Closed Nutomic closed 5 years ago
chris-rock
commented
5 years ago Hi @Nutomic thank you for the feedback. The project includes a sample attributes file and you can execute it via:
# run profile on remote host via SSH with sudo and define attribute value
inspec exec cis-docker-benchmark --attrs sample_attributes.ymlIt is mentioned in the readme but maybe not prominent enough.
Nutomic
commented
5 years ago Right, I only looked at the first examples for running locally, and there is not mention how I can pass the attributes. It worked now, but I still had to edit the sample file. Would be good if it worked out of the box.
chris-rock
commented
5 years ago @Nutomic would you like to open a PR to improve it?
Nutomic
commented
5 years ago Sorry but I dont have the time.
chris-rock
commented
5 years ago Would it be possible to share your updated attributes within this issue?
Nutomic
commented
5 years ago here is the diff (though i'm not sure what container_capadd should be)
diff --git a/sample_attributes.yml b/sample_attributes.yml
index 8392f1c..c3cb15d 100644
--- a/sample_attributes.yml
+++ b/sample_attributes.yml
@@ -4,9 +4,10 @@ registry_cert_path: /etc/docker/certs.d
registry_name: /etc/docker/certs.d/registry_hostname:port
registry_ca_file: /etc/docker/certs.d/registry_hostname:port/ca.crt
container_user: vagrant
-container_capadd: null
+container_capadd: NET_ADMIN,SYS_ADMIN
authorization_plugin: authz-broker
log_driver: syslog
log_opts: /syslog-address/
app_armor_profile: docker-default
selinux_profile: /label\:level\:s0-s0\:c1023/
+benchmark_version: 1.12.0fixed in #61
I tried the following commands, but both of them only result in an error
Input 'container_capadd' is required and does not have a value.. The readme says I need a yml attribute file, but there is no mention how this file can be passed to the script.OS / Environment Ubuntu 18.04.2 LTS
Inspec Version
Baseline Version