batten

package
v0.0.0-...-1206814 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 4, 2015 License: MIT Imports: 14 Imported by: 2

Documentation

Index

Constants

View Source 
const (
	DockerUnixSocket = "unix:///var/run/docker.sock"
	DockerPidFile    = "/var/run/docker.pid"
)

Variables

View Source 
var Checks []Check = []Check{

	makeDockerPartitionCheck(),
	makeDockerKernelCheck(),
	makeDockerDevToolsCheck(),
	makeDockerHardenHostCheck(),
	makeDockerRemoveNonEssentialSvcsCheck(),
	makeDockerVersionCheck(),
	makeDockerTrustedUsersCheck(),
	makeDockerDaemonAuditingCheck(),
	makeDockerAuditFilesVarLibDocker(),
	makeDockerAuditFilesEtcDocker(),
	makeDockerAuditFilesDockerRegistry(),
	makeDockerAuditFilesDockerService(),
	makeDockerAuditFilesDockerSock(),
	makeDockerAuditFilesSysconfigDocker(),
	makeDockerAuditFilesSysconfigDockerNetwork(),
	makeDockerAuditFilesSysconfigDockerRegistry(),
	makeDockerAuditFilesSysconfigDockerStorage(),
	makeDockerAuditFilesEtcDefaultDocker(),

	makeDockerNoLxcCheck(),
	makeDockerRestrictedNetworkTrafficCheck(),
	makeDockerSetLoggingLevelCheck(),
	makeDockerEnableIptablesCheck(),
	makeDockerInsecureRegistriesCheck(),
	makeDockerLocalRegistryCheck(),
	makeDockerNoAufsCheck(),
	makeDockerPortCheck(),
	makeDockerTLSCheck(),
	makeDockerUlimitCheck(),

	makeDockerSvcOwnerCheck(),
	makeDockerSvcFilePermsCheck(),
	makeDockerRegistrySvcOwnerCheck(),
	makeDockerRegistrySvcFilePermsCheck(),
	makeDockerSystemdSocketOwnerCheck(),
	makeDockerSystemdSocketFilePermsCheck(),
	makeDockerEnvFileOwnerCheck(),
	makeDockerEnvFilePermsCheck(),
	makeDockerNetworkEnvOwnerCheck(),
	makeDockerNetworkEnvFilePermsCheck(),
	makeDockerRegistryEnvOwnerCheck(),
	makeDockerRegistryEnvFilePermsCheck(),
	makeDockerStorageEnvOwnerCheck(),
	makeDockerStorageEnvFilePermsCheck(),
	makeDockerEtcDockerOwnerCheck(),
	makeDockerEtcDockerFilePermsCheck(),
	makeDockerRegistryCertsOwnerCheck(),
	makeDockerRegistryCertsFilePermsCheck(),
	makeDockerTLSCACertOwnerCheck(),
	makeDockerTLSCACertFilePermsCheck(),
	makeDockerTLSCertOwnerCheck(),
	makeDockerTLSCertFilePermsCheck(),
	makeDockerTLSKeyOwnerCheck(),
	makeDockerTLSKeyFilePermsCheck(),
	makeDockerSocketOwnerCheck(),
	makeDockerSocketFilePermsCheck(),

	makeDockerContainerUserCheck(),
	makeDockerUseTrustedImagesCheck(),
	makeDockerNoUnnecessaryPackagesCheck(),

	makeDockerVerifyAppArmorProfile(),
	makeDockerVerifySELinuxProfile(),
	makeDockerSingleMainProcess(),
	makeDockerRestrictKernel(),

	makeDockerPerformSecurityAudits(),
	makeDockerMonitorContainers(),
	makeDockerCheckEndpointProtectionPlatform(),
	makeDockerBackupContainerData(),
	makeDockerCheckCentralLogCollection(),
	makeDockerAvoidImageSprawl(),
	makeDockerAvoidContainerSprawl(),
}

TODO: put the checks in a diff package and allow to register with the batten main package.

