GuillaumeHemmen/docker-bench-security
1
0
Fork 0
mirror of https://github.com/docker/docker-bench-security.git synced 2025-01-18 16:22:33 +01:00
Code Issues Projects Releases Packages Wiki Activity
852 commits 3 branches 11 tags 4.9 MiB
Commit graph

297 commits

Author SHA1 Message Date
andreagalle
c8c90ee523 checking for the MaxAttempts=5 too at service level 2023-04-12 13:27:36 +00:00
Thomas Sjögren
ce38d3dd3c
Merge pull request #513 from konstruktoid/150 
align tests to CIS Docker Benchmark 1.5.0
 2023-03-06 13:01:33 +01:00
Thomas Sjögren
cbd07bb051
align tests to CIS Benchmark 1.5.0 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2023-03-06 12:59:56 +01:00
Thomas Sjögren
f375045741
Merge pull request #511 from konstruktoid/issue510 
add support for .NanoCpus
 2023-02-02 22:12:27 +01:00
Thomas Sjögren
941518887b
add support for .NanoCpus 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2023-02-02 11:47:18 +01:00
QuentinServais
ee718c40c0
Fix check_2_7 TLS check with json config 2022-12-27 23:39:17 +01:00
Thomas Sjögren
558fca319f grep host* in config file before testing 2.7 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2022-05-09 12:26:01 +02:00
Thomas Sjögren
68c8e53dac add 4.12 check 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2022-03-07 13:05:22 +01:00
Thomas Sjögren
0d5874877b if the docker daemon is configure with no-new-privileges, pass check 5.25 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2021-12-02 11:10:12 +01:00
serica
0ae544dd03 fix style and false warning in check_5_3 2021-11-30 18:38:36 -08:00
João Fernandes
a409e03d99
Fix typo in check_5_21 2021-11-11 20:39:22 +00:00
João Fernandes
7e89ea067d
Fix typo in check_4_11 
Fix the text description for check_4_11 .
 2021-11-11 20:39:00 +00:00
Thomas Sjögren
ec3ddf2acd
Merge pull request #475 from nikitastupin/feature-list-open-ports 
Implement listing of open ports
 2021-10-31 12:50:27 +01:00
Thomas Sjögren
fd93a6ee93
Merge pull request #476 from nikitastupin/feature-specific-capability-checks 
Add checks for capabilities that allows container escape
 2021-10-31 12:26:40 +01:00
Thomas Sjögren
683c5a92b5 fix socket check 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2021-07-12 15:22:12 +02:00
Nikita Stupin
cf93e9ed07 Add checks for capabilities that allows container escape 2021-07-08 13:10:12 +03:00
Nikita Stupin
dacc7372bf Implement listing of open ports 2021-07-08 13:00:21 +03:00
aagot
08a7b09d4d
Update 2_docker_daemon_configuration.sh 2021-06-25 14:38:02 +02:00
Thomas Sjögren
c1457e6ad3 initial commit of tests/99_community_checks.sh v1.3.1 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2021-05-25 20:49:46 +02:00
Thomas Sjögren
32c5e5f1fb initial commit of tests/8_docker_enterprise_configuration.sh v1.3.1 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2021-05-25 20:49:46 +02:00
Thomas Sjögren
4e379bbaf9 initial commit of tests/7_docker_swarm_configuration.sh v1.3.1 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2021-05-25 20:49:46 +02:00
Thomas Sjögren
3a9deae328 initial commit of tests/6_docker_security_operations.sh v1.3.1 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2021-05-25 20:49:46 +02:00
Thomas Sjögren
bd05445528 initial commit of tests/5_container_runtime.sh v1.3.1 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2021-05-25 20:49:46 +02:00
Thomas Sjögren
28fa0393da initial commit of tests/4_container_images.sh v1.3.1 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2021-05-25 20:49:46 +02:00
Thomas Sjögren
6f574b07c1 initial commit of tests/3_docker_daemon_configuration_files.sh v1.3.1 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2021-05-25 20:49:45 +02:00
Thomas Sjögren
6a685524eb initial commit of tests/2_docker_daemon_configuration.sh v1.3.1 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2021-05-25 20:49:45 +02:00
Thomas Sjögren
4a4ae81a03 initial commit of tests/1_host_configuration.sh v1.3.1 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2021-05-25 20:49:45 +02:00
Thomas Sjögren
addefc6ee4 update documentation 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2021-05-25 20:43:33 +02:00
Razvan Stoica
e4d9bd1556 Set remediationImpact for 5.31 test to None. 2021-04-14 11:17:22 +03:00
Razvan Stoica
15aa1eecd5 Update remediation impact message for test 5.31 2021-04-14 10:58:53 +03:00
Razvan Stoica
c67469d96b Fix systemctl error when running inside a container 2021-03-29 16:20:01 +03:00
Razvan Stoica
81ac358e82 Remove temporary files 2021-03-29 15:32:34 +03:00
Razvan Stoica
d0443cc817 Bug fixing and improving source code readability 2021-03-29 15:22:14 +03:00
Razvan Stoica
8a934aebf1 Remove the Debian family-specific installation command 2021-03-28 09:47:49 +03:00
Razvan Stoica
f31e60c379 Add more remediation stuff 2021-03-22 09:43:56 +02:00
Razvan Stoica
cc8171fbfe Add remediation stuff on enterprise configuration 2021-03-18 10:32:02 +02:00
Razvan Stoica
3a7fe3bb24 Add remediation stuff on swarm configuration 2021-03-18 10:31:22 +02:00
Razvan Stoica
25de0bd826 Add remediation stuff on security operations 2021-03-18 10:30:30 +02:00
Razvan Stoica
c05c58674a Add remediation stuff on daemon configuration 2021-03-18 10:29:28 +02:00
Razvan Stoica
7e89fdd364 Add remediation stuff on host configuration 2021-03-18 10:28:45 +02:00
Razvan Stoica
7144b947de Tests update 2021-03-16 10:05:49 +02:00
Razvan Stoica
11886d47d8 Fixed invalid JSON log 2021-03-11 15:00:12 +02:00
Razvan Stoica
c623d3afdd Print the remediation measure only if the check is not passed 2021-03-11 09:32:29 +02:00
Razvan Stoica
85117ea1a2 Improve wording 2021-03-11 08:30:01 +02:00
Razvan Stoica
6c586b4e08 Print remediation measures at the end of the logs 2021-03-10 21:47:52 +02:00
Razvan Stoica
9ae0d92b5d Fix "nohealthlocal: command not found" error 2021-03-10 14:58:58 +02:00
Razvan Stoica
c00ef4330b Add details about remediations measure for host configuration tests 2021-03-09 21:43:25 +02:00
Razvan Stoica
94900eedb9 Change global variable used only locally to local variable for simplification 2021-03-09 12:42:48 +02:00
Jo Cook
e9b9bfd270
Update 4_container_images.sh 
Correcting an extremely minor grammatical error (sorry)
 2021-02-25 19:04:05 +00:00
jammasterj89
f8c9b0fd5b
Replace multiple -eq with -le 
Replace multiple -eq with -le for file permission checks. Except for line 228 which uses slightly different logic so is -ge.

Signed-off-by: Niall T 19202716+jammasterj89@users.noreply.github.com
 2021-01-15 11:20:59 +00:00