, -u use official alpine image as the base Make the main script an executable for if I want to run it on my host Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com> Conflicts: README.md	2015-06-15 22:01:48 +02:00
Diogo Mónica	0cbb99d1f1	Merge pull request #34 from CtrlZvi/5.14_multiport_support Fix test 5.14 to not always pass when multiple ports are published.	2015-06-15 11:44:55 -07:00
Zvi "Viz" Effron	3616f15cba	Fix test 5.14 to not always pass when multiple ports are published. Signed-off-by: Zvi "Viz" Effron <zeffron@riotgames.com>	2015-06-15 11:26:13 -07:00
Diogo Mónica	0e7967e9b0	Merge pull request #32 from konstruktoid/docker_pull change to docker repository	2015-06-14 14:56:06 -07:00
Thomas Sjögren	41a0f63013	change to docker repository Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2015-06-14 23:54:15 +02:00
Thomas Sjögren	5c3c36c5ca	New README Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2015-06-14 23:03:11 +02:00
Diogo Mónica	f3f5636ac9	Merge pull request #30 from docker/add-contributing Add first version of CONTRIBUTING.md	2015-06-12 15:53:09 -07:00
Diogo Mónica	00b2c55589	Merge pull request #29 from jfrazelle/make-readme-codeblocks-prettier make readme codeblocks prettier	2015-06-11 16:56:00 -07:00
Jessica Frazelle	de92a18648	make readme codeblocks prettier Signed-off-by: Jessica Frazelle <princess@docker.com>	2015-06-11 16:54:23 -07:00
Diogo Monica	ebcbf9a231	Add first version of CONTRIBUTING.md	2015-06-11 16:26:49 -07:00
Thomas Sjögren	f4ee80ba3e	add -v /var/lib:/var/lib Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2015-06-11 21:37:44 +02:00
Diogo Mónica	67711b52d3	Merge pull request #27 from konstruktoid/issue_24 Issue #24, remove -U, -u	2015-06-10 18:29:29 -07:00
Diogo Mónica	eed841c201	Merge pull request #23 from jfrazelle/make-executable Make the main script an executable for if I want to run it on my host	2015-06-10 18:25:33 -07:00
Thomas Sjögren	2d25ddbcaf	Issue #24 , remove -U, -u Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2015-06-11 02:35:54 +02:00
Thomas Sjögren	56a7cb8779	Issue #25 , dont warn if file is missing Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2015-06-11 02:17:14 +02:00
Jessica Frazelle	b24a9d15b9	use official alpine image as the base Signed-off-by: Jessica Frazelle <princess@docker.com>	2015-06-09 00:11:03 -07:00
Jessica Frazelle	0231a7f5de	Make the main script an executable for if I want to run it on my host Fix image sprawl to work Fix port range Signed-off-by: Jessica Frazelle <princess@docker.com>	2015-06-09 00:10:44 -07:00
Diogo Mónica	d48d691ec2	Merge pull request #18 from konstruktoid/misc docker version, correct number of images, clean 2.7 output, ...	2015-06-01 15:57:04 -07:00
Diogo Mónica	645cb34a75	Merge pull request #16 from konstruktoid/clean_ps remove unused ps_ variables	2015-06-01 15:56:46 -07:00
Thomas Sjögren	b6a4bd7504	dont echo the grep result Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2015-06-01 22:51:47 +02:00
Thomas Sjögren	2e92ed5a01	exec_check had extra space Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2015-06-01 22:46:58 +02:00
Thomas Sjögren	787f4325b2	update 5.7 exec_check to new style Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2015-06-01 22:44:37 +02:00
Thomas Sjögren	e29a886254	warn if only -lt half of the images are in use Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2015-06-01 22:37:28 +02:00
Thomas Sjögren	8ff1dc25ee	docker_version variable Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2015-06-01 22:36:55 +02:00
Thomas Sjögren	9cccfa6902	get the correct number of images Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2015-06-01 22:20:03 +02:00
Diogo Mónica	2700ef95ba	Taking read-only out Mounting `/etc:ro` was causing issues in OpenSuse and Centos 5.6	2015-06-01 09:16:17 -07:00
Thomas Sjögren	d49a192c19	remove unused ps_ variables Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2015-06-01 00:25:08 +02:00
Diogo Mónica	362c62ac6e	Merge pull request #3 from wernerb/shellcheck Shellcheck	2015-05-31 10:31:53 -07:00
Werner Buck	f4aab9c8c5	Double quote to prevent globbing and word splitting. Do not use legacy backticks. Proper use of printf Do not use wc -l with grep, instead use grep -c Use pgrep Signed-off-by: Werner Buck <wernerbuck@gmail.com>	2015-05-31 12:26:37 +02:00
Diogo Mónica	54202b3b41	Merge pull request #14 from konstruktoid/split_pr Split PR #12 into separate commits	2015-05-30 16:45:12 -07:00
Thomas Sjögren	4fcac56d34	add /usr/sbin/ Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2015-05-31 01:40:23 +02:00
Thomas Sjögren	9a35eb97d1	add /usr/local/bin to PATH Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2015-05-31 01:20:38 +02:00
Diogo Mónica	85370b4530	Merge pull request #1 from paulczar/paulczar-patch-1 Update README.md	2015-05-30 14:01:56 -07:00
Thomas Sjögren	643beee453	fail=1 when Docker exec fails Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2015-05-30 13:03:01 +02:00
Thomas Sjögren	d964e084fc	no need for cat when grepping Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2015-05-30 13:02:37 +02:00
Thomas Sjögren	d02a7f8c0e	Add Docker do_version_check Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2015-05-30 13:02:08 +02:00
Thomas Sjögren	7082102612	add ps variable and limit output to root Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2015-05-30 13:01:19 +02:00
Thomas Sjögren	32bdece6ac	restrictive PATH Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2015-05-30 13:00:29 +02:00
Thomas Sjögren	01c915485e	add .dockerignore Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2015-05-30 12:59:22 +02:00
Paul Czarkowski	e5a5d1fc9c	Update README.md document mounting volumes to container as read only. Signed-off-by: Paul Czarkowski <username.taken@gmail.com>	2015-05-29 15:13:21 -05:00
Diogo Mónica	26912d9047	Merge pull request #4 from crosbymichael/fix-copyright Fix unpopulated copyright in license	2015-05-29 11:20:06 -07:00
Michael Crosby	8d36d81bfa	Fix unpopulated copyright in license Signed-off-by: Michael Crosby <crosbymichael@gmail.com>	2015-05-29 11:12:47 -07:00

1 2

73 commits