View Source 
var DEFAULT_FSTAB = "/etc/fstab"

Functions

func PathExists 

func PathExists(filename string) bool

PathExists return true if `filename` exists

Types

type Check 

type Check interface {
	AuditCheck() (bool, error)
	GetCheckDefinition() CheckDefinition
}

type CheckDefinition 

type CheckDefinition interface {
	Identifier() string
	Name() string
	Description() string
	Rationale() string
	Remediation() string
	Impact() string
	DefaultValue() string
	References() []string
}

type CheckDefinitionImpl 

type CheckDefinitionImpl struct {
	// contains filtered or unexported fields
}

func (*CheckDefinitionImpl) AuditDescription 

func (c *CheckDefinitionImpl) AuditDescription() string

func (*CheckDefinitionImpl) Category 

func (c *CheckDefinitionImpl) Category() string

func (*CheckDefinitionImpl) DefaultValue 

func (c *CheckDefinitionImpl) DefaultValue() string

func (*CheckDefinitionImpl) Description 

func (c *CheckDefinitionImpl) Description() string

func (*CheckDefinitionImpl) Identifier 

func (c *CheckDefinitionImpl) Identifier() string

func (*CheckDefinitionImpl) Impact 

func (c *CheckDefinitionImpl) Impact() string

func (*CheckDefinitionImpl) Name 

func (c *CheckDefinitionImpl) Name() string

func (*CheckDefinitionImpl) Rationale 

func (c *CheckDefinitionImpl) Rationale() string

func (*CheckDefinitionImpl) References 

func (c *CheckDefinitionImpl) References() []string

func (*CheckDefinitionImpl) Remediation 

func (c *CheckDefinitionImpl) Remediation() string

type CheckResults 

type CheckResults struct {
	Success         bool
	Error           error
	CheckDefinition CheckDefinition
}

func RunCheck 

func RunCheck(c Check) *CheckResults

type DockerAuditFilesDirectoriesCheck 

type DockerAuditFilesDirectoriesCheck struct {
	*CheckDefinitionImpl
	// contains filtered or unexported fields
}

func (*DockerAuditFilesDirectoriesCheck) AuditCheck 

func (dc *DockerAuditFilesDirectoriesCheck) AuditCheck() (bool, error)

TODO: there should be 2 types of checks: auditctl check, and if that fails, use a audit config file.

func (*DockerAuditFilesDirectoriesCheck) GetCheckDefinition 

func (dc *DockerAuditFilesDirectoriesCheck) GetCheckDefinition() CheckDefinition

type DockerAvoidContainerSprawl 

type DockerAvoidContainerSprawl struct {
	*CheckDefinitionImpl
}

func (*DockerAvoidContainerSprawl) AuditCheck 

func (dc *DockerAvoidContainerSprawl) AuditCheck() (bool, error)

func (*DockerAvoidContainerSprawl) GetCheckDefinition 

func (dc *DockerAvoidContainerSprawl) GetCheckDefinition() CheckDefinition

type DockerAvoidImageSprawl 

type DockerAvoidImageSprawl struct {
	*CheckDefinitionImpl
}

func (*DockerAvoidImageSprawl) AuditCheck 

func (dc *DockerAvoidImageSprawl) AuditCheck() (bool, error)

func (*DockerAvoidImageSprawl) GetCheckDefinition 

func (dc *DockerAvoidImageSprawl) GetCheckDefinition() CheckDefinition

type DockerBackupContainerData 

type DockerBackupContainerData struct {
	*CheckDefinitionImpl
}

func (*DockerBackupContainerData) AuditCheck 

func (dc *DockerBackupContainerData) AuditCheck() (bool, error)

func (*DockerBackupContainerData) GetCheckDefinition 

func (dc *DockerBackupContainerData) GetCheckDefinition() CheckDefinition

type DockerCheckCentralLogCollection 

type DockerCheckCentralLogCollection struct {
	*CheckDefinitionImpl
}

func (*DockerCheckCentralLogCollection) AuditCheck 

func (dc *DockerCheckCentralLogCollection) AuditCheck() (bool, error)

func (*DockerCheckCentralLogCollection) GetCheckDefinition 

func (dc *DockerCheckCentralLogCollection) GetCheckDefinition() CheckDefinition

type DockerCheckEndpointProtectionPlatform 

type DockerCheckEndpointProtectionPlatform struct {
	*CheckDefinitionImpl
}

func (*DockerCheckEndpointProtectionPlatform) AuditCheck 

func (dc *DockerCheckEndpointProtectionPlatform) AuditCheck() (bool, error)

func (*DockerCheckEndpointProtectionPlatform) GetCheckDefinition 

func (dc *DockerCheckEndpointProtectionPlatform) GetCheckDefinition() CheckDefinition

type DockerContainerUserCheck 

type DockerContainerUserCheck struct {
	*CheckDefinitionImpl
}

func (*DockerContainerUserCheck) AuditCheck 

func (dc *DockerContainerUserCheck) AuditCheck() (bool, error)

list all running containers, and ensure they are all running as root

func (*DockerContainerUserCheck) GetCheckDefinition 

func (dc *DockerContainerUserCheck) GetCheckDefinition() CheckDefinition

type DockerDaemonAuditingCheck 

type DockerDaemonAuditingCheck struct {
	*CheckDefinitionImpl
	// contains filtered or unexported fields
}

