mitre / docker-ce-cis-baseline Goto Github PK
View Code? Open in Web Editor NEWCIS Docker Community Edition Benchmark InSpec Profile
License: Other
docker-ce-cis-baseline's Issues
Clean up controls formatting so they are not so ugly to read and display.
Your editor should perhaps be able to help with this. Don't really want to have to 'hand clean' this but we will have work through that issue.
Update the README.md with all the needed information for release and attributions to dev-sec and CIS
- formal description of the profile from CIS
- provide instructions on the attributes
- example use and any known issues
- Provide links and attributions to dev-sec, @attomic111 and CIS for their indirect and direct contributions
- Any other data we think should be in our README.md
InSpec Check warnings
The following warnings were found when running inspec check:
Attributes were not copied over with the controls
CHANGELOG.md:- use new InSpec attributes [\#10](https://github.com/dev-sec/cis-docker-benchmark/pull/10) ([chris-rock](https://github.com/chris-rock))
CHANGELOG.md:- determine attribute values at the beginning [\#1](https://github.com/dev-sec/cis-docker-benchmark/pull/1) ([chris-rock](https://github.com/chris-rock))
README.md:We use a yml attribute file to steer the configuration, the following options are available:
README.md:# run profile on remote host via SSH with sudo and define attribute value
README.md:inspec exec cis-docker-benchmark --attrs sample_attributes.yml
controls/container_images.rb:# attributes
controls/container_images.rb:CONTAINER_USER = attribute(
controls/container_runtime.rb:# attributes
controls/container_runtime.rb:CONTAINER_CAPADD = attribute(
controls/container_runtime.rb:APP_ARMOR_PROFILE = attribute(
controls/container_runtime.rb:SELINUX_PROFILE = attribute(
controls/docker_daemon_configuration.rb:# attributes
controls/docker_daemon_configuration.rb:DAEMON_TLSCACERT = attribute(
controls/docker_daemon_configuration.rb:DAEMON_TLSCERT = attribute(
controls/docker_daemon_configuration.rb:DAEMON_TLSKEY = attribute(
controls/docker_daemon_configuration.rb:AUTHORIZATION_PLUGIN = attribute(
controls/docker_daemon_configuration.rb:LOG_DRIVER = attribute(
controls/docker_daemon_configuration.rb:LOG_OPTS = attribute(
controls/docker_daemon_configuration.rb:SWARM_MODE = attribute(
controls/docker_daemon_configuration.rb:SWARM_MAX_MANAGER_NODES = attribute(
controls/docker_daemon_configuration.rb:SWARM_PORT = attribute(
controls/docker_daemon_configuration_files.rb:# attributes
controls/docker_daemon_configuration_files.rb:REGISTRY_CERT_PATH = attribute(
controls/docker_daemon_configuration_files.rb:REGISTRY_NAME = attribute(
controls/docker_daemon_configuration_files.rb:REGISTRY_CA_FILE = attribute(
controls/host_configuration.rb:TRUSTED_USER = attribute(
controls/host_configuration.rb:MANAGEABLE_CONTAINER_NUMBER = attribute(```
Poplulate the `attributes.yml` file in the profile with all the attributes in the profile.
There should be at least two sections for the attribute files 'values':
If we think about this as the 'common data' where that data for the profile, I would guess there is a pattern like:
- The 'commonly changed' attributes that for the most part folks would always have to edit.
- The 'commonly unchanged' attributes that folks usually don't have to edit but are there given that we want to make all the controls and general as possible.
- Perhaps a 'do not change' section if there are attributes ( this would usually be static set values but given we have attributes it is better form to use them than not to )
Added missing tests for new controls
Update the inspec.yml file to be in line with the data in the README.md file prior to release
#5 is affected as well
The transplanted controls use the old audit_rules resources
Update the resources to use Jen's new audit resource to remove depreciation errors
Add sample data
Add sample data folder with hardened and unhardened results
rubocop issues found
The following rubocop issues were found:
rubocop.txt
Update the 'transplanted' controls to use the more current core resources
The current controls use a local resource called 'docker_helper'. I believe this can now be updated to use the more up to date 'docker' resource which was pushed to core.
Update the way Attributes are handled
Attributes are populated in each control the old way we used to hanlde them. They should be updated and placed in the inspec.yml file. The controls currently affected by this are as follows:
- M-1.4
- M-2.6
- M-2.11
- M-2.12
- M-3.7
- M-3.8
- M-4.1
- M-5.1
- M-5.2
- M-5.3
- M-5.8
- M-6.2
- M-7.1
- M-7.2
- M-7.3
- M-7.4
- M-7.5
- M-7.6
- M-7.7
- M-7.8
- M-7.9
- M-7.10
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.