GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → chen-keinan → lxd-probe

chen-keinan / lxd-probe

Licence: Apache-2.0 license
Open Source runtime scanner for Linux containers (LXD / LXC), It performs security audit checks based on CIS Linux containers Benchmark specification

Programming Languages

go
31211 projects - #10 most used programming language
Makefile
30231 projects
shell
77523 projects

Labels

linuxsecuritylxdcontainersauditcis-benchmarklinuxcontainers

Projects that are alternatives of or similar to lxd-probe

cis benchmarks audit
Simple command line tool to check for compliance against CIS Benchmarks
Stars: ✭ 182 (+1200%)
Mutual labels:  audit, cis-benchmark
cis-benchmark-centOS-8
Auditing Script based on CIS-BENCHMARK CENTOS 8
Stars: ✭ 34 (+142.86%)
Mutual labels:  audit, cis-benchmark
delta reporting
Promise reporting portal using CFEngine Community
Stars: ✭ 13 (-7.14%)
Mutual labels:  audit
aud
Use `npx aud` instead of `npm audit`, whether you have a lockfile or not!
Stars: ✭ 24 (+71.43%)
Mutual labels:  audit
kube-beacon
Open Source runtime scanner for k8s cluster and perform security audit checks based on CIS Kubernetes Benchmark specification
Stars: ✭ 60 (+328.57%)
Mutual labels:  cis-benchmark
active snapshot
Simplified snapshots and restoration for ActiveRecord models and associations with a transparent white-box implementation
Stars: ✭ 67 (+378.57%)
Mutual labels:  audit
awesome-lxc-lxd
A curated list of awesome LXC and LXD tools, libraries and related projects.
Stars: ✭ 34 (+142.86%)
Mutual labels:  lxd
ecaudit
Ericsson Audit plug-in for Apache Cassandra
Stars: ✭ 36 (+157.14%)
Mutual labels:  audit
audit-log
📑 Create audit logs into the database for user behaviors, including a web UI to query logs.
Stars: ✭ 135 (+864.29%)
Mutual labels:  audit
sqle
SQLE is a SQL audit platform | SQLE 是一个支持多场景,原生支持 MySQL 审核且数据库类型可扩展的 SQL 审核工具
Stars: ✭ 731 (+5121.43%)
Mutual labels:  audit
icp-ce-on-linux-containers
Multi node IBM Cloud Private Community Edition 3.2.x w/ Kubernetes 1.13.5 in a Box. Terraform, Packer and BASH based Infrastructure as Code script sets up a multi node LXD cluster, installs ICP-CE and clis on a metal or VM Ubuntu 18.04 host.
Stars: ✭ 52 (+271.43%)
Mutual labels:  lxd
terraform-aws-cloudtrail-s3-bucket
S3 bucket with built in IAM policy to allow CloudTrail logs
Stars: ✭ 38 (+171.43%)
Mutual labels:  audit
audit
A common audit framework for java application
Stars: ✭ 28 (+100%)
Mutual labels:  audit
LXD-Cloud
Lightweight server management using LXD and Ansible
Stars: ✭ 19 (+35.71%)
Mutual labels:  lxd
audits
Subset of public audit reports issued by ChainSecurity. For more, please visit:
Stars: ✭ 27 (+92.86%)
Mutual labels:  audit
org-audit-action
GitHub Action that provides an Organization Membership Audit
Stars: ✭ 34 (+142.86%)
Mutual labels:  audit
postgres-baseline
DevSec PostgreSQL Baseline - InSpec Profile
Stars: ✭ 47 (+235.71%)
Mutual labels:  audit
Ararat
Ararat is the next-generation container/virtual machine control panel. It is your one-stop shop for single application containers, full system containers, and KVM instances
Stars: ✭ 21 (+50%)
Mutual labels:  lxd
Generic-SQL-Audit-Trail
A generic audit trail based on triggers and dynamic SQL.
Stars: ✭ 15 (+7.14%)
Mutual labels:  audit
aws-security-hub-response-and-remediation
Pre-configured response & remediation playbooks for AWS Security Hub
Stars: ✭ 58 (+314.29%)
Mutual labels:  cis-benchmark
View All Similar Projects ➔

Go Report Card License Build Status test coverage badge Gitter


lxd-probe logo

lxd-probe

Scan your Linux container (LXD / LXC) runtime !!

Lxd-Probe is an open source audit scanner who perform audit check on a linux container manager and output it security report.

The audit tests are the full implementation of CIS Lxd Benchmark specification

audit result now can be leveraged as webhook via user plugin(using go plugin)

Audit checks are performed on linux containers, and output audit report include :

  1. root cause of the security issue.
  2. proposed remediation for security issue

Linux container audit scan output:

lxd-probe

Installation

git clone https://github.com/chen-keinan/lxd-probe
cd lxd-probe
make build
./lxd-probe

Note : lxd-probe require privileged user to execute tests.

Quick Start

Usage: lxd-probe [--version] [--help] <command> [<args>]

Available commands are:
  -r , --report :  run audit tests and generate failure and warn report
  -i , --include:  execute only specific audit test,   example -i=1.2.3,1.4.5
  -e , --exclude:  ignore specific audit tests,  example -e=1.2.3,1.4.5
  -c , --classic:  test report in classic view,  example -c

User Plugin Usage

The lxd-probe expose hook for user plugins Example :

  • LxdBenchAuditResultHook - this hook accepts audit benchmark results as found by audit test
Compile user plugin
go build -buildmode=plugin -o=~/<plugin folder>/bench_plugin.so /<plugin folder>/bench_plugin.go
Copy plugin to folder (.lxd-probe folder is created on the 1st startup)
cp /<plugin folder>/bench_plugin.so ~/.lxd-probe/plugins/compile/bench_plugin.so

Note: Plugin and binary must compile with the same linux env

Supported Specs

The lxd-probe support cis specs and can be easily extended:

  • master config file change spec CIS Lxd Benchmark specification both specs can be easily extended by amended the spec files under ~/.lxd-probe/benchmarks/lxd/v1.0.0 folder

Contribution

  • code contribution is welcome !! , contribution with tests and passing linter is more than welcome :)
  • /.dev folder include vagrantfile to be used for development : Dev Instruction
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].