func (*DockerDaemonAuditingCheck) AuditCheck 

func (dc *DockerDaemonAuditingCheck) AuditCheck() (bool, error)

func (*DockerDaemonAuditingCheck) GetCheckDefinition 

func (dc *DockerDaemonAuditingCheck) GetCheckDefinition() CheckDefinition

type DockerDevToolsCheck 

type DockerDevToolsCheck struct {
	*CheckDefinitionImpl
	// contains filtered or unexported fields
}

func (*DockerDevToolsCheck) AuditCheck 

func (dc *DockerDevToolsCheck) AuditCheck() (bool, error)

func (*DockerDevToolsCheck) GetCheckDefinition 

func (dc *DockerDevToolsCheck) GetCheckDefinition() CheckDefinition

type DockerEnableIptablesCheck 

type DockerEnableIptablesCheck struct {
	*CheckDefinitionImpl
	// contains filtered or unexported fields
}

func (*DockerEnableIptablesCheck) AuditCheck 

func (dc *DockerEnableIptablesCheck) AuditCheck() (bool, error)

func (*DockerEnableIptablesCheck) GetCheckDefinition 

func (dc *DockerEnableIptablesCheck) GetCheckDefinition() CheckDefinition

type DockerEnvFileOwnerCheck 

type DockerEnvFileOwnerCheck struct {
	*CheckDefinitionImpl
	*FileOwnerCheck
}

func (*DockerEnvFileOwnerCheck) AuditCheck 

func (dc *DockerEnvFileOwnerCheck) AuditCheck() (bool, error)

func (*DockerEnvFileOwnerCheck) GetCheckDefinition 

func (dc *DockerEnvFileOwnerCheck) GetCheckDefinition() CheckDefinition

type DockerEnvFilePermsCheck 

type DockerEnvFilePermsCheck struct {
	*CheckDefinitionImpl
	*FilePermsCheck
}

func (*DockerEnvFilePermsCheck) AuditCheck 

func (dc *DockerEnvFilePermsCheck) AuditCheck() (bool, error)

func (*DockerEnvFilePermsCheck) GetCheckDefinition 

func (dc *DockerEnvFilePermsCheck) GetCheckDefinition() CheckDefinition

type DockerEtcDockerFilePermsCheck 

type DockerEtcDockerFilePermsCheck struct {
	*CheckDefinitionImpl
	*FilePermsCheck
}

func (*DockerEtcDockerFilePermsCheck) AuditCheck 

func (dc *DockerEtcDockerFilePermsCheck) AuditCheck() (bool, error)

func (*DockerEtcDockerFilePermsCheck) GetCheckDefinition 

func (dc *DockerEtcDockerFilePermsCheck) GetCheckDefinition() CheckDefinition

type DockerEtcDockerOwnerCheck 

type DockerEtcDockerOwnerCheck struct {
	*CheckDefinitionImpl
	*FileOwnerCheck
}

func (*DockerEtcDockerOwnerCheck) AuditCheck 

func (dc *DockerEtcDockerOwnerCheck) AuditCheck() (bool, error)

func (*DockerEtcDockerOwnerCheck) GetCheckDefinition 

func (dc *DockerEtcDockerOwnerCheck) GetCheckDefinition() CheckDefinition

type DockerHardenHostCheck 

type DockerHardenHostCheck struct {
	*CheckDefinitionImpl
	// contains filtered or unexported fields
}

func (*DockerHardenHostCheck) AuditCheck 

func (dc *DockerHardenHostCheck) AuditCheck() (bool, error)

func (*DockerHardenHostCheck) GetCheckDefinition 

func (dc *DockerHardenHostCheck) GetCheckDefinition() CheckDefinition

type DockerInsecureRegistriesCheck 

type DockerInsecureRegistriesCheck struct {
	*CheckDefinitionImpl
	// contains filtered or unexported fields
}

func (*DockerInsecureRegistriesCheck) AuditCheck 

func (dc *DockerInsecureRegistriesCheck) AuditCheck() (bool, error)

func (*DockerInsecureRegistriesCheck) GetCheckDefinition 

func (dc *DockerInsecureRegistriesCheck) GetCheckDefinition() CheckDefinition

type DockerKernelCheck 

type DockerKernelCheck struct {
	*CheckDefinitionImpl
}

func (*DockerKernelCheck) AuditCheck 

func (dc *DockerKernelCheck) AuditCheck() (bool, error)

