GuillaumeHemmen/docker-bench-security
1
0
Fork 0
mirror of https://github.com/docker/docker-bench-security.git synced 2024-11-01 08:31:44 +01:00
Code Issues Projects Releases Packages Wiki Activity
752 commits 3 branches 11 tags 4.9 MiB
Commit graph

752 commits

This branch
This branch
All branches
Author SHA1 Message Date
Razvan Stoica
e5efe2bf40 Add explanations for newly added features 2021-03-16 10:13:31 +02:00
Razvan Stoica
091b4b954a Add option to specify trusted users. Add option to disable the printing of remediation measures. 2021-03-16 10:11:29 +02:00
Razvan Stoica
9722e5d89a Move the help scripts to a dedicated folder 2021-03-16 10:07:48 +02:00
Razvan Stoica
7144b947de Tests update 2021-03-16 10:05:49 +02:00
Razvan Stoica
ca03a37db6 Remove duplicate Dockerfile 2021-03-16 10:00:45 +02:00
Razvan Stoica
b757aa7334 Connection to the apk repositories is HTTPS by default 2021-03-16 09:58:57 +02:00
Razvan Stoica
2986d618f4 Ignore all. Whitelist only essential things. 2021-03-16 09:53:32 +02:00
Razvan Stoica
ee5972cb69 Add new folders to improve code segmentation 2021-03-16 09:50:12 +02:00
Razvan Stoica
bf11d68522 Add new check groups 2021-03-11 16:17:11 +02:00
Razvan Stoica
11886d47d8 Fixed invalid JSON log 2021-03-11 15:00:12 +02:00
Razvan Stoica
82ecb7e089 README file updated with new default logs location 2021-03-11 13:29:15 +02:00
Razvan Stoica
ed23f2d285 Change default log locations 2021-03-11 13:24:58 +02:00
Razvan Stoica
ad62371ace Move all pictures to a dedicated folder 2021-03-11 13:12:05 +02:00
Razvan Stoica
59a63dd49a Print more details in help message 2021-03-11 10:21:13 +02:00
Razvan Stoica
c623d3afdd Print the remediation measure only if the check is not passed 2021-03-11 09:32:29 +02:00
Razvan Stoica
b3a36e8d94 Print Section B only if it contains remediation measures 2021-03-11 09:26:31 +02:00
Razvan Stoica
82bbe1d562 Update benchmark log photo 2021-03-11 09:12:46 +02:00
Razvan Stoica
1623c4585e Set a relative image link 2021-03-11 08:34:55 +02:00
Razvan Stoica
85117ea1a2 Improve wording 2021-03-11 08:30:01 +02:00
Razvan Stoica
f769a32e9b Update benchmark log photo 2021-03-11 08:26:35 +02:00
Razvan Stoica
6c586b4e08 Print remediation measures at the end of the logs 2021-03-10 21:47:52 +02:00
Razvan Stoica
9ae0d92b5d Fix "nohealthlocal: command not found" error 2021-03-10 14:58:58 +02:00
Razvan Stoica
2132b03b92 Usage instructions aligned between the README.md and docker-bench-security.sh files 2021-03-10 10:01:18 +02:00
Razvan Stoica
c00ef4330b Add details about remediations measure for host configuration tests 2021-03-09 21:43:25 +02:00
Razvan Stoica
58205d4ef5 Add new programs to the list of required programs 2021-03-09 17:50:00 +02:00
Razvan Stoica
519f20befd Append JSON logs when run multiple times 2021-03-09 16:06:38 +02:00
Razvan Stoica
c3511209f9 Add support for logging remediation measures in JSON format 2021-03-09 13:35:40 +02:00
Razvan Stoica
8e0daa11de Print date and time in ISO 8601 UTC format 2021-03-09 13:27:32 +02:00
Razvan Stoica
94900eedb9 Change global variable used only locally to local variable for simplification 2021-03-09 12:42:48 +02:00
Razvan Stoica
4b4fdd9f77
Add current year to the copyright header 2021-03-08 13:38:07 +02:00
Thomas Sjögren
c8984e9591
Merge pull request #464 from archaeogeek/patch-2 
Update 4_container_images.sh
 2021-02-25 22:10:39 +00:00
Jo Cook
e9b9bfd270
Update 4_container_images.sh 
Correcting an extremely minor grammatical error (sorry)
 2021-02-25 19:04:05 +00:00
Thomas Sjögren
dcf478884b
Merge pull request #463 from archaeogeek/patch-1 
Update README.md
 2021-02-23 20:28:31 +00:00
Jo Cook
3732a475cb
Update README.md 
Extended my two edits to specify that they only apply if running in a container.
 2021-02-23 17:25:12 +00:00
Jo Cook
cf7c50bf33
Update README.md 
Clarified that log files are created inside the container so that new users (ie me) don't spend ages wondering where the logs are!
 2021-02-23 12:15:22 +00:00
Thomas Sjögren
7c881b4b0b
Merge pull request #461 from jammasterj89/master 
Fix check_2 to -le 644
 2021-01-15 13:39:29 +00:00
jammasterj89
f8c9b0fd5b
Replace multiple -eq with -le 
Replace multiple -eq with -le for file permission checks. Except for line 228 which uses slightly different logic so is -ge.

