docker
Cis v1.8.0
Add support for Cis benchmark v1.8.0
close #573
- Add new test for section 2.7
- Update Check 5.15
- Update all the subset (v8 Grid and level_1)
- Update Readme
- Move to bash (some scripts weren't call with bash)
Don't know if anyone still merges this or what the plans are. But I found an issue in the old benchmark script. It is ambiguously defined in the 1.6.0 specification as well. And this script does something completely weird. It is now clear in the 1.8.0 specification.
Long story short: docker.socket -> docker.sock in 1.1.9 fixes it.
Longer story: docker.socket with get_service_file finds the systemd path (like /lib/systemd/system/docker.socket) and not the socket (/run/docker.sock) itself cause its name is .sock not .socket. Therefore it doesn't overwrite the path and wants the auditing person to audit the systemd docker.socket file. Which is not what is intended from CIS. No harm in auditing that. But the real goal is to audit the docker.sock.
If you want me to look into it or do a PR (also for 1.6.0) please let me know.
@nikjoesta good catch, I didn't notice that. I did change the file name in the rule 1.1.9. Tell me if it's what you were thinking about.
Hi @Arcelone I've had my review and merge permissions revoked for some reason, so I can't really do anything.
See https://github.com/docker/docker-bench-security/pull/572
Hi @Arcelone I've had my review and merge permissions revoked for some reason, so I can't really so anything.
See #572
Oh, that seems like a pretty serious problem. Do you know who currently holds the rights to the repository? Or is there no one left because of the automation bug?
Do you know who currently holds the rights to the repository?
Sorry, I don't.