GuillaumeHemmen/docker-bench-security
1
0
Fork 0
mirror of https://github.com/docker/docker-bench-security.git synced 2025-01-18 16:22:33 +01:00
Code Issues Projects Releases Packages Wiki Activity
718 commits 3 branches 11 tags 4.9 MiB
Commit graph

718 commits

This branch
This branch
All branches
Author SHA1 Message Date
Jo Cook
cf7c50bf33
Update README.md 
Clarified that log files are created inside the container so that new users (ie me) don't spend ages wondering where the logs are!
 2021-02-23 12:15:22 +00:00
Thomas Sjögren
7c881b4b0b
Merge pull request #461 from jammasterj89/master 
Fix check_2 to -le 644
 2021-01-15 13:39:29 +00:00
jammasterj89
f8c9b0fd5b
Replace multiple -eq with -le 
Replace multiple -eq with -le for file permission checks. Except for line 228 which uses slightly different logic so is -ge.

Signed-off-by: Niall T 19202716+jammasterj89@users.noreply.github.com
 2021-01-15 11:20:59 +00:00
jammasterj89
47e4cc173c
Fix check_2 to -le 644 
Issue #459 raised that check_2 was only checking for 644 or 600 permissions, this now checks for anything less than or equal to 644.

Signed-off-by: Niall T 19202716+jammasterj89@users.noreply.github.com
 2021-01-15 10:29:11 +00:00
Thomas Sjögren
8bd04d683f
Merge pull request #460 from jammasterj89/master 
Update alpine to 3.13.0
 2021-01-15 10:21:31 +00:00
Thomas Sjögren
d3d25c8fc8
Update Dockerfile 
Co-authored-by: Sebastiaan van Stijn <thaJeztah@users.noreply.github.com>
 2021-01-15 10:20:35 +00:00
jammasterj89
f47f61538e
Update alpine to 3.13.0 
Updated alpine version to latest - 3.13.0

Signed-off-by: Niall T <19202716+jammasterj89@users.noreply.github.com>
 2021-01-15 09:30:14 +00:00
Thomas Sjögren
75fe107048
Merge pull request #457 from sa7mon/patch-1 
Grammar fixes in README
 2020-11-30 16:26:33 +00:00
Dan Salmon
b7d8805ce1
Update README.md 
Grammar fixes
 2020-11-30 14:44:00 +00:00
Thomas Sjögren
ca0db8898f
Merge pull request #454 from Constantin07/do_not_leave_dangling_container_after_run 
Remove container after run.
 2020-11-18 09:22:08 +00:00
Constantin Bugneac
1ea667f2f0 Remove container after run. 2020-11-17 21:49:07 +00:00
Thomas Sjögren
6ad1a1ef77
Merge pull request #451 from konstruktoid/imgname 
print img if empty RepoTags, and fix tabbing
 2020-11-02 08:27:59 +00:00
Thomas Sjögren
3877abd975 print img if empty RepoTags, and fix tabbing 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-11-02 09:26:20 +01:00
Thomas Sjögren
93c619f018
Merge pull request #445 from thaJeztah/no_experimental 
Deprecate rule 2.16 for Docker > 19.03
 2020-10-02 17:31:15 +00:00
Sebastiaan van Stijn
0f3dfe70fe
Deprecate rule 2.16 for Docker > 19.03 
The upcoming 20.x docker release will always have experimental features
enabled, which will stop this test from working.

More details can be found in docker/cli##2774

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2020-10-02 18:01:57 +02:00
Thomas Sjögren
f3e9c791ce
Merge pull request #444 from markdumay/partition 
Support user namespaces in partition check (1.2.1)
 2020-09-29 11:24:17 +00:00
mark
d85c73316a Updated mountpoint check to support user namespace 2020-09-29 12:41:25 +02:00
mark
919816dbbf Changed to 'df' to support user namespaces 2020-09-28 08:04:17 +02:00
Thomas Sjögren
b6478e9367
Merge pull request #374 from draios/limit-num-items-reported 
Limit the number of reported items
 2020-07-13 11:22:49 +00:00
Mark Stemm
4cfb58f675 Limit the number of reported items 
In some evironments, there may be a very large number of images,
containers, etc not satisfying a given test. For example, in one
environment, we saw *378k* images not satisfying 4.6, mostly because
the customer was never cleaning up old images.

To avoid overly long lists of items, add a new option "-n LIMIT" that
limits the number of items included in JSON output. When the limit is
reached, the list will be truncated and a trailing (truncated) will be
added. Here's an example:

```
{"id": "5.9", "desc": "Ensure the host's network namespace is not
shared", "result": "WARN", "details": "Containers running with
networking mode 'host':  k8s_POD_storage-provisioner_kube-system_ef960ef5-62c5-11e9-802f-08002719228f_0
k8s_POD_kube-proxy-xfln8_kube-system_ee70c4c3-62c5-11e9-802f-08002719228f_0 (truncated)",
"items":
["k8s_POD_storage-provisioner_kube-system_ef960ef5-62c5-11e9-802f-08002719228f_0","k8s_POD_kube-proxy-xfln8_kube-system_ee70c4c3-62c5-11e9-802f-08002719228f_0","(truncated)"]},
```