Signed-off-by: Niall T 19202716+jammasterj89@users.noreply.github.com
 2021-01-15 11:20:59 +00:00
jammasterj89
47e4cc173c
Fix check_2 to -le 644 
Issue #459 raised that check_2 was only checking for 644 or 600 permissions, this now checks for anything less than or equal to 644.

Signed-off-by: Niall T 19202716+jammasterj89@users.noreply.github.com
 2021-01-15 10:29:11 +00:00
Thomas Sjögren
8bd04d683f
Merge pull request #460 from jammasterj89/master 
Update alpine to 3.13.0
 2021-01-15 10:21:31 +00:00
Thomas Sjögren
d3d25c8fc8
Update Dockerfile 
Co-authored-by: Sebastiaan van Stijn <thaJeztah@users.noreply.github.com>
 2021-01-15 10:20:35 +00:00
jammasterj89
f47f61538e
Update alpine to 3.13.0 
Updated alpine version to latest - 3.13.0

Signed-off-by: Niall T <19202716+jammasterj89@users.noreply.github.com>
 2021-01-15 09:30:14 +00:00
Thomas Sjögren
75fe107048
Merge pull request #457 from sa7mon/patch-1 
Grammar fixes in README
 2020-11-30 16:26:33 +00:00
Dan Salmon
b7d8805ce1
Update README.md 
Grammar fixes
 2020-11-30 14:44:00 +00:00
Thomas Sjögren
ca0db8898f
Merge pull request #454 from Constantin07/do_not_leave_dangling_container_after_run 
Remove container after run.
 2020-11-18 09:22:08 +00:00
Constantin Bugneac
1ea667f2f0 Remove container after run. 2020-11-17 21:49:07 +00:00
Thomas Sjögren
6ad1a1ef77
Merge pull request #451 from konstruktoid/imgname 
print img if empty RepoTags, and fix tabbing
 2020-11-02 08:27:59 +00:00
Thomas Sjögren
3877abd975 print img if empty RepoTags, and fix tabbing 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-11-02 09:26:20 +01:00
Thomas Sjögren
93c619f018
Merge pull request #445 from thaJeztah/no_experimental 
Deprecate rule 2.16 for Docker > 19.03
 2020-10-02 17:31:15 +00:00
Sebastiaan van Stijn
0f3dfe70fe
Deprecate rule 2.16 for Docker > 19.03 
The upcoming 20.x docker release will always have experimental features
enabled, which will stop this test from working.

More details can be found in docker/cli##2774

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2020-10-02 18:01:57 +02:00
Thomas Sjögren
f3e9c791ce
Merge pull request #444 from markdumay/partition 
Support user namespaces in partition check (1.2.1)
 2020-09-29 11:24:17 +00:00