Documentation ¶
Index ¶
- Constants
- Variables
- func PathExists(filename string) bool
- type Check
- type CheckDefinition
- type CheckDefinitionImpl
- func (c *CheckDefinitionImpl) AuditDescription() string
- func (c *CheckDefinitionImpl) Category() string
- func (c *CheckDefinitionImpl) DefaultValue() string
- func (c *CheckDefinitionImpl) Description() string
- func (c *CheckDefinitionImpl) Identifier() string
- func (c *CheckDefinitionImpl) Impact() string
- func (c *CheckDefinitionImpl) Name() string
- func (c *CheckDefinitionImpl) Rationale() string
- func (c *CheckDefinitionImpl) References() []string
- func (c *CheckDefinitionImpl) Remediation() string
- type CheckResults
- type DockerAuditFilesDirectoriesCheck
- type DockerAvoidContainerSprawl
- type DockerAvoidImageSprawl
- type DockerBackupContainerData
- type DockerCheckCentralLogCollection
- type DockerCheckEndpointProtectionPlatform
- type DockerContainerUserCheck
- type DockerDaemonAuditingCheck
- type DockerDevToolsCheck
- type DockerEnableIptablesCheck
- type DockerEnvFileOwnerCheck
- type DockerEnvFilePermsCheck
- type DockerEtcDockerFilePermsCheck
- type DockerEtcDockerOwnerCheck
- type DockerHardenHostCheck
- type DockerInsecureRegistriesCheck
- type DockerKernelCheck
- type DockerLocalRegistryCheck
- type DockerMonitorContainers
- type DockerNetworkEnvFilePermsCheck
- type DockerNetworkEnvOwnerCheck
- type DockerNoAufsCheck
- type DockerNoLxcCheck
- type DockerNoUnnecessaryPackagesCheck
- type DockerPartitionCheck
- type DockerPerformSecurityAudits
- type DockerPortCheck
- type DockerRegistryCertsFilePermsCheck
- type DockerRegistryCertsOwnerCheck
- type DockerRegistryEnvFilePermsCheck
- type DockerRegistryEnvOwnerCheck
- type DockerRegistrySvcFilePermsCheck
- type DockerRegistrySvcOwnerCheck
- type DockerRemoveNonEssentialSvcsCheck
- type DockerRestrictKernel
- type DockerRestrictedNetworkTrafficCheck
- type DockerSecurityPatchesCheck
- type DockerSetLoggingLevelCheck
- type DockerSingleMainProcess
- type DockerSocketFilePermsCheck
- type DockerSocketOwnerCheck
- type DockerStorageEnvFilePermsCheck
- type DockerStorageEnvOwnerCheck
- type DockerSvcFilePermsCheck
- type DockerSvcOwnerCheck
- type DockerSystemdSocketFilePermsCheck
- type DockerSystemdSocketOwnerCheck
- type DockerTLSCACertFilePermsCheck
- type DockerTLSCACertOwnerCheck
- type DockerTLSCertFilePermsCheck
- type DockerTLSCertOwnerCheck
- type DockerTLSCheck
- type DockerTLSKeyFilePermsCheck
- type DockerTLSKeyOwnerCheck
- type DockerTrustedUsersCheck
- type DockerUlimitCheck
- type DockerUseTrustedImagesCheck
- type DockerVerifyAppArmorProfile
- type DockerVerifySELinuxProfile
- type DockerVersionCheck
- type DockerXXX
- type FileOwnerCheck
- func (fo *FileOwnerCheck) IsGroupOwner(gid uint32) (bool, error)
- func (fo *FileOwnerCheck) IsOwner(uid uint32) (bool, error)
- func (fo *FileOwnerCheck) IsOwnerAndGroupOwner(uid uint32, gid uint32) (bool, error)
- func (fo *FileOwnerCheck) IsOwnerAndGroupOwnerRecursive(uid uint32, gid uint32) (bool, error)
- type FilePermsCheck
Constants ¶
View Source
const ( DockerUnixSocket = "unix:///var/run/docker.sock" DockerPidFile = "/var/run/docker.pid" )
Variables ¶
View Source
var Checks []Check = []Check{
makeDockerPartitionCheck(),
makeDockerKernelCheck(),
makeDockerDevToolsCheck(),
makeDockerHardenHostCheck(),
makeDockerRemoveNonEssentialSvcsCheck(),
makeDockerVersionCheck(),
makeDockerTrustedUsersCheck(),
makeDockerDaemonAuditingCheck(),
makeDockerAuditFilesVarLibDocker(),
makeDockerAuditFilesEtcDocker(),
makeDockerAuditFilesDockerRegistry(),
makeDockerAuditFilesDockerService(),
makeDockerAuditFilesDockerSock(),
makeDockerAuditFilesSysconfigDocker(),
