-
Hi,
I am trying the Docker CIS benchmark scenario: https://madhuakula.com/kubernetes-goat/docs/scenarios/scenario-5/docker-cis-benchmarks-in-kubernetes-containers/welcome
I am able to login to …
-
**Rancher Server Setup**
- Rancher version: v2.7-cb4726f13c9b403d85b29b7b7aabc61dd12c03df-head
- Dashboard: master 9462c5a81
- Installation option (Docker install/Helm Chart): Helm Chart
- Browser…
-
Defence scenarios for the below scenarios
- Sensitive keys in code bases
- DIND(docker-in-docker) exploitation
- SSRF in K8S world
- Container escape to access host system
- Docker CIS Benchma…
-
### What is the problem you're trying to solve
containerd 2.0 launch is imminent. I noticed that there was no CIS benchmark for containerd and thought that it would be a good idea to create one for c…
-
The definition of 1.1.9 in the published CIS Docker Benchmarks is ambiguous.
Steps 1 & 2 locate the actual socket, then step 3 checks that the systemctl file is being audited (with the remediation be…
-
The `ausearch --input-logs -k docker ...` commands in _cis-docker-benchmark-5.22_ and _cis-docker-benchmark-5.23_ take a bit too long to execute. May want to find an alternative searching mechanisms.
-
This story came out of the virtual-f2f Hanoi planning meetings.
Need to work with Security WG to define process / list of tests
We will need Security WG to define the tests that are applicable …
-
When running
```sh
sh podman-security-bench.sh
```
i get the error message
```sh
# --------------------------------------------------------------------------------------------
# Podman …
-
**What happened**:
When enable `SELINUX=enforcing` mode on [al2023](https://docs.aws.amazon.com/linux/al2023/ug/enforcing-mode.html). The nodeadm fails to run and the node couldn't join the clust…
jihed updated
2 weeks ago
-
**What kind of request is this (question/bug/enhancement/feature request):**
Feature request
**Steps to reproduce (least amount of steps as possible):**
Follow recommendations from https://www.cisecu…