Toggle sidebar

Docker-Host-Analyse

  • Ab sofort steht euch hier im Forum die neue Add-on Verwaltung zur Verfügung – eine zentrale Plattform für alles rund um Erweiterungen und Add-ons für den DSM.

    Damit haben wir einen Ort, an dem Lösungen von Nutzern mit der Community geteilt werden können. Über die Team Funktion können Projekte auch gemeinsam gepflegt werden.

    Was die Add-on Verwaltung kann und wie es funktioniert findet Ihr hier

    Hier geht es zu den Add-ons

Status
Für weitere Antworten geschlossen.
Frogman

Frogman

Benutzer
Registriert
01. Sep. 2012
Beiträge
17.485
Reaktionspunkte
9
Punkte
414
Für alle, die die neue Docker-Lösung von Synology nutzen: auch wenn Synology bisher offenbar nur die die Docker-Version 1.5 nutzt, gibt es hier einen netten Hinweis auf eine Möglichkeit, den Docker-Host ein wenig zu analysieren, um grobe Sicherheitsprobleme auszumachen.
 
Funktioniert das bei dir?

Ich bekomme immer "docker command not found." wenn ich das Script ausführe...

Docker ist installiert und wenn ich docker im putty reinklopfe kommt

Rich (BBCode): 
Usage: docker [OPTIONS] COMMAND [arg...]


A self-sufficient runtime for linux containers.


Options:
  --api-cors-header= usw.
Es ist also da!

Der PATH im Script /usr/local/bin ist drinnen!
 
Zu schnell geschossen, hab den "docker netstat grep awk" Check einfach auskommentiert ;)

Ergebnis:

Rich (BBCode): 
-
# CIS Docker 1.6 Benchmark v1.0.0 checker
#
# Docker, Inc. (c) 2015
#
# Provides automated tests for the CIS Docker 1.6 Benchmark:
# https://benchmarks.cisecurity.org/tools2/docker/CIS_Docker_1.6_Benchmark_v1.0.0.pdf
# ------------------------------------------------------------------------------


Initializing Wed Jun 17 09:37:03 CEST 2015




[INFO] 1 - Host Configuration
[WARN] 1.1  - Create a separate partition for containers
[PASS] 1.2  - Use an updated Linux Kernel
[WARN] 1.5  - Remove all non-essential services from the host - Network
[WARN]      * Host listening on: 34 ports
[PASS] 1.6  - Keep Docker up to date
[INFO] 1.7  - Only allow trusted users to control Docker daemon
[WARN] 1.8  - Failed to inspect: auditctl command not found.
[INFO] 1.9  - Audit Docker files and directories - /var/lib/docker
[INFO]      * Directory not found
[INFO] 1.10 - Audit Docker files and directories - /etc/docker
[INFO]      * Directory not found
[INFO] 1.11 - Audit Docker files and directories - docker-registry.service
[INFO]      * File not found
[INFO] 1.12 - Audit Docker files and directories - docker.service
[INFO]      * File not found
[WARN] 1.13 - Failed to inspect: auditctl command not found.
[INFO] 1.14 - Audit Docker files and directories - /etc/sysconfig/docker
[INFO]      * File not found
[INFO] 1.15 - Audit Docker files and directories - /etc/sysconfig/docker-network
[INFO]      * File not found
[INFO] 1.16 - Audit Docker files and directories - /etc/sysconfig/docker-registry
[INFO]      * File not found
[INFO] 1.17 - Audit Docker files and directories - /etc/sysconfig/docker-storage
[INFO]      * File not found
[INFO] 1.18 - Audit Docker files and directories - /etc/default/docker
[INFO]      * File not found




[INFO] 2 - Docker Daemon Configuration
./docker-bench-security.sh: ./tests/2_docker_daemon_configuration.sh: line 8: pgrep: not found
[PASS] 2.1  - Do not use lxc execution driver
./docker-bench-security.sh: ./tests/2_docker_daemon_configuration.sh: line 17: pgrep: not found
[WARN] 2.2  - Restrict network traffic between containers
./docker-bench-security.sh: ./tests/2_docker_daemon_configuration.sh: line 26: pgrep: not found
[PASS] 2.3  - Set the logging level
./docker-bench-security.sh: ./tests/2_docker_daemon_configuration.sh: line 35: pgrep: not found
[PASS] 2.4  - Allow Docker to make changes to iptables
./docker-bench-security.sh: ./tests/2_docker_daemon_configuration.sh: line 44: pgrep: not found
[PASS] 2.5  - Do not use insecure registries
./docker-bench-security.sh: ./tests/2_docker_daemon_configuration.sh: line 53: pgrep: not found
[INFO] 2.6  - Setup a local registry mirror
[INFO]      * No local registry currently configured
[WARN] 2.7  - Do not use the aufs storage driver
./docker-bench-security.sh: ./tests/2_docker_daemon_configuration.sh: line 72: pgrep: not found
[PASS] 2.8  - Do not bind Docker to another IP/Port or a Unix socket
./docker-bench-security.sh: ./tests/2_docker_daemon_configuration.sh: line 82: pgrep: not found
[INFO] 2.9  - Configure TLS authentication for Docker daemon
[INFO]      * Docker daemon not listening on TCP
./docker-bench-security.sh: ./tests/2_docker_daemon_configuration.sh: line 99: pgrep: not found
[INFO] 2.10 - Set default ulimit as appropriate
[INFO]      * Default ulimit doesn't appear to be set




