GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → zuBux → Drydock

zuBux / Drydock

Licence: gpl-2.0
drydock provides a flexible way of assessing the security of your Docker daemon configuration and containers using editable audit templates

Programming Languages

python
139335 projects - #7 most used programming language

Labels

dockersecurityaudit

Projects that are alternatives of or similar to Drydock

Monitor Table Change With Sqltabledependency
Get SQL Server notification on record table change
Stars: ✭ 459 (+665%)
Mutual labels:  audit
Audit Learning
记录自己对《代码审计》的理解和总结,对危险函数的深入分析以及在p牛的博客和代码审计圈的收获
Stars: ✭ 750 (+1150%)
Mutual labels:  audit
Owasp Masvs
The Mobile Application Security Verification Standard (MASVS) is a standard for mobile app security.
Stars: ✭ 1,030 (+1616.67%)
Mutual labels:  audit
Xsrfprobe
The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.
Stars: ✭ 532 (+786.67%)
Mutual labels:  audit
Audit2rbac
Autogenerate RBAC policies based on Kubernetes audit logs
Stars: ✭ 702 (+1070%)
Mutual labels:  audit
Kubeaudit
kubeaudit helps you audit your Kubernetes clusters against common security controls
Stars: ✭ 885 (+1375%)
Mutual labels:  audit
Salus
Security scanner coordinator
Stars: ✭ 441 (+635%)
Mutual labels:  audit
Ssl Baseline
DevSec SSL/TLS Baseline - InSpec Profile
Stars: ✭ 56 (-6.67%)
Mutual labels:  audit
Paper trail
Track changes to your rails models
Stars: ✭ 6,185 (+10208.33%)
Mutual labels:  audit
Weihanli.entityframework
EntityFramework extensions
Stars: ✭ 42 (-30%)
Mutual labels:  audit
Pgaudit
PostgreSQL Audit Extension
Stars: ✭ 532 (+786.67%)
Mutual labels:  audit
Lighthouse
Automated auditing, performance metrics, and best practices for the web.
Stars: ✭ 23,903 (+39738.33%)
Mutual labels:  audit
S3 Permission Checker
Check read, write permissions on S3 buckets in your account
Stars: ✭ 18 (-70%)
Mutual labels:  audit
Linux Baseline
DevSec Linux Baseline - InSpec Profile
Stars: ✭ 524 (+773.33%)
Mutual labels:  audit
Grails Audit Logging Plugin
The Grails Audit Logging Plugin
Stars: ✭ 45 (-25%)
Mutual labels:  audit
Rundeck
Enable Self-Service Operations: Give specific users access to your existing tools, services, and scripts
Stars: ✭ 4,426 (+7276.67%)
Mutual labels:  audit
Boopsuite
A Suite of Tools written in Python for wireless auditing and security testing.
Stars: ✭ 807 (+1245%)
Mutual labels:  audit
Publisher Ads Lighthouse Plugin
Publisher Ads Lighthouse Plugin is a tool to improve ad speed and overall quality through a series of automated audits. This tool will aid in resolving discovered problems, providing a tool to be used to evaluate effectiveness of iterative changes while suggesting actionable feedback.
Stars: ✭ 58 (-3.33%)
Mutual labels:  audit
Web Accessibility
A Visual Studio Extension for Web accessibility
Stars: ✭ 55 (-8.33%)
Mutual labels:  audit
Rgaa modeles documents
Modèles de documents dans le cadre du RGAA
Stars: ✭ 10 (-83.33%)
Mutual labels:  audit
View All Similar Projects ➔

#What is drydock?

NOTICE: Development is temporarily slowed down due to involvement with Docker's Actuary. Feel free to make PRs, I will review ASAP, and be patient for updates :)

drydock is a Docker security audit tool written in Python. It was initially inspired by docker-bench-security but aims to provide a more flexible way for assesing Docker installations and deployments. drydock allows easy creation and use of custom audit profiles in order to eliminate noise and false alarms. Reports are saved in JSON format for easier parsing. drydock makes heavy use of docker-py client API to communicate with Docker.

At the moment all of the security checks performed are based on the CIS Docker 1.6 Benchmark.

Usage

Using drydock is as simple as :

git clone https://github.com/zuBux/drydock.git
pip install -r requirements.txt
python drydock.py

A profile containing all checks is provided in conf/default.yaml and can be used as reference for creating custom profiles. You can disable an audit by commenting it out (and its options, if any).

Since there are audits which require administrative privileges (e.x examining auditd rules) users are advised to run drydock as root for more accurate results.

Local Docker host

Assuming that your Docker daemon uses unix sockets (default configuration), the following options are available:

  • -o <file_name> : Specifies the path where JSON output will be saved. Switches to output.json if none specified.
  • -p : The profile which will be used for the audit. Switches to conf/default.yaml if none specified.
  • -v : Use values 1, 2 or 3 to change verbosity level to ERROR, WARNING or DEBUG accordingly. Default is 1
  • -f : Output format. Supports JSON (-f json) and JUnit XML (-f xml). Default is JSON Example:
python drydock.py -o audit_aws -f xml -p conf/myprofile.yml -v 2

Remote Docker host

If your Docker daemon listens on an exposed port, using TLS, you must provide the following :

  • -d <IP:port> Docker daemon IP and listening port
  • -c <path> Client certificate
  • -k <path> Client certificate key

Example:

python drydock.py -d 10.0.0.2:2736 -c /home/user/cert/cert.pem -k /home/user/cert/cert.key -o audit_remote -p conf/myprofile.yml

TODO

  • Migrate checks to CIS Docker 1.11 Benchmark

Contributions

drydock is in beta stage and needs testing under different environments (currently tested only on Ubuntu/Debian deployments). All contributions ( bugs/improvements/suggestions etc. ) are welcome!

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].