2021-04-11 17:38:26 -04:00
|
|
|
#!/bin/bash
|
|
|
|
|
# A lame and quick script to run docker-bench-security in WebSploit Labs
|
|
|
|
|
# Omar Santos @santosomar
|
2021-04-11 17:31:55 -04:00
|
|
|
|
2021-04-11 17:44:07 -04:00
|
|
|
|
|
|
|
|
red=$(tput setaf 1)
|
|
|
|
|
green=$(tput setaf 2)
|
|
|
|
|
reset=$(tput sgr0)
|
|
|
|
|
|
2021-04-11 18:29:43 -04:00
|
|
|
echo "Running docker-bench-security ${red}WebSploit Labs easy script"
|
|
|
|
|
printf -- '\n';
|
2021-04-11 17:31:55 -04:00
|
|
|
|
|
|
|
|
docker run --rm --net host --pid host --userns host --cap-add audit_control \
|
|
|
|
|
-e DOCKER_CONTENT_TRUST=$DOCKER_CONTENT_TRUST \
|
|
|
|
|
-v /etc:/etc:ro \
|
|
|
|
|
-v /lib/systemd/system:/lib/systemd/system:ro \
|
|
|
|
|
-v /usr/bin/containerd:/usr/bin/containerd:ro \
|
|
|
|
|
-v /usr/bin/runc:/usr/bin/runc:ro \
|
|
|
|
|
-v /usr/lib/systemd:/usr/lib/systemd:ro \
|
|
|
|
|
-v /var/lib:/var/lib:ro \
|
|
|
|
|
-v /var/run/docker.sock:/var/run/docker.sock:ro \
|
|
|
|
|
--label docker_bench_security \
|
2021-04-11 18:24:25 -04:00
|
|
|
docker/docker-bench-security > bench_results.txt
|
2021-04-11 17:31:55 -04:00
|
|
|
|
2021-04-11 17:34:29 -04:00
|
|
|
|
2021-04-11 17:38:26 -04:00
|
|
|
cat bench_results.txt | grep WARN
|
2021-04-11 17:44:07 -04:00
|
|
|
|
2021-04-11 18:29:43 -04:00
|
|
|
printf -- '\n';
|
2021-04-11 17:44:07 -04:00
|
|
|
echo "${red}The output above only includes the major findings."
|
|
|
|
|
|
|
|
|
|
echo "${reset}The complete results have been stored at:
|
2021-04-11 18:24:25 -04:00
|
|
|
${green}$(pwd)/bench_results.txt "
|
