mitre / docker-ce-cis-baseline Goto Github PK
View Code? Open in Web Editor NEWCIS Docker Community Edition Benchmark InSpec Profile
License: Other
CIS Docker Community Edition Benchmark InSpec Profile
License: Other
Your editor should perhaps be able to help with this. Don't really want to have to 'hand clean' this but we will have work through that issue.
CHANGELOG.md:- use new InSpec attributes [\#10](https://github.com/dev-sec/cis-docker-benchmark/pull/10) ([chris-rock](https://github.com/chris-rock))
CHANGELOG.md:- determine attribute values at the beginning [\#1](https://github.com/dev-sec/cis-docker-benchmark/pull/1) ([chris-rock](https://github.com/chris-rock))
README.md:We use a yml attribute file to steer the configuration, the following options are available:
README.md:# run profile on remote host via SSH with sudo and define attribute value
README.md:inspec exec cis-docker-benchmark --attrs sample_attributes.yml
controls/container_images.rb:# attributes
controls/container_images.rb:CONTAINER_USER = attribute(
controls/container_runtime.rb:# attributes
controls/container_runtime.rb:CONTAINER_CAPADD = attribute(
controls/container_runtime.rb:APP_ARMOR_PROFILE = attribute(
controls/container_runtime.rb:SELINUX_PROFILE = attribute(
controls/docker_daemon_configuration.rb:# attributes
controls/docker_daemon_configuration.rb:DAEMON_TLSCACERT = attribute(
controls/docker_daemon_configuration.rb:DAEMON_TLSCERT = attribute(
controls/docker_daemon_configuration.rb:DAEMON_TLSKEY = attribute(
controls/docker_daemon_configuration.rb:AUTHORIZATION_PLUGIN = attribute(
controls/docker_daemon_configuration.rb:LOG_DRIVER = attribute(
controls/docker_daemon_configuration.rb:LOG_OPTS = attribute(
controls/docker_daemon_configuration.rb:SWARM_MODE = attribute(
controls/docker_daemon_configuration.rb:SWARM_MAX_MANAGER_NODES = attribute(
controls/docker_daemon_configuration.rb:SWARM_PORT = attribute(
controls/docker_daemon_configuration_files.rb:# attributes
controls/docker_daemon_configuration_files.rb:REGISTRY_CERT_PATH = attribute(
controls/docker_daemon_configuration_files.rb:REGISTRY_NAME = attribute(
controls/docker_daemon_configuration_files.rb:REGISTRY_CA_FILE = attribute(
controls/host_configuration.rb:TRUSTED_USER = attribute(
controls/host_configuration.rb:MANAGEABLE_CONTAINER_NUMBER = attribute(```
There should be at least two sections for the attribute files 'values':
If we think about this as the 'common data' where that data for the profile, I would guess there is a pattern like:
#5 is affected as well
Update the resources to use Jen's new audit resource to remove depreciation errors
Add sample data folder with hardened and unhardened results
The following rubocop issues were found:
rubocop.txt
The current controls use a local resource called 'docker_helper'. I believe this can now be updated to use the more up to date 'docker' resource which was pushed to core.
Attributes are populated in each control the old way we used to hanlde them. They should be updated and placed in the inspec.yml file. The controls currently affected by this are as follows:
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.