Skip to content

fix MacOSX volume, and lint #429

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Apr 17, 2020
Merged

fix MacOSX volume, and lint #429

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 7 additions & 11 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,20 +36,21 @@ docker run -it --net host --pid host --userns host --cap-add audit_control \
Don't forget to adjust the shared volumes according to your operating system.
Some examples are:

1. `Docker Desktop` on macOS don't have `/usr/lib/systemd` or the above Docker binaries.
1. `Docker Desktop` on macOS don't have `/usr/lib/systemd` or the above Docker
binaries.

```sh
docker run -it --net host --pid host --userns host --cap-add audit_control \
-e DOCKER_CONTENT_TRUST=$DOCKER_CONTENT_TRUST \
-v /etc:/etc \
-v /usr/local/bin:/usr/local/bin:ro \
-v /var/lib:/var/lib:ro \
-v /var/run/docker.sock:/var/run/docker.sock:ro \
--label docker_bench_security \
docker/docker-bench-security
```

2. On Ubuntu the `docker.service` and `docker.secret` files are located in `/lib/systemd/system` folder by default.
2. On Ubuntu the `docker.service` and `docker.secret` files are located in
`/lib/systemd/system` folder by default.

```sh
docker run -it --net host --pid host --userns host --cap-add audit_control \
Expand Down Expand Up @@ -110,7 +111,8 @@ will run all available checks except the docker_enterprise_configuration group
and `2.2 Ensure the logging level is set to 'info'`

`sh docker-bench-security.sh -l /tmp/docker-bench-security.sh.log -c container_images -e check_4_5`
will run just the container_images checks except `4.5 Ensure Content trust for Docker is Enabled`
will run just the container_images checks except
`4.5 Ensure Content trust for Docker is Enabled`

Note that when submitting checks, provide information why it is a
reasonable test to add and please include some kind of official documentation
Expand All @@ -125,15 +127,9 @@ following steps:
git clone https://github.com/docker/docker-bench-security.git
cd docker-bench-security
docker build --no-cache -t docker-bench-security .
docker run -it --net host --pid host --cap-add audit_control \
-e DOCKER_CONTENT_TRUST=$DOCKER_CONTENT_TRUST \
-v /var/lib:/var/lib:ro \
-v /var/run/docker.sock:/var/run/docker.sock:ro \
-v /usr/lib/systemd:/usr/lib/systemd:ro \
-v /etc:/etc:ro --label docker_bench_security \
docker-bench-security
```

followed but an appropiate `docker run` command as stated above
or use [Docker Compose](https://docs.docker.com/compose/):

```sh
Expand Down