[INFO] 3 - Docker Daemon Configuration Files
[INFO] 3.1  - Verify that docker.service file ownership is set to root:root
[INFO]      * File not found
[INFO] 3.2  - Verify that docker.service file permissions are set to 644
[INFO]      * File not found
[INFO] 3.3  - Verify that docker-registry.service file ownership is set to root:root
[INFO]      * File not found
[INFO] 3.4  - Verify that docker-registry.service file permissions are set to 644
[INFO]      * File not found
[INFO] 3.5  - Verify that docker.socket file ownership is set to root:root
[INFO]      * File not found
[INFO] 3.6  - Verify that docker.socket file permissions are set to 644
[INFO]      * File not found
[INFO] 3.7  - Verify that Docker environment file ownership is set to root:root
[INFO]      * File not found
[INFO] 3.8  - Verify that Docker environment file permissions are set to 644
[INFO]      * File not found
[INFO] 3.9  - Verify that docker-network environment file ownership is set to root:root
[INFO]      * File not found
[INFO] 3.10 - Verify that docker-network environment file permissions are set to 644
[INFO]      * File not found
[INFO] 3.11 - Verify that docker-registry environment file ownership is set to root:root
[INFO]      * File not found
[INFO] 3.12 - Verify that docker-registry environment file permissions are set to 644
[INFO]      * File not found
[INFO] 3.13 - Verify that docker-storage environment file ownership is set to root:root
[INFO]      * File not found
[INFO] 3.14 - Verify that docker-storage environment file permissions are set to 644
[INFO]      * File not found
[INFO] 3.15 - Verify that /etc/docker directory ownership is set to root:root
[INFO]      * Directory not found
[INFO] 3.16 - Verify that /etc/docker directory permissions are set to 755
[INFO]      * Directory not found
[INFO] 3.17 - Verify that registry certificate file ownership is set to root:root
[INFO]      * Directory not found
[INFO] 3.18 - Verify that registry certificate file permissions are set to 444
[INFO]      * Directory not found
./docker-bench-security.sh: ./tests/3_docker_daemon_configuration_files.sh: line 311: pgrep: not found
[INFO] 3.19 - Verify that TLS CA certificate file ownership is set to root:root
[INFO]      * No TLS CA certificate found
./docker-bench-security.sh: ./tests/3_docker_daemon_configuration_files.sh: line 327: pgrep: not found
[INFO] 3.20 - Verify that TLS CA certificate file permissions are set to 444
[INFO]      * No TLS CA certificate found
./docker-bench-security.sh: ./tests/3_docker_daemon_configuration_files.sh: line 343: pgrep: not found
[INFO] 3.21 - Verify that Docker server certificate file ownership is set to root:root
[INFO]      * No TLS Server certificate found
./docker-bench-security.sh: ./tests/3_docker_daemon_configuration_files.sh: line 359: pgrep: not found
[INFO] 3.22 - Verify that Docker server certificate file permissions are set to 444
[INFO]      * No TLS Server certificate found
./docker-bench-security.sh: ./tests/3_docker_daemon_configuration_files.sh: line 375: pgrep: not found
[INFO] 3.23 - Verify that Docker server key file ownership is set to root:root
[INFO]      * No TLS Key found
./docker-bench-security.sh: ./tests/3_docker_daemon_configuration_files.sh: line 391: pgrep: not found
[INFO] 3.24 - Verify that Docker server key file permissions are set to 400
[INFO]      * No TLS Key found
[INFO] 3.25 - Verify that Docker socket file ownership is set to root:docker
[INFO]      * File not found
[INFO] 3.26 - Verify that Docker socket file permissions are set to 660
[INFO]      * File not found




[INFO] 4 - Container Images and Build Files
[INFO] 4.1  - Create a user for the container
[INFO]      * No containers running




[INFO] 5  - Container Runtime
[INFO]      * No containers running, skipping Section 5




[INFO] 6  - Docker Security Operations
[INFO] 6.5 - Use a centralized and remote log collection service
[INFO]      * No containers running
docker: "inspect" requires a minimum of 1 argument. See 'docker inspect --help'.
[INFO] 6.6 - Avoid image sprawl
[INFO]      * There are currently: 0 images
[INFO] 6.7 - Avoid container sprawl
[INFO]      * There are currently a total of 0 containers, with 0 of them currently running
 
Status
Für weitere Antworten geschlossen.
NAS-Central - Ihr Partner für NAS Lösungen
NAS-Central - The Home of NAS
 

Kaffeautomat

Wenn du das Forum hilfreich findest oder uns unterstützen möchtest, dann gib uns doch einfach einen Kaffee aus.

Als Dankeschön schalten wir deinen Account werbefrei.

:coffee:

Hier gehts zum Kaffeeautomat 

Hosted by netcup
IT Lösungen mit NAS Servern
IT Firma Trier
Fotograf Trier
   
Oben Unten