func (*DockerKernelCheck) GetCheckDefinition 

func (dc *DockerKernelCheck) GetCheckDefinition() CheckDefinition

type DockerLocalRegistryCheck 

type DockerLocalRegistryCheck struct {
	*CheckDefinitionImpl
	// contains filtered or unexported fields
}

func (*DockerLocalRegistryCheck) AuditCheck 

func (dc *DockerLocalRegistryCheck) AuditCheck() (bool, error)

func (*DockerLocalRegistryCheck) GetCheckDefinition 

func (dc *DockerLocalRegistryCheck) GetCheckDefinition() CheckDefinition

type DockerMonitorContainers 

type DockerMonitorContainers struct {
	*CheckDefinitionImpl
}

func (*DockerMonitorContainers) AuditCheck 

func (dc *DockerMonitorContainers) AuditCheck() (bool, error)

func (*DockerMonitorContainers) GetCheckDefinition 

func (dc *DockerMonitorContainers) GetCheckDefinition() CheckDefinition

type DockerNetworkEnvFilePermsCheck 

type DockerNetworkEnvFilePermsCheck struct {
	*CheckDefinitionImpl
	*FilePermsCheck
}

func (*DockerNetworkEnvFilePermsCheck) AuditCheck 

func (dc *DockerNetworkEnvFilePermsCheck) AuditCheck() (bool, error)

func (*DockerNetworkEnvFilePermsCheck) GetCheckDefinition 

func (dc *DockerNetworkEnvFilePermsCheck) GetCheckDefinition() CheckDefinition

type DockerNetworkEnvOwnerCheck 

type DockerNetworkEnvOwnerCheck struct {
	*CheckDefinitionImpl
	*FileOwnerCheck
}

func (*DockerNetworkEnvOwnerCheck) AuditCheck 

func (dc *DockerNetworkEnvOwnerCheck) AuditCheck() (bool, error)

func (*DockerNetworkEnvOwnerCheck) GetCheckDefinition 

func (dc *DockerNetworkEnvOwnerCheck) GetCheckDefinition() CheckDefinition

type DockerNoAufsCheck 

type DockerNoAufsCheck struct {
	*CheckDefinitionImpl
}

func (*DockerNoAufsCheck) AuditCheck 

func (dc *DockerNoAufsCheck) AuditCheck() (bool, error)

func (*DockerNoAufsCheck) GetCheckDefinition 

func (dc *DockerNoAufsCheck) GetCheckDefinition() CheckDefinition

type DockerNoLxcCheck 

type DockerNoLxcCheck struct {
	*CheckDefinitionImpl
}

func (*DockerNoLxcCheck) AuditCheck 

func (dc *DockerNoLxcCheck) AuditCheck() (bool, error)

AuditCheck looks for --exec-driver in the docker daemon options, e..g

docker -d --exec-driver=lxc

func (*DockerNoLxcCheck) GetCheckDefinition 

func (dc *DockerNoLxcCheck) GetCheckDefinition() CheckDefinition

type DockerNoUnnecessaryPackagesCheck 

type DockerNoUnnecessaryPackagesCheck struct {
	*CheckDefinitionImpl
}

func (*DockerNoUnnecessaryPackagesCheck) AuditCheck 

func (dc *DockerNoUnnecessaryPackagesCheck) AuditCheck() (bool, error)

func (*DockerNoUnnecessaryPackagesCheck) GetCheckDefinition 

func (dc *DockerNoUnnecessaryPackagesCheck) GetCheckDefinition() CheckDefinition

type DockerPartitionCheck 

type DockerPartitionCheck struct {
	*CheckDefinitionImpl
	// contains filtered or unexported fields
}

func (*DockerPartitionCheck) AuditCheck 

func (dc *DockerPartitionCheck) AuditCheck() (bool, error)

func (*DockerPartitionCheck) GetCheckDefinition 

func (dc *DockerPartitionCheck) GetCheckDefinition() CheckDefinition

type DockerPerformSecurityAudits 

type DockerPerformSecurityAudits struct {
	*CheckDefinitionImpl
}

func (*DockerPerformSecurityAudits) AuditCheck 

func (dc *DockerPerformSecurityAudits) AuditCheck() (bool, error)

func (*DockerPerformSecurityAudits) GetCheckDefinition 

func (dc *DockerPerformSecurityAudits) GetCheckDefinition() CheckDefinition

type DockerPortCheck 

type DockerPortCheck struct {
	*CheckDefinitionImpl
	// contains filtered or unexported fields
}

func (*DockerPortCheck) AuditCheck 

func (dc *DockerPortCheck) AuditCheck() (bool, error)

