GuillaumeHemmen/docker-bench-security
1
0
Fork 0
mirror of https://github.com/docker/docker-bench-security.git synced 2025-01-19 00:32:34 +01:00
Code Issues Projects Releases Packages Wiki Activity
111 commits 3 branches 11 tags 4.9 MiB
Commit graph

111 commits

This branch
This branch
All branches
Author SHA1 Message Date
Thomas Sjögren
f3d9b5cc2e Use distros/Dockerfile.alpine 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-07-01 21:00:51 +02:00
Thomas Sjögren
cbb351bbf3 FROM must be the first instruction 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-07-01 20:59:09 +02:00
Thomas Sjögren
19d3d39e50 Merge pull request #48 from jlusiardi/fix_issue_47 
Fix for issue #47.
 2015-07-01 20:16:27 +02:00
Joachim Lusiardi
2d29af704e Improve fix for issue 47 using prep -x -o 
The use of `pgrep -x`was proposed by @rnelson0. `pgrep -x -o` should limit the result to the oldest exactly matching execution of a binary called `docker`.

Signed-off-by: Joachim Lusiardi <joachim@lusiardi.de>
 2015-06-29 22:28:14 +02:00
Joachim Lusiardi
fae2639313 Addition to fix for issue #47. 
Missed the potentially wrong invocations of pgrep also in section 3
of the tests. Replace "pgrep -lf" there as well.

Signed-off-by: Joachim Lusiardi <joachim@lusiardi.de>
 2015-06-29 22:27:59 +02:00
Joachim Lusiardi
fc8eefb8a6 Fix for issue #47. 
Introduces a new function in helper_lib.sh to query the command line
arguments of the running instances of a binary. This is done to get
rid of the problem of "-lf" versus "-alf" for pgrep.

Signed-off-by: Joachim Lusiardi <joachim@lusiardi.de>
 2015-06-29 22:27:34 +02:00
Diogo Monica
f18f5edff0 Change the scripts header to mention Docker Benchmark for Security 2015-06-28 11:04:53 -07:00
Diogo Mónica
7efb4b1d95 Update README 2015-06-28 11:00:37 -07:00
Diogo Mónica
f9fc158951 Merge pull request #50 from konstruktoid/distro_dir 
Distro dir
 2015-06-28 10:34:49 -07:00
Thomas Sjögren
7afc408e49 remove Dockerfile from readme 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-06-26 02:18:56 +02:00
Thomas Sjögren
e2cd15bf52 Dockerfile name 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-06-23 22:48:37 +02:00
Thomas Sjögren
2a9d8a0da7 distro specific example 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-06-23 22:46:03 +02:00
Thomas Sjögren
a324c22e3c distro specific readme 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-06-23 22:45:43 +02:00
Thomas Sjögren
0df4448fb8 Merge pull request #49 from konstruktoid/apk_update 
keep the image up-to-date
 2015-06-23 21:36:28 +02:00
Thomas Sjögren
641bf4e864 keep the image up-to-date 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-06-23 21:32:35 +02:00
Thomas Sjögren
88566a8f9f Merge pull request #44 from konstruktoid/shellcheck 
shellcheck fixes
 2015-06-23 21:20:50 +02:00
Thomas Sjögren
553e2d7c30 Merge remote-tracking branch 'origin/master' into shellcheck 
* origin/master:
  actually catch ssh
  update do_version_check

Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>

Conflicts:
	tests/1_host_configuration.sh
	tests/5_container_runtime.sh
 2015-06-23 21:17:41 +02:00
Thomas Sjögren
10efc9ee61 Merge pull request #45 from konstruktoid/version_count 
update do_version_check and 5.7
 2015-06-23 21:05:16 +02:00
Thomas Sjögren
2907078fd2 actually catch ssh 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-06-21 23:11:23 +02:00
Thomas Sjögren
ef8ff4a9f3 update do_version_check 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-06-21 23:11:02 +02:00
Thomas Sjögren
b5c571df18 shellcheck fixes 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-06-21 23:03:34 +02:00
Thomas Sjögren
62a903246c Merge pull request #43 from konstruktoid/contrib_b 
tests tree
 2015-06-21 22:08:19 +02:00
Thomas Sjögren
072df180aa tests tree 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-06-21 22:07:07 +02:00
Thomas Sjögren
edf0646330 Merge pull request #40 from liron-l/master 
Fix CIS 5.8 - Reverse container port and reduce privileged port to 1024
 2015-06-21 21:45:01 +02:00
Liron Levin
ddc7553e7a Merge branch 'master' of github.com:liron-l/docker-bench-security 
Signed-off-by: Liron Levin <liron@twistlock.com>
 2015-06-21 07:26:39 +03:00
Liron Levin
b2093036df Fix CIS 5.8 - Reverse container port and reduce privileged port to 1024 
-- According to CIS, 5.8 apply to priviliged port on the host not on the
container:
`processes are not allowed to use them for various security reasons.
Docker allows a
container port to be mapped to a privileged port.`
-- Also privileged port should be less than 1024 inclusive

