ch0ic3/h4cker
1
0
Fork 0
mirror of https://github.com/The-Art-of-Hacking/h4cker.git synced 2024-12-19 03:16:08 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
5e137669a2
h4cker/docker-and-k8s-security/docker/docker-bench-websploit.sh
Omar Santos 5e137669a2 Update docker-bench-websploit.sh
2021-04-11 17:38:26 -04:00

22 lines
842 B
Bash
Raw Blame History

#!/bin/bash
# A lame and quick script to run docker-bench-security in WebSploit Labs
# Omar Santos @santosomar
echo "Running docker-bench-security from WebSploit"
docker run --rm --net host --pid host --userns host --cap-add audit_control \
-e DOCKER_CONTENT_TRUST=$DOCKER_CONTENT_TRUST \
-v /etc:/etc:ro \
-v /lib/systemd/system:/lib/systemd/system:ro \
-v /usr/bin/containerd:/usr/bin/containerd:ro \
-v /usr/bin/runc:/usr/bin/runc:ro \
-v /usr/lib/systemd:/usr/lib/systemd:ro \
-v /var/lib:/var/lib:ro \
-v /var/run/docker.sock:/var/run/docker.sock:ro \
--label docker_bench_security \
docker/docker-bench-security > bench_results.txt
cat bench_results.txt | grep WARN
echo "The output above only includes the major findings. The complete results have been stored at: $(pwd)/bench_results.txt "
Reference in New Issue View Git Blame Copy Permalink