Open suprovsky opened 3 weeks ago
That means there needs to be some kind of container test as well, similar to
$ for p in $(pgrep redis); do if grep -q docker "/proc/${p}/cgroup"; then echo "${p} is in a container"; fi; done
46716 is in a container
And then this can scale of course (ignore or find config in container etc etc)
Describe the bug Lynis does not detect a configuration file of Redis as it's not default one because all instances of Redis are run as Docker containers.
Version
Expected behavior A clear and concise description of what you expected to happen.
Output If applicable, add output that you get from the tool or the related section of lynis.log
lynis.log
Additional context You can reproduce this with the following setup on Docker:
docker-compose.yml
:.env
The volume must have 1001:1001 permissions set in the volume, otherwise it won't start. I do it in a way where I add
command: sleep infinity
to a service and then after upping services I dodocker exec -i -u 0 containername chown -R 1001:1001 /bitnami/redis/data