Signed-off-by: liron-l <levinlir@gmail.com>
Signed-off-by: Liron Levin <liron@twistlock.com>
 2015-06-21 07:25:24 +03:00
liron-l
0602870be5 Fix CIS 5.8 - Reverse container port and reduce privileged port to 1024 
-- According to CIS, 5.8 apply to priviliged port on the host not on the
container:
`processes are not allowed to use them for various security reasons.
Docker allows a
container port to be mapped to a privileged port.`
-- Also privileged port should be less than 1024 inclusive

Signed-off-by: liron-l <levinlir@gmail.com>
 2015-06-21 07:19:28 +03:00
Thomas Sjögren
b8afe35a5b Merge pull request #42 from konstruktoid/contrib 
CONTRIBUTING.md
 2015-06-19 23:55:05 +02:00
Thomas Sjögren
b808610b45 simplify dir tree 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-06-19 23:52:01 +02:00
Thomas Sjögren
0b32b8aa22 codecheck w shellcheck, checkbashisms 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-06-19 23:47:27 +02:00
Thomas Sjögren
3d2565742a same build instructions everywhere 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-06-19 23:46:43 +02:00
Thomas Sjögren
2a0241d839 Merge pull request #41 from konstruktoid/exclude_container 
consistent labeling
 2015-06-19 23:34:36 +02:00
Thomas Sjögren
2dbfdd112f consistent labeling 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-06-19 23:31:44 +02:00
Thomas Sjögren
d9bb6ce936 Merge pull request #39 from konstruktoid/issue_31 
Change from ls to stat, fix permissions
 2015-06-19 22:48:32 +02:00
Thomas Sjögren
1e0ef4cf97 crt dir and permissions 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-06-18 00:32:20 +02:00
Thomas Sjögren
0c61ddb6dd from ls to stat 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-06-17 23:52:53 +02:00
Thomas Sjögren
3059cef2c3 444 is read-only 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-06-17 23:52:23 +02:00
Thomas Sjögren
70b8d33cef replace ls with stat when checking owner and perms 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-06-17 23:25:01 +02:00
Thomas Sjögren
820bb581b7 add stat. reorder 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-06-17 23:23:59 +02:00
Diogo Mónica
23a74b5bd0 Fixing local running of container in README 2015-06-17 11:25:52 -07:00
Diogo Mónica
e8c3571a84 Fixed Examples 2015-06-16 17:21:54 -07:00
Thomas Sjögren
158c5cf1ac Merge pull request #36 from konstruktoid/issue_33 
catch all -H, not only tcp://
 2015-06-15 23:34:23 +02:00
Thomas Sjögren
20db7d8a4d catch all -H, not only tcp:// 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-06-15 23:04:02 +02:00
Thomas Sjögren
49070a4af1 Merge pull request #35 from konstruktoid/cap_audit 
add cap_audit_control for auditctl to work
 2015-06-15 22:19:41 +02:00
Thomas Sjögren
cf7b13d5ba add cap_audit_control for auditctl to work 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-06-15 22:15:24 +02:00
Thomas Sjögren
af47962bc8 Merge pull request #26 from konstruktoid/issue_25 
Issue #25, dont warn if file is missing and add /var/lib
 2015-06-15 22:03:46 +02:00
Thomas Sjögren
eca8471c71 Merge branch 'master' of github.com:konstruktoid/docker-bench-security into issue_25 
* 'master' of github.com:konstruktoid/docker-bench-security:
  Fix test 5.14 to not always pass when multiple ports are published.
  change to docker repository
  make readme codeblocks prettier
  Add first version of CONTRIBUTING.md
  Issue #24, remove -U, -u
  use official alpine image as the base
  Make the main script an executable for if I want to run it on my host

Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>

Conflicts:
	README.md
 2015-06-15 22:01:48 +02:00
Diogo Mónica
0cbb99d1f1 Merge pull request #34 from CtrlZvi/5.14_multiport_support 
Fix test 5.14 to not always pass when multiple ports are published.
 2015-06-15 11:44:55 -07:00
Zvi "Viz" Effron
3616f15cba Fix test 5.14 to not always pass when multiple ports are published. 
Signed-off-by: Zvi "Viz" Effron <zeffron@riotgames.com>
 2015-06-15 11:26:13 -07:00
Diogo Mónica
0e7967e9b0 Merge pull request #32 from konstruktoid/docker_pull 
change to docker repository
 2015-06-14 14:56:06 -07:00