func (*DockerPortCheck) GetCheckDefinition 

func (dc *DockerPortCheck) GetCheckDefinition() CheckDefinition

type DockerRegistryCertsFilePermsCheck 

type DockerRegistryCertsFilePermsCheck struct {
	*CheckDefinitionImpl
	*FilePermsCheck
}

func (*DockerRegistryCertsFilePermsCheck) AuditCheck 

func (dc *DockerRegistryCertsFilePermsCheck) AuditCheck() (bool, error)

func (*DockerRegistryCertsFilePermsCheck) GetCheckDefinition 

func (dc *DockerRegistryCertsFilePermsCheck) GetCheckDefinition() CheckDefinition

type DockerRegistryCertsOwnerCheck 

type DockerRegistryCertsOwnerCheck struct {
	*CheckDefinitionImpl
	*FileOwnerCheck
}

func (*DockerRegistryCertsOwnerCheck) AuditCheck 

func (dc *DockerRegistryCertsOwnerCheck) AuditCheck() (bool, error)

func (*DockerRegistryCertsOwnerCheck) GetCheckDefinition 

func (dc *DockerRegistryCertsOwnerCheck) GetCheckDefinition() CheckDefinition

type DockerRegistryEnvFilePermsCheck 

type DockerRegistryEnvFilePermsCheck struct {
	*CheckDefinitionImpl
	*FilePermsCheck
}

func (*DockerRegistryEnvFilePermsCheck) AuditCheck 

func (dc *DockerRegistryEnvFilePermsCheck) AuditCheck() (bool, error)

func (*DockerRegistryEnvFilePermsCheck) GetCheckDefinition 

func (dc *DockerRegistryEnvFilePermsCheck) GetCheckDefinition() CheckDefinition

type DockerRegistryEnvOwnerCheck 

type DockerRegistryEnvOwnerCheck struct {
	*CheckDefinitionImpl
	*FileOwnerCheck
}

func (*DockerRegistryEnvOwnerCheck) AuditCheck 

func (dc *DockerRegistryEnvOwnerCheck) AuditCheck() (bool, error)

func (*DockerRegistryEnvOwnerCheck) GetCheckDefinition 

func (dc *DockerRegistryEnvOwnerCheck) GetCheckDefinition() CheckDefinition

type DockerRegistrySvcFilePermsCheck 

type DockerRegistrySvcFilePermsCheck struct {
	*CheckDefinitionImpl
	*FilePermsCheck
}

func (*DockerRegistrySvcFilePermsCheck) AuditCheck 

func (dc *DockerRegistrySvcFilePermsCheck) AuditCheck() (bool, error)

func (*DockerRegistrySvcFilePermsCheck) GetCheckDefinition 

func (dc *DockerRegistrySvcFilePermsCheck) GetCheckDefinition() CheckDefinition

type DockerRegistrySvcOwnerCheck 

type DockerRegistrySvcOwnerCheck struct {
	*CheckDefinitionImpl
	*FileOwnerCheck
}

func (*DockerRegistrySvcOwnerCheck) AuditCheck 

func (dc *DockerRegistrySvcOwnerCheck) AuditCheck() (bool, error)

func (*DockerRegistrySvcOwnerCheck) GetCheckDefinition 

func (dc *DockerRegistrySvcOwnerCheck) GetCheckDefinition() CheckDefinition

type DockerRemoveNonEssentialSvcsCheck 

type DockerRemoveNonEssentialSvcsCheck struct {
	*CheckDefinitionImpl
}

func (*DockerRemoveNonEssentialSvcsCheck) AuditCheck 

func (dc *DockerRemoveNonEssentialSvcsCheck) AuditCheck() (bool, error)

func (*DockerRemoveNonEssentialSvcsCheck) GetCheckDefinition 

func (dc *DockerRemoveNonEssentialSvcsCheck) GetCheckDefinition() CheckDefinition

type DockerRestrictKernel 

type DockerRestrictKernel struct {
	*CheckDefinitionImpl
	// contains filtered or unexported fields
}

func (*DockerRestrictKernel) AuditCheck 

func (dc *DockerRestrictKernel) AuditCheck() (bool, error)

func (*DockerRestrictKernel) GetCheckDefinition 

func (dc *DockerRestrictKernel) GetCheckDefinition() CheckDefinition

type DockerRestrictedNetworkTrafficCheck 

type DockerRestrictedNetworkTrafficCheck struct {
	*CheckDefinitionImpl
	// contains filtered or unexported fields
}

func (*DockerRestrictedNetworkTrafficCheck) AuditCheck 

func (dc *DockerRestrictedNetworkTrafficCheck) AuditCheck() (bool, error)