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2020-07-10 13:00:29 -07:00
Thomas Sjögren
41593e80d0
Merge pull request #439 from roman-mueller/fix_description 
Remove prefix of check ID in description
 2020-06-02 14:10:21 +00:00
Roman Mueller
b3182ca8f5 Remove prefix of check ID 2020-06-02 15:57:33 +02:00
Thomas Sjögren
d6969dd2a4
Merge pull request #438 from konstruktoid/alpine 
alpine:3.12
 2020-06-01 07:31:05 +00:00
Thomas Sjögren
aa984c44db alpine:3.12 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-06-01 09:30:09 +02:00
Thomas Sjögren
1e0a10b71f
Merge pull request #436 from konstruktoid/macnetstat 
more flexible binary usage, better support for mac os
 2020-05-08 11:10:57 +00:00
Thomas Sjögren
8aec461d46 more flexible binary usage, better support for mac os 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-05-08 13:09:52 +02:00
Thomas Sjögren
375d32c0db
Merge pull request #435 from konstruktoid/scoring 
map desc_ to benchmark headings
 2020-05-08 10:41:41 +00:00
Thomas Sjögren
98acc66436 map desc_ to benchmark headings 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-05-08 12:38:08 +02:00
Thomas Sjögren
735938a8f1
Merge pull request #434 from HristoStoyanovMM/CIS_Level1_only_checks 
Add CIS Level 1 only functions
 2020-05-08 08:46:28 +00:00
herc1
4612146563 Add CIS Level 1 only functions 
Signed-off-by: HristoStoyanovMM <hristo.stoyanov@mentormate.com>
 2020-05-07 19:44:56 +03:00
Thomas Sjögren
79ef925df1
Merge pull request #430 from konstruktoid/ISSUE422b 
by an appropriate
 2020-04-17 11:12:51 +00:00
Thomas Sjögren
5210cc9ff9 by an appropriate 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-04-17 13:11:37 +02:00
Thomas Sjögren
d32d4f3ce3
Merge pull request #429 from konstruktoid/ISSUE422 
fix MacOSX volume, and lint
 2020-04-17 06:26:30 +00:00
Thomas Sjögren
1c2b912aa2 fix MacOSX volume, and lint 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-04-17 08:25:44 +02:00
Thomas Sjögren
d53ac42de1
Merge pull request #428 from konstruktoid/ISSUE424 
update README, correct volume binary paths
 2020-04-16 15:18:38 +00:00
Thomas Sjögren
3c38419c5b update README, correct volume binary paths 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-04-16 17:17:51 +02:00
Thomas Sjögren
2cdfa3df25
Merge pull request #423 from illyaMs/master 
[Ubuntu] Fix issue with docker.service and docker.socket files not found
 2020-04-15 09:05:50 +00:00
Thomas Sjögren
2972b685fc
Merge pull request #427 from konstruktoid/ISSUE425 
use opensuse/leap, and remove awk linkage
 2020-04-15 08:55:27 +00:00
Thomas Sjögren
9f92e46df8 use opensuse/leap, and remove awk linkage 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-04-15 10:54:17 +02:00
Ilya Dus
51bc75eb55 fix(docs): explain the need of mounting /lib/systemd/system folder for Ubuntu 
Signed-off-by: Ilya Dus <ilyadoos@gmail.com>
 2020-04-10 16:27:32 +03:00
Ilya Dus
d42fedc370 fix(sh): check default ubuntu locations of docker.service and docker.socket files 
Signed-off-by: Ilya Dus <ilyadoos@gmail.com>
 2020-04-10 16:26:25 +03:00
Thomas Sjögren
0307da4c61
Merge pull request #421 from konstruktoid/issue158 
macOS user instructions. ref #158
 2020-04-01 13:20:41 +02:00
Thomas Sjögren
b3488e7d1f macOS user instructions. ref #158 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-04-01 13:19:55 +02:00
Thomas Sjögren
937ec4958a
Merge pull request #419 from zawazawa0316/fix_5 
Fix check conditions
 2020-03-09 14:54:32 +00:00
zawazawa0316
33566331d1 fix line 230 
Signed-off-by: zawazawa0316 <37421794+zawazawa0316@users.noreply.github.com>
 2020-03-09 23:48:10 +09:00
zawazawa0316
b046f930bc remove single space at line 230 
Signed-off-by: zawazawa0316 <37421794+zawazawa0316@users.noreply.github.com>
 2020-03-09 23:45:25 +09:00
zawazawa0316
12f19d9f64 Fix check conditions 
Signed-off-by: zawazawa0316 <37421794+zawazawa0316@users.noreply.github.com>
 2020-03-07 05:24:24 +09:00
Thomas Sjögren
e1feca8620
Merge pull request #417 from zawazawa0316/fix_2_5 
Fix check condition
 2020-03-03 14:04:32 +00:00
zawazawa0316
b16da2c2ed Fix check condition 
Signed-off-by: zawazawa0316 <37421794+zawazawa0316@users.noreply.github.com>
 2020-03-03 21:51:49 +09:00
Thomas Sjögren
11da147df9
Merge pull request #407 from Intermax-Cloudsourcing/allow-include-checks-mixing 
fix: allow combining include and exclude
 2020-01-29 12:07:32 +00:00