GuillaumeHemmen/docker-bench-security
1
0
Fork 0
mirror of https://github.com/docker/docker-bench-security.git synced 2025-01-19 08:42:33 +01:00
Code Issues Projects Releases Packages Wiki Activity
885 commits 3 branches 11 tags 4.9 MiB
Commit graph

72 commits

Author SHA1 Message Date
MaPoe
958f5fa6c3 feat: update swarm mode check id from 7.1 to 5.1 2023-12-17 15:57:54 +01:00
andreagalle
0dc2d2b1e6 should fix the: Error response from daemon: This node is not a swarm manager. issue 2023-04-26 07:04:53 +00:00
andreagalle
412f514bb4 just a typo 2023-04-12 14:51:01 +00:00
andreagalle
f97b420af9 couple typos & performance improvements 2023-04-12 14:46:13 +00:00
andreagalle
c8c90ee523 checking for the MaxAttempts=5 too at service level 2023-04-12 13:27:36 +00:00
Thomas Sjögren
941518887b
add support for .NanoCpus 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2023-02-02 11:47:18 +01:00
Thomas Sjögren
0d5874877b if the docker daemon is configure with no-new-privileges, pass check 5.25 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2021-12-02 11:10:12 +01:00
serica
0ae544dd03 fix style and false warning in check_5_3 2021-11-30 18:38:36 -08:00
João Fernandes
a409e03d99
Fix typo in check_5_21 2021-11-11 20:39:22 +00:00
Nikita Stupin
dacc7372bf Implement listing of open ports 2021-07-08 13:00:21 +03:00
Thomas Sjögren
bd05445528 initial commit of tests/5_container_runtime.sh v1.3.1 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2021-05-25 20:49:46 +02:00
Razvan Stoica
e4d9bd1556 Set remediationImpact for 5.31 test to None. 2021-04-14 11:17:22 +03:00
Razvan Stoica
15aa1eecd5 Update remediation impact message for test 5.31 2021-04-14 10:58:53 +03:00
Razvan Stoica
d0443cc817 Bug fixing and improving source code readability 2021-03-29 15:22:14 +03:00
Razvan Stoica
f31e60c379 Add more remediation stuff 2021-03-22 09:43:56 +02:00
Razvan Stoica
7144b947de Tests update 2021-03-16 10:05:49 +02:00
Razvan Stoica
6c586b4e08 Print remediation measures at the end of the logs 2021-03-10 21:47:52 +02:00
Razvan Stoica
9ae0d92b5d Fix "nohealthlocal: command not found" error 2021-03-10 14:58:58 +02:00
Razvan Stoica
94900eedb9 Change global variable used only locally to local variable for simplification 2021-03-09 12:42:48 +02:00
Thomas Sjögren
98acc66436 map desc_ to benchmark headings 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-05-08 12:38:08 +02:00
zawazawa0316
33566331d1 fix line 230 
Signed-off-by: zawazawa0316 <37421794+zawazawa0316@users.noreply.github.com>
 2020-03-09 23:48:10 +09:00
zawazawa0316
b046f930bc remove single space at line 230 
Signed-off-by: zawazawa0316 <37421794+zawazawa0316@users.noreply.github.com>
 2020-03-09 23:45:25 +09:00
zawazawa0316
12f19d9f64 Fix check conditions 
Signed-off-by: zawazawa0316 <37421794+zawazawa0316@users.noreply.github.com>
 2020-03-07 05:24:24 +09:00
Thomas Sjögren
ddad135d13 shellcheck 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-10-16 09:49:18 +02:00
Thomas Sjögren
77a3bc65d7 fix 5.28 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-08-28 12:59:49 +02:00
Thomas Sjögren
17c6262d2f formating 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-08-28 12:14:35 +02:00
Thomas Sjögren
0b007baf7e first pass on section 5 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-08-27 15:43:29 +02:00
Thomas Sjögren
391e09f76a linting 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2018-11-01 10:24:36 +01:00
Mark Stemm
ec7d8ce690 Improve docker-bench-security json output 
Add a test object for each test performed by the script. Each object has
an id N.M, a desc property describing the test, and the result. Some
tests include additional information about the test e.g. "No TLS
Certificate Found". That can be found in an optional details property of
the test object.

Also, some tests might also return a list of containers, images, users,
etc. This is included in an optional items property of the test object.

Instead of having all test results as top-level objects, break the test
results into sections. Each section has an id + description e.g. "1" and
"Host Configuration". The tests for that section are an array below that
object.

All of the additional json output is implemented by adding new functions
startsectionjson(), endsectionjson(), starttestjson(), and
resulttestjson() that take the id/desc/etc as arguments and print the
proper json properties. It also required adding an "end" test to each
script that calls endsectionjson().

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2018-10-11 13:39:55 -07:00
Thomas Sjögren
f1137cd36a dont decrease 5.29 #316 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2018-08-06 09:51:06 +02:00
Mike Ritter
a3094ac5c6 New Features 
Signed-off-by: Mike Ritter <mike.ritter@target.com>
 2018-02-27 08:43:51 -06:00
Thomas Sjögren
8142de8334 convert all checks to functions 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2018-01-16 13:46:49 +01:00
Thomas Sjögren
25b40c94a2
Merge branch 'master' into issue265 2018-01-12 11:49:04 +01:00
Thomas Sjögren
57acb04a96 catch seccomp:unconfined|seccomp=unconfined 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2018-01-12 11:36:14 +01:00
Thomas Sjögren
e32910172f add score and totalChecks to 5_ 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-10-23 15:40:52 +02:00
Thomas Sjögren
be4dd69f3f check 5.x json log 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-10-13 10:25:23 +02:00
Thomas Sjögren
88b48315bc update checks 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-07-07 11:16:49 +02:00
Thomas Sjögren
a97bdfbe0d add note tag on informal checks 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-03-23 11:29:58 +01:00
Thomas Sjögren
bd236b1ac0 add host / as sensitive 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-02-13 11:36:16 +01:00
Thomas Sjögren
e78f1b8045 replace contains with grep 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-02-10 15:35:06 +01:00
Thomas Sjögren
4e126efdbb 5.25 check correction 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-01-27 11:00:36 +01:00
Thomas Sjögren
6c35842734 5.19 check correction 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-01-27 11:00:25 +01:00
Thomas Sjögren
7fc5dc33a7 sh if lint 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-01-27 10:59:57 +01:00
Thomas Sjögren
68ed3dd845 default capabilities are OK to add, closes #207 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-01-25 12:07:14 +01:00
Thomas Sjögren
7f87db0768 1.13 Section 5 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-01-24 15:26:19 +01:00
Thomas Sjögren
77617321df update info messages, not scored 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-01-23 17:06:10 +01:00
Thomas Sjögren
933f1b6da9 output formating 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-01-23 16:16:02 +01:00
Thomas Sjögren
07dbba6400 #182 remove legacy code 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-01-23 12:52:31 +01:00
Thomas Sjögren
6a2176b34e #182 messages and syntax 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-01-23 12:40:32 +01:00
Ravi Kumar Vadapalli
6aae32f4e5 Support for 'CIS Docker Benchmark 1.12.0' 
Signed-off-by: Ravi Kumar Vadapalli <vadapalli.ravikumar@gmail.com>
 2016-12-20 20:31:58 +05:30