func (*DockerRestrictedNetworkTrafficCheck) GetCheckDefinition 

func (dc *DockerRestrictedNetworkTrafficCheck) GetCheckDefinition() CheckDefinition

type DockerSecurityPatchesCheck 

type DockerSecurityPatchesCheck struct {
	*CheckDefinitionImpl
}

func (*DockerSecurityPatchesCheck) AuditCheck 

func (dc *DockerSecurityPatchesCheck) AuditCheck() (bool, error)

func (*DockerSecurityPatchesCheck) GetCheckDefinition 

func (dc *DockerSecurityPatchesCheck) GetCheckDefinition() CheckDefinition

type DockerSetLoggingLevelCheck 

type DockerSetLoggingLevelCheck struct {
	*CheckDefinitionImpl
	// contains filtered or unexported fields
}

func (*DockerSetLoggingLevelCheck) AuditCheck 

func (dc *DockerSetLoggingLevelCheck) AuditCheck() (bool, error)

func (*DockerSetLoggingLevelCheck) GetCheckDefinition 

func (dc *DockerSetLoggingLevelCheck) GetCheckDefinition() CheckDefinition

type DockerSingleMainProcess 

type DockerSingleMainProcess struct {
	*CheckDefinitionImpl
	// contains filtered or unexported fields
}

func (*DockerSingleMainProcess) AuditCheck 

func (dc *DockerSingleMainProcess) AuditCheck() (bool, error)

func (*DockerSingleMainProcess) GetCheckDefinition 

func (dc *DockerSingleMainProcess) GetCheckDefinition() CheckDefinition

type DockerSocketFilePermsCheck 

type DockerSocketFilePermsCheck struct {
	*CheckDefinitionImpl
	*FilePermsCheck
}

func (*DockerSocketFilePermsCheck) AuditCheck 

func (dc *DockerSocketFilePermsCheck) AuditCheck() (bool, error)

func (*DockerSocketFilePermsCheck) GetCheckDefinition 

func (dc *DockerSocketFilePermsCheck) GetCheckDefinition() CheckDefinition

type DockerSocketOwnerCheck 

type DockerSocketOwnerCheck struct {
	*CheckDefinitionImpl
	*FileOwnerCheck
}

func (*DockerSocketOwnerCheck) AuditCheck 

func (dc *DockerSocketOwnerCheck) AuditCheck() (bool, error)

func (*DockerSocketOwnerCheck) GetCheckDefinition 

func (dc *DockerSocketOwnerCheck) GetCheckDefinition() CheckDefinition

type DockerStorageEnvFilePermsCheck 

type DockerStorageEnvFilePermsCheck struct {
	*CheckDefinitionImpl
	*FilePermsCheck
}

func (*DockerStorageEnvFilePermsCheck) AuditCheck 

func (dc *DockerStorageEnvFilePermsCheck) AuditCheck() (bool, error)

func (*DockerStorageEnvFilePermsCheck) GetCheckDefinition 

func (dc *DockerStorageEnvFilePermsCheck) GetCheckDefinition() CheckDefinition

type DockerStorageEnvOwnerCheck 

type DockerStorageEnvOwnerCheck struct {
	*CheckDefinitionImpl
	*FileOwnerCheck
}

func (*DockerStorageEnvOwnerCheck) AuditCheck 

func (dc *DockerStorageEnvOwnerCheck) AuditCheck() (bool, error)

func (*DockerStorageEnvOwnerCheck) GetCheckDefinition 

func (dc *DockerStorageEnvOwnerCheck) GetCheckDefinition() CheckDefinition

type DockerSvcFilePermsCheck 

type DockerSvcFilePermsCheck struct {
	*CheckDefinitionImpl
	*FilePermsCheck
}

func (*DockerSvcFilePermsCheck) AuditCheck 

func (dc *DockerSvcFilePermsCheck) AuditCheck() (bool, error)

func (*DockerSvcFilePermsCheck) GetCheckDefinition 

func (dc *DockerSvcFilePermsCheck) GetCheckDefinition() CheckDefinition

type DockerSvcOwnerCheck 

type DockerSvcOwnerCheck struct {
	*CheckDefinitionImpl
	*FileOwnerCheck
}

func (*DockerSvcOwnerCheck) AuditCheck 

func (dc *DockerSvcOwnerCheck) AuditCheck() (bool, error)

func (*DockerSvcOwnerCheck) GetCheckDefinition 

func (dc *DockerSvcOwnerCheck) GetCheckDefinition() CheckDefinition

type DockerSystemdSocketFilePermsCheck 

type DockerSystemdSocketFilePermsCheck struct {
	*CheckDefinitionImpl
	*FilePermsCheck
}

