GuillaumeHemmen/docker-bench-security
1
0
Fork 0
mirror of https://github.com/docker/docker-bench-security.git synced 2025-01-19 00:32:34 +01:00
Code Issues Projects Releases Packages Wiki Activity
817 commits 3 branches 11 tags 4.9 MiB
Commit graph

66 commits

Author SHA1 Message Date
Thomas Sjögren
0d5874877b if the docker daemon is configure with no-new-privileges, pass check 5.25 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2021-12-02 11:10:12 +01:00
serica
0ae544dd03 fix style and false warning in check_5_3 2021-11-30 18:38:36 -08:00
João Fernandes
a409e03d99
Fix typo in check_5_21 2021-11-11 20:39:22 +00:00
Nikita Stupin
dacc7372bf Implement listing of open ports 2021-07-08 13:00:21 +03:00
Thomas Sjögren
bd05445528 initial commit of tests/5_container_runtime.sh v1.3.1 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2021-05-25 20:49:46 +02:00
Razvan Stoica
e4d9bd1556 Set remediationImpact for 5.31 test to None. 2021-04-14 11:17:22 +03:00
Razvan Stoica
15aa1eecd5 Update remediation impact message for test 5.31 2021-04-14 10:58:53 +03:00
Razvan Stoica
d0443cc817 Bug fixing and improving source code readability 2021-03-29 15:22:14 +03:00
Razvan Stoica
f31e60c379 Add more remediation stuff 2021-03-22 09:43:56 +02:00
Razvan Stoica
7144b947de Tests update 2021-03-16 10:05:49 +02:00
Razvan Stoica
6c586b4e08 Print remediation measures at the end of the logs 2021-03-10 21:47:52 +02:00
Razvan Stoica
9ae0d92b5d Fix "nohealthlocal: command not found" error 2021-03-10 14:58:58 +02:00
Razvan Stoica
94900eedb9 Change global variable used only locally to local variable for simplification 2021-03-09 12:42:48 +02:00
Thomas Sjögren
98acc66436 map desc_ to benchmark headings 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-05-08 12:38:08 +02:00
zawazawa0316
33566331d1 fix line 230 
Signed-off-by: zawazawa0316 <37421794+zawazawa0316@users.noreply.github.com>
 2020-03-09 23:48:10 +09:00
zawazawa0316
b046f930bc remove single space at line 230 
Signed-off-by: zawazawa0316 <37421794+zawazawa0316@users.noreply.github.com>
 2020-03-09 23:45:25 +09:00
zawazawa0316
12f19d9f64 Fix check conditions 
Signed-off-by: zawazawa0316 <37421794+zawazawa0316@users.noreply.github.com>
 2020-03-07 05:24:24 +09:00
Thomas Sjögren
ddad135d13 shellcheck 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-10-16 09:49:18 +02:00
Thomas Sjögren
77a3bc65d7 fix 5.28 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-08-28 12:59:49 +02:00
Thomas Sjögren
17c6262d2f formating 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-08-28 12:14:35 +02:00
Thomas Sjögren
0b007baf7e first pass on section 5 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-08-27 15:43:29 +02:00
Thomas Sjögren
391e09f76a linting 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2018-11-01 10:24:36 +01:00
Mark Stemm
ec7d8ce690 Improve docker-bench-security json output 
Add a test object for each test performed by the script. Each object has
an id N.M, a desc property describing the test, and the result. Some
tests include additional information about the test e.g. "No TLS
Certificate Found". That can be found in an optional details property of
the test object.

Also, some tests might also return a list of containers, images, users,
etc. This is included in an optional items property of the test object.

Instead of having all test results as top-level objects, break the test
results into sections. Each section has an id + description e.g. "1" and
"Host Configuration". The tests for that section are an array below that
object.

All of the additional json output is implemented by adding new functions
startsectionjson(), endsectionjson(), starttestjson(), and
resulttestjson() that take the id/desc/etc as arguments and print the
proper json properties. It also required adding an "end" test to each
script that calls endsectionjson().

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2018-10-11 13:39:55 -07:00
Thomas Sjögren
f1137cd36a dont decrease 5.29 #316 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2018-08-06 09:51:06 +02:00
Mike Ritter
a3094ac5c6 New Features 
Signed-off-by: Mike Ritter <mike.ritter@target.com>
 2018-02-27 08:43:51 -06:00
Thomas Sjögren
8142de8334 convert all checks to functions 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2018-01-16 13:46:49 +01:00
Thomas Sjögren
25b40c94a2
Merge branch 'master' into issue265 2018-01-12 11:49:04 +01:00
Thomas Sjögren
57acb04a96 catch seccomp:unconfined|seccomp=unconfined 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2018-01-12 11:36:14 +01:00
Thomas Sjögren
e32910172f add score and totalChecks to 5_ 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-10-23 15:40:52 +02:00
Thomas Sjögren
be4dd69f3f check 5.x json log 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-10-13 10:25:23 +02:00
Thomas Sjögren
88b48315bc update checks 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-07-07 11:16:49 +02:00
Thomas Sjögren
a97bdfbe0d add note tag on informal checks 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-03-23 11:29:58 +01:00
Thomas Sjögren
bd236b1ac0 add host / as sensitive 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-02-13 11:36:16 +01:00
Thomas Sjögren
e78f1b8045 replace contains with grep 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-02-10 15:35:06 +01:00
Thomas Sjögren
4e126efdbb 5.25 check correction 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-01-27 11:00:36 +01:00
Thomas Sjögren
6c35842734 5.19 check correction 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-01-27 11:00:25 +01:00
Thomas Sjögren
7fc5dc33a7 sh if lint 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-01-27 10:59:57 +01:00
Thomas Sjögren
68ed3dd845 default capabilities are OK to add, closes #207 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-01-25 12:07:14 +01:00
Thomas Sjögren
7f87db0768 1.13 Section 5 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-01-24 15:26:19 +01:00
Thomas Sjögren
77617321df update info messages, not scored 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-01-23 17:06:10 +01:00
Thomas Sjögren
933f1b6da9 output formating 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-01-23 16:16:02 +01:00
Thomas Sjögren
07dbba6400 #182 remove legacy code 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-01-23 12:52:31 +01:00
Thomas Sjögren
6a2176b34e #182 messages and syntax 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-01-23 12:40:32 +01:00
Ravi Kumar Vadapalli
6aae32f4e5 Support for 'CIS Docker Benchmark 1.12.0' 
Signed-off-by: Ravi Kumar Vadapalli <vadapalli.ravikumar@gmail.com>
 2016-12-20 20:31:58 +05:30
Thomas Sjögren
9e94259903 update chap 5 to cis 1.11 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2016-04-15 00:12:00 +02:00
Thomas Sjögren
8d6f1e81c2 ps flags not in output 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2016-03-29 23:52:39 +02:00
Matt Fellows
4d8ffc5943 Fix spelling mistake (proccesses -> processes) 
Signed-off-by: Matt Fellows <matt.fellows@onegeek.com.au>
 2016-02-25 11:08:43 +11:00
Thomas Sjögren
00a1270c9b inspect output changed 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-12-22 19:46:32 +01:00
Csaba Palfi
831a373a61 make process count check even simpler 
Signed-off-by: Csaba Palfi <csaba@palfi.me>
 2015-08-17 17:41:47 +01:00
Csaba Palfi
d7926a0f31 make process count check a bit easier to read 
Signed-off-by: Csaba Palfi <csaba@palfi.me>
 2015-08-17 17:29:42 +01:00