docker
/
docker-bench-security
mirror of https://github.com/docker/docker-bench-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
898 Commits 3 Branches 11 Tags 4.8 MiB
Commit Graph

30 Commits

Author SHA1 Message Date
Thomas Sjögren 26f80fb331
Fix image sprawl miscalculation 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2023-08-25 12:17:48 +00:00
Thomas Sjögren 3a9deae328 initial commit of tests/6_docker_security_operations.sh v1.3.1 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2021-05-25 20:49:46 +02:00
Razvan Stoica 25de0bd826 Add remediation stuff on security operations 2021-03-18 10:30:30 +02:00
Razvan Stoica 7144b947de Tests update 2021-03-16 10:05:49 +02:00
Razvan Stoica 6c586b4e08 Print remediation measures at the end of the logs 2021-03-10 21:47:52 +02:00
Razvan Stoica 94900eedb9 Change global variable used only locally to local variable for simplification 2021-03-09 12:42:48 +02:00
Thomas Sjögren 98acc66436 map desc_ to benchmark headings 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-05-08 12:38:08 +02:00
Thomas Sjögren 3d6dd81956 first pass on section 6 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-08-27 15:52:06 +02:00
Mark Stemm ec7d8ce690 Improve docker-bench-security json output 
Add a test object for each test performed by the script. Each object has
an id N.M, a desc property describing the test, and the result. Some
tests include additional information about the test e.g. "No TLS
Certificate Found". That can be found in an optional details property of
the test object.

Also, some tests might also return a list of containers, images, users,
etc. This is included in an optional items property of the test object.

Instead of having all test results as top-level objects, break the test
results into sections. Each section has an id + description e.g. "1" and
"Host Configuration". The tests for that section are an array below that
object.

All of the additional json output is implemented by adding new functions
startsectionjson(), endsectionjson(), starttestjson(), and
resulttestjson() that take the id/desc/etc as arguments and print the
proper json properties. It also required adding an "end" test to each
script that calls endsectionjson().

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2018-10-11 13:39:55 -07:00
Daniele Marcocci 77074962b1 fix count total_containers for swarm mode 
Signed-off-by: Daniele Marcocci <daniele.marcocci@par-tec.it>
 2018-05-18 10:17:42 +02:00
Thomas Sjögren 8142de8334 convert all checks to functions 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2018-01-16 13:46:49 +01:00
Thomas Sjögren 7ebe21823d add score and totalChecks to 6_ 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-10-23 15:41:03 +02:00
Thomas Sjögren e1adab029d check 6.x json log 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-10-13 10:28:42 +02:00
Thomas Sjögren 84baf80b7d no short forms 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-07-07 13:03:45 +02:00
Thomas Sjögren 125eaf90cd inspect requires images 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-07-07 12:07:00 +02:00
Thomas Sjögren e1e902b3ed update checks 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-07-07 11:19:02 +02:00
Thomas Sjögren 77617321df update info messages, not scored 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-01-23 17:06:10 +01:00
Thomas Sjögren 81b093632a update chap 6 to cis 1.11 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2016-04-15 00:23:03 +02:00
Thomas Sjögren 00a1270c9b inspect output changed 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-12-22 19:46:32 +01:00
Ivan Angelov 7ada35cd90 Count unique image ids only 
Signed-off-by: Ivan Angelov <iangelov@users.noreply.github.com>
 2015-08-10 17:19:06 +02:00
Thomas Sjögren b5c571df18 shellcheck fixes 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-06-21 23:03:34 +02:00
Jessica Frazelle 0231a7f5de Make the main script an executable for if I want to run it on my host 
Fix image sprawl to work

Fix port range

Signed-off-by: Jessica Frazelle <princess@docker.com>
 2015-06-09 00:10:44 -07:00
Thomas Sjögren e29a886254 warn if only -lt half of the images are in use 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-06-01 22:37:28 +02:00
Thomas Sjögren 9cccfa6902 get the correct number of images 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2015-06-01 22:20:03 +02:00
Werner Buck f4aab9c8c5 Double quote to prevent globbing and word splitting. 
Do not use legacy backticks.
Proper use of printf
Do not use wc -l with grep, instead use grep -c
Use pgrep

Signed-off-by: Werner Buck <wernerbuck@gmail.com>
 2015-05-31 12:26:37 +02:00
Diogo Monica 03ac3f5bd3 Make ifs style be consistent 2015-05-14 20:26:32 -07:00
Diogo Monica 8d06000296 Fixed running containers calculation 2015-05-13 19:43:12 -07:00
Diogo Monica 1c795f146e Added filtering to ignore security-benchmark container 2015-05-13 19:22:39 -07:00
Diogo Monica 1ebf49c35a Fixed the script to ignore containers with label security-benchmark 2015-05-13 17:08:12 -07:00
Diogo Monica 18d5a13240 First version of the CIS Docker Benchmark v1.0.0 2015-05-13 15:26:45 -07:00