makeDockerAuditFilesSysconfigDockerNetwork(),
makeDockerAuditFilesSysconfigDockerRegistry(),
makeDockerAuditFilesSysconfigDockerStorage(),
makeDockerAuditFilesEtcDefaultDocker(),
makeDockerNoLxcCheck(),
makeDockerRestrictedNetworkTrafficCheck(),
makeDockerSetLoggingLevelCheck(),
makeDockerEnableIptablesCheck(),
makeDockerInsecureRegistriesCheck(),
makeDockerLocalRegistryCheck(),
makeDockerNoAufsCheck(),
makeDockerPortCheck(),
makeDockerTLSCheck(),
makeDockerUlimitCheck(),
makeDockerSvcOwnerCheck(),
makeDockerSvcFilePermsCheck(),
makeDockerRegistrySvcOwnerCheck(),
makeDockerRegistrySvcFilePermsCheck(),
makeDockerSystemdSocketOwnerCheck(),
makeDockerSystemdSocketFilePermsCheck(),
makeDockerEnvFileOwnerCheck(),
makeDockerEnvFilePermsCheck(),
makeDockerNetworkEnvOwnerCheck(),
makeDockerNetworkEnvFilePermsCheck(),
makeDockerRegistryEnvOwnerCheck(),
makeDockerRegistryEnvFilePermsCheck(),
makeDockerStorageEnvOwnerCheck(),
makeDockerStorageEnvFilePermsCheck(),
makeDockerEtcDockerOwnerCheck(),
makeDockerEtcDockerFilePermsCheck(),
makeDockerRegistryCertsOwnerCheck(),
makeDockerRegistryCertsFilePermsCheck(),
makeDockerTLSCACertOwnerCheck(),
makeDockerTLSCACertFilePermsCheck(),
makeDockerTLSCertOwnerCheck(),
makeDockerTLSCertFilePermsCheck(),
makeDockerTLSKeyOwnerCheck(),
makeDockerTLSKeyFilePermsCheck(),
makeDockerSocketOwnerCheck(),
makeDockerSocketFilePermsCheck(),
makeDockerContainerUserCheck(),
makeDockerUseTrustedImagesCheck(),
makeDockerNoUnnecessaryPackagesCheck(),
makeDockerVerifyAppArmorProfile(),
makeDockerVerifySELinuxProfile(),
makeDockerSingleMainProcess(),
makeDockerRestrictKernel(),
makeDockerPerformSecurityAudits(),
makeDockerMonitorContainers(),
makeDockerCheckEndpointProtectionPlatform(),
makeDockerBackupContainerData(),
makeDockerCheckCentralLogCollection(),
makeDockerAvoidImageSprawl(),
makeDockerAvoidContainerSprawl(),
}
TODO: put the checks in a diff package and allow to register with the batten main package.
View Source
var DEFAULT_FSTAB = "/etc/fstab"
Functions ¶
Types ¶
type Check ¶
type Check interface { AuditCheck() (bool, error) GetCheckDefinition() CheckDefinition }
type CheckDefinition ¶
type CheckDefinitionImpl ¶
type CheckDefinitionImpl struct {
// contains filtered or unexported fields
}
func (*CheckDefinitionImpl) AuditDescription ¶
func (c *CheckDefinitionImpl) AuditDescription() string
func (*CheckDefinitionImpl) Category ¶
func (c *CheckDefinitionImpl) Category() string
func (*CheckDefinitionImpl) DefaultValue ¶
func (c *CheckDefinitionImpl) DefaultValue() string
func (*CheckDefinitionImpl) Description ¶
func (c *CheckDefinitionImpl) Description() string
func (*CheckDefinitionImpl) Identifier ¶
func (c *CheckDefinitionImpl) Identifier() string
func (*CheckDefinitionImpl) Impact ¶
func (c *CheckDefinitionImpl) Impact() string
func (*CheckDefinitionImpl) Name ¶
func (c *CheckDefinitionImpl) Name() string
func (*CheckDefinitionImpl) Rationale ¶
func (c *CheckDefinitionImpl) Rationale() string
func (*CheckDefinitionImpl) References ¶
func (c *CheckDefinitionImpl) References() []string
func (*CheckDefinitionImpl) Remediation ¶
func (c *CheckDefinitionImpl) Remediation() string
type CheckResults ¶
type CheckResults struct { Success bool Error error CheckDefinition CheckDefinition }
func RunCheck ¶
func RunCheck(c Check) *CheckResults
type DockerAuditFilesDirectoriesCheck ¶
type DockerAuditFilesDirectoriesCheck struct { *CheckDefinitionImpl // contains filtered or unexported fields }
func (*DockerAuditFilesDirectoriesCheck) AuditCheck ¶
func (dc *DockerAuditFilesDirectoriesCheck) AuditCheck() (bool, error)
TODO: there should be 2 types of checks: auditctl check, and if that fails, use a audit config file.
