-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Item 2.6 on v1.3.5 showing daemon not listening on tcp #410
Comments
Thanks again, will check. |
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
Can you test #411? |
Seems like $CONFIG_FILE is still empty. $ ls /etc/docker/daemon.json
/etc/docker/daemon.json
$ ./docker-bench-security.sh -c check_2_6
# ------------------------------------------------------------------------------
# Docker Bench for Security v1.3.5
#
# Docker, Inc. (c) 2015-
#
# Checks for dozens of common best-practices around deploying Docker containers in production.
# Inspired by the CIS Docker Benchmark v1.2.0.
# ------------------------------------------------------------------------------
Initializing Tue Dec 17 15:39:42 +08 2019
grep: : No such file or directory
[INFO] 2.6 - Ensure TLS authentication for Docker daemon is configured
[INFO] * Docker daemon not listening on TCP
[INFO] Checks: 1
[INFO] Score: 0 |
|
Ok. Tested a full scan, it is working. Thanks! |
You're welcome, but I don't know why it's not working when using |
My guess is that probably Since the first condition for |
True, but |
I think running $. helper_lib.sh
$echo $CONFIG_FILE
$echo $auditrules
/etc/audit/audit.rules |
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
You're correct again, added so that we get the configuration file before the tests. |
Glad I was able to help. This project helped me out a lot too. :) |
Thank you @zshrine :) |
locate configuration file before we run the tests #410
Closing since it seems to work after merge. |
Hi,
While running the scan, my result for 2.6 is as per below.
{"id": "2.6", "desc": "Ensure TLS authentication for Docker daemon is configured", "result": "INFO", "details": "Docker daemon not listening on TCP"},
But my daemon.json has been configured to listen on tcp.
I noticed that in 2_docker_daemon_configuration.sh, line, 153, the
$CONFIG_FILE
will always be null. Seems like u need to call the methodget_docker_configuration_file_args
to set the variable.Also, seems like encapsulating the
grep
command with square brackets will regard the command as string instead. I tested with below.I modified 2_docker_daemon_configuration.sh as per below to get the result I want.
My log result is as per below:
Thanks!
The text was updated successfully, but these errors were encountered: