docker-bench-security

mirror of https://github.com/docker/docker-bench-security.git synced 2025-01-19 00:32:34 +01:00

Author	SHA1	Message	Date
Razvan Stoica	7144b947de	Tests update	2021-03-16 10:05:49 +02:00
Razvan Stoica	6c586b4e08	Print remediation measures at the end of the logs	2021-03-10 21:47:52 +02:00
Razvan Stoica	94900eedb9	Change global variable used only locally to local variable for simplification	2021-03-09 12:42:48 +02:00
jammasterj89	f8c9b0fd5b	Replace multiple -eq with -le Replace multiple -eq with -le for file permission checks. Except for line 228 which uses slightly different logic so is -ge. Signed-off-by: Niall T 19202716+jammasterj89@users.noreply.github.com	2021-01-15 11:20:59 +00:00
jammasterj89	47e4cc173c	Fix check_2 to -le 644 Issue #459 raised that check_2 was only checking for 644 or 600 permissions, this now checks for anything less than or equal to 644. Signed-off-by: Niall T 19202716+jammasterj89@users.noreply.github.com	2021-01-15 10:29:11 +00:00
Thomas Sjögren	98acc66436	map desc_ to benchmark headings Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2020-05-08 12:38:08 +02:00
Ilya Dus	d42fedc370	fix(sh): check default ubuntu locations of docker.service and docker.socket files Signed-off-by: Ilya Dus <ilyadoos@gmail.com>	2020-04-10 16:26:25 +03:00
Thomas Sjögren	ddad135d13	shellcheck Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2019-10-16 09:49:18 +02:00
Thomas Sjögren	d680213a7b	fix /etc/sysconfig/docker closes #397 Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2019-10-04 14:50:48 +02:00
Thomas Sjögren	17c6262d2f	formating Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2019-08-28 12:14:35 +02:00
Thomas Sjögren	f968597051	first pass on section 3 Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2019-08-27 15:13:19 +02:00
Thomas Sjögren	391e09f76a	linting Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2018-11-01 10:24:36 +01:00
Mark Stemm	ec7d8ce690	Improve docker-bench-security json output Add a test object for each test performed by the script. Each object has an id N.M, a desc property describing the test, and the result. Some tests include additional information about the test e.g. "No TLS Certificate Found". That can be found in an optional details property of the test object. Also, some tests might also return a list of containers, images, users, etc. This is included in an optional items property of the test object. Instead of having all test results as top-level objects, break the test results into sections. Each section has an id + description e.g. "1" and "Host Configuration". The tests for that section are an array below that object. All of the additional json output is implemented by adding new functions startsectionjson(), endsectionjson(), starttestjson(), and resulttestjson() that take the id/desc/etc as arguments and print the proper json properties. It also required adding an "end" test to each script that calls endsectionjson(). Signed-off-by: Mark Stemm <mark.stemm@gmail.com>	2018-10-11 13:39:55 -07:00
Thomas Sjögren	773625a894	ref #325 daemon.json permissions Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2018-09-27 09:49:32 +02:00
Thomas Sjögren	78700f2600	consistent currentScore Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2018-07-01 20:04:20 +02:00
Thomas Sjögren	8142de8334	convert all checks to functions Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2018-01-16 13:46:49 +01:00
Thomas Sjögren	f9be3996f4	add score and totalChecks to 3_ Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2017-10-23 15:39:52 +02:00
Thomas Sjögren	7a1b813cdc	check 3.x json log Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2017-10-13 09:53:15 +02:00
Thomas Sjögren	44e46c63c3	spaces Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2017-07-07 13:06:23 +02:00
Thomas Sjögren	03974c0854	update titles and tests Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2017-07-07 10:37:09 +02:00
Thomas Sjögren	17ee45ba94	test tls get_docker_configuration_file_args Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2017-03-23 15:28:06 +01:00
Thomas Sjögren	6105ff6641	use stat when checking permissions Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2017-03-22 15:23:04 +01:00
Thomas Sjögren	91e625b8e4	Modify get_docker_configuration_file_args in order to handle daemon.json better, and also address missing files issue. Closes #231 Closes #232 Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2017-03-21 14:49:42 +01:00
Thomas Sjögren	91eb958dd3	get file locations from config file Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2017-02-23 16:33:54 +01:00
Thomas Sjögren	b766037da8	update permission checks Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2017-01-23 17:26:07 +01:00
Thomas Sjögren	e3da5eacf0	update chap 3 to cis 1.11 Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2016-04-14 22:57:25 +02:00
Thomas Sjögren	001811bf87	use stat to verify permissions Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2016-02-16 23:23:27 +01:00
Thomas Sjögren	606f70f83f	flexible paths for docker.socket as well Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2015-12-12 16:16:50 +01:00
Thomas Sjögren	e8c6b94143	check docker.service Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2015-12-12 16:08:46 +01:00
Thomas Sjögren	80794e5638	get .service file location from systemd Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2015-11-27 19:26:03 +01:00
Andreas Stieger	d2ba1d9f72	Fix #97 , #98 , #99 by using new helper functions Signed-off-by: Andreas Stieger <astieger@suse.com>	2015-11-27 15:35:37 +01:00
Andreas Stieger	cd7efa2afc	Fix test 3.25, correctly check for root:docker ownership, fixes #95 Signed-off-by: Andreas Stieger <astieger@suse.com>	2015-11-11 18:58:03 +01:00
Andreas Stieger	c5cb9cdc5c	POSIX test command requires -S for UNIX domain sockets, fixes #94 Signed-off-by: Andreas Stieger <astieger@suse.com>	2015-11-11 18:57:58 +01:00
Thomas Sjögren	6fca0428e7	missed one tls* Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2015-07-10 02:10:26 +02:00
Thomas Sjögren	b3fd225df8	fix incorrect file variables Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2015-07-10 01:43:11 +02:00
Thomas Sjögren	8b0efa170f	split cmdline Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2015-07-10 01:30:38 +02:00
Joachim Lusiardi	fae2639313	Addition to fix for issue #47 . Missed the potentially wrong invocations of pgrep also in section 3 of the tests. Replace "pgrep -lf" there as well. Signed-off-by: Joachim Lusiardi <joachim@lusiardi.de>	2015-06-29 22:27:59 +02:00
Thomas Sjögren	1e0ef4cf97	crt dir and permissions Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2015-06-18 00:32:20 +02:00
Thomas Sjögren	0c61ddb6dd	from ls to stat Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2015-06-17 23:52:53 +02:00
Thomas Sjögren	3059cef2c3	444 is read-only Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2015-06-17 23:52:23 +02:00
Thomas Sjögren	70b8d33cef	replace ls with stat when checking owner and perms Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2015-06-17 23:25:01 +02:00
Werner Buck	f4aab9c8c5	Double quote to prevent globbing and word splitting. Do not use legacy backticks. Proper use of printf Do not use wc -l with grep, instead use grep -c Use pgrep Signed-off-by: Werner Buck <wernerbuck@gmail.com>	2015-05-31 12:26:37 +02:00
Diogo Monica	03ac3f5bd3	Make ifs style be consistent	2015-05-14 20:26:32 -07:00
Diogo Monica	18d5a13240	First version of the CIS Docker Benchmark v1.0.0	2015-05-13 15:26:45 -07:00

44 commits