func (*DockerAuditFilesDirectoriesCheck) GetCheckDefinition ¶
func (dc *DockerAuditFilesDirectoriesCheck) GetCheckDefinition() CheckDefinition
type DockerAvoidContainerSprawl ¶
type DockerAvoidContainerSprawl struct {
*CheckDefinitionImpl
}
func (*DockerAvoidContainerSprawl) AuditCheck ¶
func (dc *DockerAvoidContainerSprawl) AuditCheck() (bool, error)
func (*DockerAvoidContainerSprawl) GetCheckDefinition ¶
func (dc *DockerAvoidContainerSprawl) GetCheckDefinition() CheckDefinition
type DockerAvoidImageSprawl ¶
type DockerAvoidImageSprawl struct {
*CheckDefinitionImpl
}
func (*DockerAvoidImageSprawl) AuditCheck ¶
func (dc *DockerAvoidImageSprawl) AuditCheck() (bool, error)
func (*DockerAvoidImageSprawl) GetCheckDefinition ¶
func (dc *DockerAvoidImageSprawl) GetCheckDefinition() CheckDefinition
type DockerBackupContainerData ¶
type DockerBackupContainerData struct {
*CheckDefinitionImpl
}
func (*DockerBackupContainerData) AuditCheck ¶
func (dc *DockerBackupContainerData) AuditCheck() (bool, error)
func (*DockerBackupContainerData) GetCheckDefinition ¶
func (dc *DockerBackupContainerData) GetCheckDefinition() CheckDefinition
type DockerCheckCentralLogCollection ¶
type DockerCheckCentralLogCollection struct {
*CheckDefinitionImpl
}
func (*DockerCheckCentralLogCollection) AuditCheck ¶
func (dc *DockerCheckCentralLogCollection) AuditCheck() (bool, error)
func (*DockerCheckCentralLogCollection) GetCheckDefinition ¶
func (dc *DockerCheckCentralLogCollection) GetCheckDefinition() CheckDefinition
type DockerCheckEndpointProtectionPlatform ¶
type DockerCheckEndpointProtectionPlatform struct {
*CheckDefinitionImpl
}
func (*DockerCheckEndpointProtectionPlatform) AuditCheck ¶
func (dc *DockerCheckEndpointProtectionPlatform) AuditCheck() (bool, error)
func (*DockerCheckEndpointProtectionPlatform) GetCheckDefinition ¶
func (dc *DockerCheckEndpointProtectionPlatform) GetCheckDefinition() CheckDefinition
type DockerContainerUserCheck ¶
type DockerContainerUserCheck struct {
*CheckDefinitionImpl
}
func (*DockerContainerUserCheck) AuditCheck ¶
func (dc *DockerContainerUserCheck) AuditCheck() (bool, error)
list all running containers, and ensure they are all running as root
func (*DockerContainerUserCheck) GetCheckDefinition ¶
func (dc *DockerContainerUserCheck) GetCheckDefinition() CheckDefinition
type DockerDaemonAuditingCheck ¶
type DockerDaemonAuditingCheck struct { *CheckDefinitionImpl // contains filtered or unexported fields }
func (*DockerDaemonAuditingCheck) AuditCheck ¶
func (dc *DockerDaemonAuditingCheck) AuditCheck() (bool, error)
func (*DockerDaemonAuditingCheck) GetCheckDefinition ¶
func (dc *DockerDaemonAuditingCheck) GetCheckDefinition() CheckDefinition
type DockerDevToolsCheck ¶
type DockerDevToolsCheck struct { *CheckDefinitionImpl // contains filtered or unexported fields }
func (*DockerDevToolsCheck) AuditCheck ¶
func (dc *DockerDevToolsCheck) AuditCheck() (bool, error)
func (*DockerDevToolsCheck) GetCheckDefinition ¶
func (dc *DockerDevToolsCheck) GetCheckDefinition() CheckDefinition
type DockerEnableIptablesCheck ¶
type DockerEnableIptablesCheck struct { *CheckDefinitionImpl // contains filtered or unexported fields }
func (*DockerEnableIptablesCheck) AuditCheck ¶
func (dc *DockerEnableIptablesCheck) AuditCheck() (bool, error)
func (*DockerEnableIptablesCheck) GetCheckDefinition ¶
func (dc *DockerEnableIptablesCheck) GetCheckDefinition() CheckDefinition
type DockerEnvFileOwnerCheck ¶
type DockerEnvFileOwnerCheck struct { *CheckDefinitionImpl *FileOwnerCheck }
func (*DockerEnvFileOwnerCheck) AuditCheck ¶
func (dc *DockerEnvFileOwnerCheck) AuditCheck() (bool, error)
func (*DockerEnvFileOwnerCheck) GetCheckDefinition ¶
func (dc *DockerEnvFileOwnerCheck) GetCheckDefinition() CheckDefinition
type DockerEnvFilePermsCheck ¶
type DockerEnvFilePermsCheck struct { *CheckDefinitionImpl *FilePermsCheck }
func (*DockerEnvFilePermsCheck) AuditCheck ¶
func (dc *DockerEnvFilePermsCheck) AuditCheck() (bool, error)
func (*DockerEnvFilePermsCheck) GetCheckDefinition ¶
func (dc *DockerEnvFilePermsCheck) GetCheckDefinition() CheckDefinition
type DockerEtcDockerFilePermsCheck ¶
type DockerEtcDockerFilePermsCheck struct { *CheckDefinitionImpl *FilePermsCheck }
func (*DockerEtcDockerFilePermsCheck) AuditCheck ¶
func (dc *DockerEtcDockerFilePermsCheck) AuditCheck() (bool, error)
func (*DockerEtcDockerFilePermsCheck) GetCheckDefinition ¶
func (dc *DockerEtcDockerFilePermsCheck) GetCheckDefinition() CheckDefinition
type DockerEtcDockerOwnerCheck ¶
type DockerEtcDockerOwnerCheck struct { *CheckDefinitionImpl *FileOwnerCheck }
func (*DockerEtcDockerOwnerCheck) AuditCheck ¶
func (dc *DockerEtcDockerOwnerCheck) AuditCheck() (bool, error)
func (*DockerEtcDockerOwnerCheck) GetCheckDefinition ¶
func (dc *DockerEtcDockerOwnerCheck) GetCheckDefinition() CheckDefinition
type DockerHardenHostCheck ¶
type DockerHardenHostCheck struct { *CheckDefinitionImpl // contains filtered or unexported fields }
func (*DockerHardenHostCheck) AuditCheck ¶
func (dc *DockerHardenHostCheck) AuditCheck() (bool, error)
func (*DockerHardenHostCheck) GetCheckDefinition ¶
func (dc *DockerHardenHostCheck) GetCheckDefinition() CheckDefinition
type DockerInsecureRegistriesCheck ¶
type DockerInsecureRegistriesCheck struct { *CheckDefinitionImpl // contains filtered or unexported fields }
func (*DockerInsecureRegistriesCheck) AuditCheck ¶
func (dc *DockerInsecureRegistriesCheck) AuditCheck() (bool, error)
func (*DockerInsecureRegistriesCheck) GetCheckDefinition ¶
func (dc *DockerInsecureRegistriesCheck) GetCheckDefinition() CheckDefinition
type DockerKernelCheck ¶
type DockerKernelCheck struct {
*CheckDefinitionImpl
}
func (*DockerKernelCheck) AuditCheck ¶
func (dc *DockerKernelCheck) AuditCheck() (bool, error)
func (*DockerKernelCheck) GetCheckDefinition ¶
func (dc *DockerKernelCheck) GetCheckDefinition() CheckDefinition
type DockerLocalRegistryCheck ¶
type DockerLocalRegistryCheck struct { *CheckDefinitionImpl // contains filtered or unexported fields }
func (*DockerLocalRegistryCheck) AuditCheck ¶
func (dc *DockerLocalRegistryCheck) AuditCheck() (bool, error)
func (*DockerLocalRegistryCheck) GetCheckDefinition ¶
func (dc *DockerLocalRegistryCheck) GetCheckDefinition() CheckDefinition
type DockerMonitorContainers ¶
type DockerMonitorContainers struct {
*CheckDefinitionImpl
}
func (*DockerMonitorContainers) AuditCheck ¶
func (dc *DockerMonitorContainers) AuditCheck() (bool, error)
func (*DockerMonitorContainers) GetCheckDefinition ¶
func (dc *DockerMonitorContainers) GetCheckDefinition() CheckDefinition
type DockerNetworkEnvFilePermsCheck ¶
type DockerNetworkEnvFilePermsCheck struct { *CheckDefinitionImpl *FilePermsCheck }
func (*DockerNetworkEnvFilePermsCheck) AuditCheck ¶
func (dc *DockerNetworkEnvFilePermsCheck) AuditCheck() (bool, error)
func (*DockerNetworkEnvFilePermsCheck) GetCheckDefinition ¶
func (dc *DockerNetworkEnvFilePermsCheck) GetCheckDefinition() CheckDefinition
type DockerNetworkEnvOwnerCheck ¶
type DockerNetworkEnvOwnerCheck struct { *CheckDefinitionImpl *FileOwnerCheck }
func (*DockerNetworkEnvOwnerCheck) AuditCheck ¶
func (dc *DockerNetworkEnvOwnerCheck) AuditCheck() (bool, error)
func (*DockerNetworkEnvOwnerCheck) GetCheckDefinition ¶
func (dc *DockerNetworkEnvOwnerCheck) GetCheckDefinition() CheckDefinition
type DockerNoAufsCheck ¶
type DockerNoAufsCheck struct {
*CheckDefinitionImpl
}
func (*DockerNoAufsCheck) AuditCheck ¶
func (dc *DockerNoAufsCheck) AuditCheck() (bool, error)
func (*DockerNoAufsCheck) GetCheckDefinition ¶
func (dc *DockerNoAufsCheck) GetCheckDefinition() CheckDefinition
type DockerNoLxcCheck ¶
type DockerNoLxcCheck struct {
*CheckDefinitionImpl
}
func (*DockerNoLxcCheck) AuditCheck ¶
func (dc *DockerNoLxcCheck) AuditCheck() (bool, error)
AuditCheck looks for --exec-driver in the docker daemon options, e..g
docker -d --exec-driver=lxc
func (*DockerNoLxcCheck) GetCheckDefinition ¶
func (dc *DockerNoLxcCheck) GetCheckDefinition() CheckDefinition
type DockerNoUnnecessaryPackagesCheck ¶
type DockerNoUnnecessaryPackagesCheck struct {
*CheckDefinitionImpl
}
func (*DockerNoUnnecessaryPackagesCheck) AuditCheck ¶
func (dc *DockerNoUnnecessaryPackagesCheck) AuditCheck() (bool, error)
func (*DockerNoUnnecessaryPackagesCheck) GetCheckDefinition ¶
func (dc *DockerNoUnnecessaryPackagesCheck) GetCheckDefinition() CheckDefinition
type DockerPartitionCheck ¶
type DockerPartitionCheck struct { *CheckDefinitionImpl // contains filtered or unexported fields }
func (*DockerPartitionCheck) AuditCheck ¶
func (dc *DockerPartitionCheck) AuditCheck() (bool, error)
func (*DockerPartitionCheck) GetCheckDefinition ¶
func (dc *DockerPartitionCheck) GetCheckDefinition() CheckDefinition
type DockerPerformSecurityAudits ¶
type DockerPerformSecurityAudits struct {
*CheckDefinitionImpl
}
func (*DockerPerformSecurityAudits) AuditCheck ¶
func (dc *DockerPerformSecurityAudits) AuditCheck() (bool, error)
func (*DockerPerformSecurityAudits) GetCheckDefinition ¶
func (dc *DockerPerformSecurityAudits) GetCheckDefinition() CheckDefinition
type DockerPortCheck ¶
type DockerPortCheck struct { *CheckDefinitionImpl // contains filtered or unexported fields }
func (*DockerPortCheck) AuditCheck ¶
func (dc *DockerPortCheck) AuditCheck() (bool, error)
func (*DockerPortCheck) GetCheckDefinition ¶
func (dc *DockerPortCheck) GetCheckDefinition() CheckDefinition
type DockerRegistryCertsFilePermsCheck ¶
type DockerRegistryCertsFilePermsCheck struct { *CheckDefinitionImpl *FilePermsCheck }
func (*DockerRegistryCertsFilePermsCheck) AuditCheck ¶
func (dc *DockerRegistryCertsFilePermsCheck) AuditCheck() (bool, error)
func (*DockerRegistryCertsFilePermsCheck) GetCheckDefinition ¶
func (dc *DockerRegistryCertsFilePermsCheck) GetCheckDefinition() CheckDefinition
type DockerRegistryCertsOwnerCheck ¶
type DockerRegistryCertsOwnerCheck struct { *CheckDefinitionImpl *FileOwnerCheck }
func (*DockerRegistryCertsOwnerCheck) AuditCheck ¶
func (dc *DockerRegistryCertsOwnerCheck) AuditCheck() (bool, error)
func (*DockerRegistryCertsOwnerCheck) GetCheckDefinition ¶
func (dc *DockerRegistryCertsOwnerCheck) GetCheckDefinition() CheckDefinition
type DockerRegistryEnvFilePermsCheck ¶
type DockerRegistryEnvFilePermsCheck struct { *CheckDefinitionImpl *FilePermsCheck }
func (*DockerRegistryEnvFilePermsCheck) AuditCheck ¶
func (dc *DockerRegistryEnvFilePermsCheck) AuditCheck() (bool, error)
func (*DockerRegistryEnvFilePermsCheck) GetCheckDefinition ¶
func (dc *DockerRegistryEnvFilePermsCheck) GetCheckDefinition() CheckDefinition
type DockerRegistryEnvOwnerCheck ¶
type DockerRegistryEnvOwnerCheck struct { *CheckDefinitionImpl *FileOwnerCheck }
func (*DockerRegistryEnvOwnerCheck) AuditCheck ¶
func (dc *DockerRegistryEnvOwnerCheck) AuditCheck() (bool, error)
func (*DockerRegistryEnvOwnerCheck) GetCheckDefinition ¶
func (dc *DockerRegistryEnvOwnerCheck) GetCheckDefinition() CheckDefinition
type DockerRegistrySvcFilePermsCheck ¶
type DockerRegistrySvcFilePermsCheck struct { *CheckDefinitionImpl *FilePermsCheck }
func (*DockerRegistrySvcFilePermsCheck) AuditCheck ¶
func (dc *DockerRegistrySvcFilePermsCheck) AuditCheck() (bool, error)
func (*DockerRegistrySvcFilePermsCheck) GetCheckDefinition ¶
func (dc *DockerRegistrySvcFilePermsCheck) GetCheckDefinition() CheckDefinition
type DockerRegistrySvcOwnerCheck ¶
type DockerRegistrySvcOwnerCheck struct { *CheckDefinitionImpl *FileOwnerCheck }
func (*DockerRegistrySvcOwnerCheck) AuditCheck ¶
func (dc *DockerRegistrySvcOwnerCheck) AuditCheck() (bool, error)
func (*DockerRegistrySvcOwnerCheck) GetCheckDefinition ¶
func (dc *DockerRegistrySvcOwnerCheck) GetCheckDefinition() CheckDefinition
type DockerRemoveNonEssentialSvcsCheck ¶
type DockerRemoveNonEssentialSvcsCheck struct {
*CheckDefinitionImpl
}
func (*DockerRemoveNonEssentialSvcsCheck) AuditCheck ¶
func (dc *DockerRemoveNonEssentialSvcsCheck) AuditCheck() (bool, error)
func (*DockerRemoveNonEssentialSvcsCheck) GetCheckDefinition ¶
func (dc *DockerRemoveNonEssentialSvcsCheck) GetCheckDefinition() CheckDefinition
type DockerRestrictKernel ¶
type DockerRestrictKernel struct { *CheckDefinitionImpl // contains filtered or unexported fields }
func (*DockerRestrictKernel) AuditCheck ¶
func (dc *DockerRestrictKernel) AuditCheck() (bool, error)
func (*DockerRestrictKernel) GetCheckDefinition ¶
func (dc *DockerRestrictKernel) GetCheckDefinition() CheckDefinition
type DockerRestrictedNetworkTrafficCheck ¶
type DockerRestrictedNetworkTrafficCheck struct { *CheckDefinitionImpl // contains filtered or unexported fields }
func (*DockerRestrictedNetworkTrafficCheck) AuditCheck ¶
func (dc *DockerRestrictedNetworkTrafficCheck) AuditCheck() (bool, error)
func (*DockerRestrictedNetworkTrafficCheck) GetCheckDefinition ¶
func (dc *DockerRestrictedNetworkTrafficCheck) GetCheckDefinition() CheckDefinition
type DockerSecurityPatchesCheck ¶
type DockerSecurityPatchesCheck struct {
*CheckDefinitionImpl
}
func (*DockerSecurityPatchesCheck) AuditCheck ¶
func (dc *DockerSecurityPatchesCheck) AuditCheck() (bool, error)
func (*DockerSecurityPatchesCheck) GetCheckDefinition ¶
func (dc *DockerSecurityPatchesCheck) GetCheckDefinition() CheckDefinition
type DockerSetLoggingLevelCheck ¶
type DockerSetLoggingLevelCheck struct { *CheckDefinitionImpl // contains filtered or unexported fields }
func (*DockerSetLoggingLevelCheck) AuditCheck ¶
func (dc *DockerSetLoggingLevelCheck) AuditCheck() (bool, error)
func (*DockerSetLoggingLevelCheck) GetCheckDefinition ¶
func (dc *DockerSetLoggingLevelCheck) GetCheckDefinition() CheckDefinition
type DockerSingleMainProcess ¶
type DockerSingleMainProcess struct { *CheckDefinitionImpl // contains filtered or unexported fields }
func (*DockerSingleMainProcess) AuditCheck ¶
func (dc *DockerSingleMainProcess) AuditCheck() (bool, error)
func (*DockerSingleMainProcess) GetCheckDefinition ¶
func (dc *DockerSingleMainProcess) GetCheckDefinition() CheckDefinition
type DockerSocketFilePermsCheck ¶
type DockerSocketFilePermsCheck struct { *CheckDefinitionImpl *FilePermsCheck }
func (*DockerSocketFilePermsCheck) AuditCheck ¶
func (dc *DockerSocketFilePermsCheck) AuditCheck() (bool, error)
func (*DockerSocketFilePermsCheck) GetCheckDefinition ¶
func (dc *DockerSocketFilePermsCheck) GetCheckDefinition() CheckDefinition
type DockerSocketOwnerCheck ¶
type DockerSocketOwnerCheck struct { *CheckDefinitionImpl *FileOwnerCheck }
func (*DockerSocketOwnerCheck) AuditCheck ¶
func (dc *DockerSocketOwnerCheck) AuditCheck() (bool, error)
func (*DockerSocketOwnerCheck) GetCheckDefinition ¶
func (dc *DockerSocketOwnerCheck) GetCheckDefinition() CheckDefinition
type DockerStorageEnvFilePermsCheck ¶
type DockerStorageEnvFilePermsCheck struct { *CheckDefinitionImpl *FilePermsCheck }
func (*DockerStorageEnvFilePermsCheck) AuditCheck ¶
func (dc *DockerStorageEnvFilePermsCheck) AuditCheck() (bool, error)
func (*DockerStorageEnvFilePermsCheck) GetCheckDefinition ¶
func (dc *DockerStorageEnvFilePermsCheck) GetCheckDefinition() CheckDefinition
type DockerStorageEnvOwnerCheck ¶
type DockerStorageEnvOwnerCheck struct { *CheckDefinitionImpl *FileOwnerCheck }
func (*DockerStorageEnvOwnerCheck) AuditCheck ¶
func (dc *DockerStorageEnvOwnerCheck) AuditCheck() (bool, error)
func (*DockerStorageEnvOwnerCheck) GetCheckDefinition ¶
func (dc *DockerStorageEnvOwnerCheck) GetCheckDefinition() CheckDefinition
type DockerSvcFilePermsCheck ¶
type DockerSvcFilePermsCheck struct { *CheckDefinitionImpl *FilePermsCheck }
func (*DockerSvcFilePermsCheck) AuditCheck ¶
func (dc *DockerSvcFilePermsCheck) AuditCheck() (bool, error)
func (*DockerSvcFilePermsCheck) GetCheckDefinition ¶
func (dc *DockerSvcFilePermsCheck) GetCheckDefinition() CheckDefinition
type DockerSvcOwnerCheck ¶
type DockerSvcOwnerCheck struct { *CheckDefinitionImpl *FileOwnerCheck }
func (*DockerSvcOwnerCheck) AuditCheck ¶
func (dc *DockerSvcOwnerCheck) AuditCheck() (bool, error)
func (*DockerSvcOwnerCheck) GetCheckDefinition ¶
func (dc *DockerSvcOwnerCheck) GetCheckDefinition() CheckDefinition
type DockerSystemdSocketFilePermsCheck ¶
type DockerSystemdSocketFilePermsCheck struct { *CheckDefinitionImpl *FilePermsCheck }
func (*DockerSystemdSocketFilePermsCheck) AuditCheck ¶
func (dc *DockerSystemdSocketFilePermsCheck) AuditCheck() (bool, error)
func (*DockerSystemdSocketFilePermsCheck) GetCheckDefinition ¶
func (dc *DockerSystemdSocketFilePermsCheck) GetCheckDefinition() CheckDefinition
type DockerSystemdSocketOwnerCheck ¶
type DockerSystemdSocketOwnerCheck struct { *CheckDefinitionImpl *FileOwnerCheck }
func (*DockerSystemdSocketOwnerCheck) AuditCheck ¶
func (dc *DockerSystemdSocketOwnerCheck) AuditCheck() (bool, error)
func (*DockerSystemdSocketOwnerCheck) GetCheckDefinition ¶
func (dc *DockerSystemdSocketOwnerCheck) GetCheckDefinition() CheckDefinition
type DockerTLSCACertFilePermsCheck ¶
type DockerTLSCACertFilePermsCheck struct { *CheckDefinitionImpl *FilePermsCheck // contains filtered or unexported fields }
func (*DockerTLSCACertFilePermsCheck) AuditCheck ¶
func (dc *DockerTLSCACertFilePermsCheck) AuditCheck() (bool, error)
func (*DockerTLSCACertFilePermsCheck) GetCheckDefinition ¶
func (dc *DockerTLSCACertFilePermsCheck) GetCheckDefinition() CheckDefinition
type DockerTLSCACertOwnerCheck ¶
type DockerTLSCACertOwnerCheck struct { *CheckDefinitionImpl *FileOwnerCheck // contains filtered or unexported fields }
func (*DockerTLSCACertOwnerCheck) AuditCheck ¶
func (dc *DockerTLSCACertOwnerCheck) AuditCheck() (bool, error)
func (*DockerTLSCACertOwnerCheck) GetCheckDefinition ¶
func (dc *DockerTLSCACertOwnerCheck) GetCheckDefinition() CheckDefinition
type DockerTLSCertFilePermsCheck ¶
type DockerTLSCertFilePermsCheck struct { *CheckDefinitionImpl *FilePermsCheck // contains filtered or unexported fields }
func (*DockerTLSCertFilePermsCheck) AuditCheck ¶
func (dc *DockerTLSCertFilePermsCheck) AuditCheck() (bool, error)
func (*DockerTLSCertFilePermsCheck) GetCheckDefinition ¶
func (dc *DockerTLSCertFilePermsCheck) GetCheckDefinition() CheckDefinition
type DockerTLSCertOwnerCheck ¶
type DockerTLSCertOwnerCheck struct { *CheckDefinitionImpl *FileOwnerCheck // contains filtered or unexported fields }
func (*DockerTLSCertOwnerCheck) AuditCheck ¶
func (dc *DockerTLSCertOwnerCheck) AuditCheck() (bool, error)
func (*DockerTLSCertOwnerCheck) GetCheckDefinition ¶
func (dc *DockerTLSCertOwnerCheck) GetCheckDefinition() CheckDefinition
type DockerTLSCheck ¶
type DockerTLSCheck struct { *CheckDefinitionImpl // contains filtered or unexported fields }
func (*DockerTLSCheck) AuditCheck ¶
func (dc *DockerTLSCheck) AuditCheck() (bool, error)
func (*DockerTLSCheck) GetCheckDefinition ¶
func (dc *DockerTLSCheck) GetCheckDefinition() CheckDefinition
type DockerTLSKeyFilePermsCheck ¶
type DockerTLSKeyFilePermsCheck struct { *CheckDefinitionImpl *FilePermsCheck // contains filtered or unexported fields }
func (*DockerTLSKeyFilePermsCheck) AuditCheck ¶
func (dc *DockerTLSKeyFilePermsCheck) AuditCheck() (bool, error)
func (*DockerTLSKeyFilePermsCheck) GetCheckDefinition ¶
func (dc *DockerTLSKeyFilePermsCheck) GetCheckDefinition() CheckDefinition
type DockerTLSKeyOwnerCheck ¶
type DockerTLSKeyOwnerCheck struct { *CheckDefinitionImpl *FileOwnerCheck // contains filtered or unexported fields }
func (*DockerTLSKeyOwnerCheck) AuditCheck ¶
func (dc *DockerTLSKeyOwnerCheck) AuditCheck() (bool, error)
func (*DockerTLSKeyOwnerCheck) GetCheckDefinition ¶
func (dc *DockerTLSKeyOwnerCheck) GetCheckDefinition() CheckDefinition
type DockerTrustedUsersCheck ¶
type DockerTrustedUsersCheck struct { *CheckDefinitionImpl // contains filtered or unexported fields }
func (*DockerTrustedUsersCheck) AuditCheck ¶
func (dc *DockerTrustedUsersCheck) AuditCheck() (bool, error)
func (*DockerTrustedUsersCheck) GetCheckDefinition ¶
func (dc *DockerTrustedUsersCheck) GetCheckDefinition() CheckDefinition
type DockerUlimitCheck ¶
type DockerUlimitCheck struct { *CheckDefinitionImpl // contains filtered or unexported fields }
func (*DockerUlimitCheck) AuditCheck ¶
func (dc *DockerUlimitCheck) AuditCheck() (bool, error)
func (*DockerUlimitCheck) GetCheckDefinition ¶
func (dc *DockerUlimitCheck) GetCheckDefinition() CheckDefinition
type DockerUseTrustedImagesCheck ¶
type DockerUseTrustedImagesCheck struct { *CheckDefinitionImpl // contains filtered or unexported fields }
func (*DockerUseTrustedImagesCheck) AuditCheck ¶
func (dc *DockerUseTrustedImagesCheck) AuditCheck() (bool, error)
func (*DockerUseTrustedImagesCheck) GetCheckDefinition ¶
func (dc *DockerUseTrustedImagesCheck) GetCheckDefinition() CheckDefinition
type DockerVerifyAppArmorProfile ¶
type DockerVerifyAppArmorProfile struct {
*CheckDefinitionImpl
}
func (*DockerVerifyAppArmorProfile) AuditCheck ¶
func (dc *DockerVerifyAppArmorProfile) AuditCheck() (bool, error)
func (*DockerVerifyAppArmorProfile) GetCheckDefinition ¶
func (dc *DockerVerifyAppArmorProfile) GetCheckDefinition() CheckDefinition
type DockerVerifySELinuxProfile ¶
type DockerVerifySELinuxProfile struct {
*CheckDefinitionImpl
}
func (*DockerVerifySELinuxProfile) AuditCheck ¶
func (dc *DockerVerifySELinuxProfile) AuditCheck() (bool, error)
func (*DockerVerifySELinuxProfile) GetCheckDefinition ¶
func (dc *DockerVerifySELinuxProfile) GetCheckDefinition() CheckDefinition
type DockerVersionCheck ¶
type DockerVersionCheck struct { *CheckDefinitionImpl // contains filtered or unexported fields }
func (*DockerVersionCheck) AuditCheck ¶
func (dc *DockerVersionCheck) AuditCheck() (bool, error)
func (*DockerVersionCheck) GetCheckDefinition ¶
func (dc *DockerVersionCheck) GetCheckDefinition() CheckDefinition
type DockerXXX ¶
type DockerXXX struct {
*CheckDefinitionImpl
}
func (*DockerXXX) AuditCheck ¶
func (*DockerXXX) GetCheckDefinition ¶
func (dc *DockerXXX) GetCheckDefinition() CheckDefinition
type FileOwnerCheck ¶
type FileOwnerCheck struct {
// contains filtered or unexported fields
}
func (*FileOwnerCheck) IsGroupOwner ¶
func (fo *FileOwnerCheck) IsGroupOwner(gid uint32) (bool, error)
func (*FileOwnerCheck) IsOwnerAndGroupOwner ¶
func (fo *FileOwnerCheck) IsOwnerAndGroupOwner(uid uint32, gid uint32) (bool, error)
func (*FileOwnerCheck) IsOwnerAndGroupOwnerRecursive ¶
func (fo *FileOwnerCheck) IsOwnerAndGroupOwnerRecursive(uid uint32, gid uint32) (bool, error)
type FilePermsCheck ¶
type FilePermsCheck struct {
// contains filtered or unexported fields
}
func (*FilePermsCheck) HasAtLeastPerms ¶
func (fo *FilePermsCheck) HasAtLeastPerms(targetMode os.FileMode) (bool, error)
func (*FilePermsCheck) HasAtLeastPermsRecursive ¶
func (fo *FilePermsCheck) HasAtLeastPermsRecursive(targetMode os.FileMode) (bool, error)
Source Files ¶
- checks.go
- docker_audit_files_directories.go
- docker_avoid_container_sprawl.go
- docker_avoid_image_sprawl.go
- docker_backup_container_data.go
- docker_check_central_log_collection.go
- docker_check_endpoint_protection_platform.go
- docker_check_insecure_registries.go
- docker_check_template.go
- docker_check_version.go
- docker_container_user_check.go
- docker_daemon_auditing_check.go
- docker_dev_tools_check.go
- docker_enable_iptables.go
- docker_env_file_owner.go
- docker_env_fileperms.go
- docker_etc_docker_fileperms.go
- docker_etc_docker_owner.go
- docker_harden_host_check.go
- docker_kernel_check.go
- docker_local_registry_check.go
- docker_monitor_containers.go
- docker_network_env_fileperms.go
- docker_network_env_owner.go
- docker_no_aufs_check.go
- docker_no_lxc_check.go
- docker_no_unnecessary_packages.go
- docker_partition_check.go
- docker_perform_security_audits.go
- docker_port_check.go
- docker_registry_certs_fileperms.go
- docker_registry_certs_owner.go
- docker_registry_env_fileperms.go
- docker_registry_env_owner.go
- docker_registry_service_fileperms.go
- docker_registry_service_owner.go
- docker_remove_nonessential_svcs.go
- docker_restrict_kernel.go
- docker_restrict_network_traffic.go
- docker_security_patches.go
- docker_service_fileperm.go
- docker_service_owner.go
- docker_set_logging_level.go
- docker_single_main_process.go
- docker_socket_fileperms.go
- docker_socket_owner.go
- docker_storage_env_fileperms.go
- docker_storage_env_owner.go
- docker_systemd_socket_fileperms.go
- docker_systemd_socket_owner.go
- docker_tls_ca_cert_fileperms.go
- docker_tls_ca_cert_owner.go
- docker_tls_cert_fileperms.go
- docker_tls_cert_owner.go
- docker_tls_check.go
- docker_tls_key_fileperms.go
- docker_tls_key_owner.go
- docker_trusted_users_check.go
- docker_ulimit_check.go
- docker_use_trusted_images.go
- docker_verify_apparmor_profile.go
- docker_verify_selinux_profile.go
- file_owner_check.go
- file_perms_check.go
- utils.go
Click to show internal directories.
Click to hide internal directories.