GuillaumeHemmen/docker-bench-security
1
0
Fork 0
mirror of https://github.com/docker/docker-bench-security.git synced 2025-01-19 08:42:33 +01:00
Code Issues Projects Releases Packages Wiki Activity
733 commits 3 branches 11 tags 4.9 MiB
Commit graph

37 commits

Author SHA1 Message Date
Razvan Stoica
6c586b4e08 Print remediation measures at the end of the logs 2021-03-10 21:47:52 +02:00
Razvan Stoica
94900eedb9 Change global variable used only locally to local variable for simplification 2021-03-09 12:42:48 +02:00
Jo Cook
e9b9bfd270
Update 4_container_images.sh 
Correcting an extremely minor grammatical error (sorry)
 2021-02-25 19:04:05 +00:00
Thomas Sjögren
3877abd975 print img if empty RepoTags, and fix tabbing 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-11-02 09:26:20 +01:00
Thomas Sjögren
98acc66436 map desc_ to benchmark headings 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-05-08 12:38:08 +02:00
Thomas Sjögren
d1934b614e
Merge pull request #390 from jammasterj89/master 
Issue #383 ability to exclude images
Closes #383, #369
 2019-08-29 15:10:53 +02:00
jammasterj89
e1d26673ee Remove check_images 
Removed check_images due to removal of -t parameter and $images being set in docker-bench-security.sh

Signed-off-by: Niall T <jammasterj89@gmail.com>
 2019-08-29 13:37:50 +01:00
jammasterj89
4bb6e19965 Added check_images 
Added check_images which moves the previous $imgList into this function and removed the else as this is handled within the main .sh

Signed-off-by: Niall T <jammasterj89@gmail.com>
 2019-08-29 13:37:10 +01:00
Thomas Sjögren
e5c22c5f01 first pass on section 4 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-08-27 15:25:54 +02:00
Thomas Sjögren
1c8699bcf3 revert grep thought fail 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-03-20 09:57:19 +01:00
Thomas Sjögren
740439d352 accept only if ADD in / #362 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-03-19 14:54:38 +01:00
Thomas Sjögren
cec124a162 exclude first ADD since its most often the base #362 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-03-19 14:27:02 +01:00
Thomas Sjögren
d942b12e0a INFO shouldnt increase score #362 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-03-14 10:32:39 +01:00
Thomas Sjögren
7e3ecaf17d catch root with uid and name as well #358 CVE-2019-5736 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-02-13 14:58:34 +01:00
Thomas Sjögren
a911c23915 4.9 resulttestjson "INFO" #356 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-01-24 16:46:51 +01:00
Anthony Roger
1dd7956760 feat: add the ability to select the images to be check from registry in order to integrate in ci 
Signed-off-by: Anthony Roger <aroger@softwaymedical.fr>
 2018-12-11 14:39:16 +01:00
Thomas Sjögren
391e09f76a linting 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2018-11-01 10:24:36 +01:00
Mark Stemm
ec7d8ce690 Improve docker-bench-security json output 
Add a test object for each test performed by the script. Each object has
an id N.M, a desc property describing the test, and the result. Some
tests include additional information about the test e.g. "No TLS
Certificate Found". That can be found in an optional details property of
the test object.

Also, some tests might also return a list of containers, images, users,
etc. This is included in an optional items property of the test object.

Instead of having all test results as top-level objects, break the test
results into sections. Each section has an id + description e.g. "1" and
"Host Configuration". The tests for that section are an array below that
object.

All of the additional json output is implemented by adding new functions
startsectionjson(), endsectionjson(), starttestjson(), and
resulttestjson() that take the id/desc/etc as arguments and print the
proper json properties. It also required adding an "end" test to each
script that calls endsectionjson().

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2018-10-11 13:39:55 -07:00
Thomas Sjögren
ebfb20c65f 4.7 is not scored 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2018-07-01 20:01:10 +02:00
Thomas Sjögren
8142de8334 convert all checks to functions 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2018-01-16 13:46:49 +01:00
Thomas Sjögren
de82250274 add score and totalChecks to 4_ 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-10-23 15:40:12 +02:00
Thomas Sjögren
b8fac4a7d2 check 4.x json log 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-10-13 10:02:48 +02:00
Thomas Sjögren
efa3b4522f update check names 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-07-07 10:56:18 +02:00
Thomas Sjögren
a97bdfbe0d add note tag on informal checks 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-03-23 11:29:58 +01:00
Thomas Sjögren
7d992029e6 remove code, if CMD instead of exit code 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-02-17 15:03:29 +01:00
Thomas Sjögren
77617321df update info messages, not scored 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-01-23 17:06:10 +01:00
Thomas Sjögren
933f1b6da9 output formating 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-01-23 16:16:02 +01:00
Thomas Sjögren
07dbba6400 #182 remove legacy code 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-01-23 12:52:31 +01:00
Thomas Sjögren
6a2176b34e #182 messages and syntax 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-01-23 12:40:32 +01:00
Ravi Kumar Vadapalli
6aae32f4e5 Support for 'CIS Docker Benchmark 1.12.0' 
Signed-off-by: Ravi Kumar Vadapalli <vadapalli.ravikumar@gmail.com>
 2016-12-20 20:31:58 +05:30
Thomas Sjögren
c544e417b0 update chap 4 to cis 1.11 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2016-04-14 23:15:16 +02:00
Werner Buck
f4aab9c8c5 Double quote to prevent globbing and word splitting. 
Do not use legacy backticks.
Proper use of printf
Do not use wc -l with grep, instead use grep -c
Use pgrep

Signed-off-by: Werner Buck <wernerbuck@gmail.com>
 2015-05-31 12:26:37 +02:00
Diogo Monica
03ac3f5bd3 Make ifs style be consistent 2015-05-14 20:26:32 -07:00
Diogo Monica
1c795f146e Added filtering to ignore security-benchmark container 2015-05-13 19:22:39 -07:00
Diogo Monica
1ebf49c35a Fixed the script to ignore containers with label security-benchmark 2015-05-13 17:08:12 -07:00
Diogo Monica
e63766e945 Added more empty modes. This does not seem to be consistent 2015-05-13 16:13:03 -07:00
Diogo Monica
18d5a13240 First version of the CIS Docker Benchmark v1.0.0 2015-05-13 15:26:45 -07:00