func (*DockerSystemdSocketFilePermsCheck) AuditCheck 

func (dc *DockerSystemdSocketFilePermsCheck) AuditCheck() (bool, error)

func (*DockerSystemdSocketFilePermsCheck) GetCheckDefinition 

func (dc *DockerSystemdSocketFilePermsCheck) GetCheckDefinition() CheckDefinition

type DockerSystemdSocketOwnerCheck 

type DockerSystemdSocketOwnerCheck struct {
	*CheckDefinitionImpl
	*FileOwnerCheck
}

func (*DockerSystemdSocketOwnerCheck) AuditCheck 

func (dc *DockerSystemdSocketOwnerCheck) AuditCheck() (bool, error)

func (*DockerSystemdSocketOwnerCheck) GetCheckDefinition 

func (dc *DockerSystemdSocketOwnerCheck) GetCheckDefinition() CheckDefinition

type DockerTLSCACertFilePermsCheck 

type DockerTLSCACertFilePermsCheck struct {
	*CheckDefinitionImpl
	*FilePermsCheck
	// contains filtered or unexported fields
}

func (*DockerTLSCACertFilePermsCheck) AuditCheck 

func (dc *DockerTLSCACertFilePermsCheck) AuditCheck() (bool, error)

func (*DockerTLSCACertFilePermsCheck) GetCheckDefinition 

func (dc *DockerTLSCACertFilePermsCheck) GetCheckDefinition() CheckDefinition

type DockerTLSCACertOwnerCheck 

type DockerTLSCACertOwnerCheck struct {
	*CheckDefinitionImpl
	*FileOwnerCheck
	// contains filtered or unexported fields
}

func (*DockerTLSCACertOwnerCheck) AuditCheck 

func (dc *DockerTLSCACertOwnerCheck) AuditCheck() (bool, error)

func (*DockerTLSCACertOwnerCheck) GetCheckDefinition 

func (dc *DockerTLSCACertOwnerCheck) GetCheckDefinition() CheckDefinition

type DockerTLSCertFilePermsCheck 

type DockerTLSCertFilePermsCheck struct {
	*CheckDefinitionImpl
	*FilePermsCheck
	// contains filtered or unexported fields
}

func (*DockerTLSCertFilePermsCheck) AuditCheck 

func (dc *DockerTLSCertFilePermsCheck) AuditCheck() (bool, error)

func (*DockerTLSCertFilePermsCheck) GetCheckDefinition 

func (dc *DockerTLSCertFilePermsCheck) GetCheckDefinition() CheckDefinition

type DockerTLSCertOwnerCheck 

type DockerTLSCertOwnerCheck struct {
	*CheckDefinitionImpl
	*FileOwnerCheck
	// contains filtered or unexported fields
}

func (*DockerTLSCertOwnerCheck) AuditCheck 

func (dc *DockerTLSCertOwnerCheck) AuditCheck() (bool, error)

func (*DockerTLSCertOwnerCheck) GetCheckDefinition 

func (dc *DockerTLSCertOwnerCheck) GetCheckDefinition() CheckDefinition

type DockerTLSCheck 

type DockerTLSCheck struct {
	*CheckDefinitionImpl
	// contains filtered or unexported fields
}

func (*DockerTLSCheck) AuditCheck 

func (dc *DockerTLSCheck) AuditCheck() (bool, error)

func (*DockerTLSCheck) GetCheckDefinition 

func (dc *DockerTLSCheck) GetCheckDefinition() CheckDefinition

type DockerTLSKeyFilePermsCheck 

type DockerTLSKeyFilePermsCheck struct {
	*CheckDefinitionImpl
	*FilePermsCheck
	// contains filtered or unexported fields
}

func (*DockerTLSKeyFilePermsCheck) AuditCheck 

func (dc *DockerTLSKeyFilePermsCheck) AuditCheck() (bool, error)

func (*DockerTLSKeyFilePermsCheck) GetCheckDefinition 

func (dc *DockerTLSKeyFilePermsCheck) GetCheckDefinition() CheckDefinition

type DockerTLSKeyOwnerCheck 

type DockerTLSKeyOwnerCheck struct {
	*CheckDefinitionImpl
	*FileOwnerCheck
	// contains filtered or unexported fields
}

func (*DockerTLSKeyOwnerCheck) AuditCheck 

func (dc *DockerTLSKeyOwnerCheck) AuditCheck() (bool, error)

func (*DockerTLSKeyOwnerCheck) GetCheckDefinition 

func (dc *DockerTLSKeyOwnerCheck) GetCheckDefinition() CheckDefinition

type DockerTrustedUsersCheck 

type DockerTrustedUsersCheck struct {
	*CheckDefinitionImpl
	// contains filtered or unexported fields
}

func (*DockerTrustedUsersCheck) AuditCheck 

func (dc *DockerTrustedUsersCheck) AuditCheck() (bool, error)

func (*DockerTrustedUsersCheck) GetCheckDefinition 

func (dc *DockerTrustedUsersCheck) GetCheckDefinition() CheckDefinition

type DockerUlimitCheck 

type DockerUlimitCheck struct {
	*CheckDefinitionImpl
	// contains filtered or unexported fields
}

func (*DockerUlimitCheck) AuditCheck 

func (dc *DockerUlimitCheck) AuditCheck() (bool, error)

func (*DockerUlimitCheck) GetCheckDefinition 

func (dc *DockerUlimitCheck) GetCheckDefinition() CheckDefinition

type DockerUseTrustedImagesCheck 

type DockerUseTrustedImagesCheck struct {
	*CheckDefinitionImpl
	// contains filtered or unexported fields
}

func (*DockerUseTrustedImagesCheck) AuditCheck 

func (dc *DockerUseTrustedImagesCheck) AuditCheck() (bool, error)

func (*DockerUseTrustedImagesCheck) GetCheckDefinition 

func (dc *DockerUseTrustedImagesCheck) GetCheckDefinition() CheckDefinition

type DockerVerifyAppArmorProfile 

type DockerVerifyAppArmorProfile struct {
	*CheckDefinitionImpl
}

func (*DockerVerifyAppArmorProfile) AuditCheck 

func (dc *DockerVerifyAppArmorProfile) AuditCheck() (bool, error)

func (*DockerVerifyAppArmorProfile) GetCheckDefinition 

func (dc *DockerVerifyAppArmorProfile) GetCheckDefinition() CheckDefinition

type DockerVerifySELinuxProfile 

type DockerVerifySELinuxProfile struct {
	*CheckDefinitionImpl
}

func (*DockerVerifySELinuxProfile) AuditCheck 

func (dc *DockerVerifySELinuxProfile) AuditCheck() (bool, error)

func (*DockerVerifySELinuxProfile) GetCheckDefinition 

func (dc *DockerVerifySELinuxProfile) GetCheckDefinition() CheckDefinition

type DockerVersionCheck 

type DockerVersionCheck struct {
	*CheckDefinitionImpl
	// contains filtered or unexported fields
}

func (*DockerVersionCheck) AuditCheck 

func (dc *DockerVersionCheck) AuditCheck() (bool, error)

func (*DockerVersionCheck) GetCheckDefinition 

func (dc *DockerVersionCheck) GetCheckDefinition() CheckDefinition

type DockerXXX 

type DockerXXX struct {
	*CheckDefinitionImpl
}

func (*DockerXXX) AuditCheck 

func (dc *DockerXXX) AuditCheck() (bool, error)

func (*DockerXXX) GetCheckDefinition 

func (dc *DockerXXX) GetCheckDefinition() CheckDefinition

type FileOwnerCheck 

type FileOwnerCheck struct {
	// contains filtered or unexported fields
}

func (*FileOwnerCheck) IsGroupOwner 

func (fo *FileOwnerCheck) IsGroupOwner(gid uint32) (bool, error)

func (*FileOwnerCheck) IsOwner 

func (fo *FileOwnerCheck) IsOwner(uid uint32) (bool, error)

func (*FileOwnerCheck) IsOwnerAndGroupOwner 

func (fo *FileOwnerCheck) IsOwnerAndGroupOwner(uid uint32, gid uint32) (bool, error)

func (*FileOwnerCheck) IsOwnerAndGroupOwnerRecursive 

func (fo *FileOwnerCheck) IsOwnerAndGroupOwnerRecursive(uid uint32, gid uint32) (bool, error)

type FilePermsCheck 

type FilePermsCheck struct {
	// contains filtered or unexported fields
}

func (*FilePermsCheck) HasAtLeastPerms 

func (fo *FilePermsCheck) HasAtLeastPerms(targetMode os.FileMode) (bool, error)

func (*FilePermsCheck) HasAtLeastPermsRecursive 

func (fo *FilePermsCheck) HasAtLeastPermsRecursive(targetMode os.FileMode) (bool, error)

func (*FilePermsCheck) HasPerms 

func (fo *FilePermsCheck) HasPerms(targetMode os.FileMode) (bool, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.