Overview

File docker-bench-security.changes of Package docker-bench-security

-------------------------------------------------------------------
Fri Oct 18 00:37:32 UTC 2024 - Aleksa Sarai <asarai@suse.com>

- Update to docker-bench-security v1.6.1. See upstream changelog online at
  <https://github.com/docker/docker-bench-security/releases/tag/v1.6.1>.
  * Align with CIS Docker Benchmark v1.6.0.

  v1.6.0 <https://github.com/docker/docker-bench-security/releases/tag/v1.6.0>
  * Fix image sprawl miscalculation.
  * Add an option to filter out labels to exclude from checks.

  v1.5.0 <https://github.com/docker/docker-bench-security/releases/tag/v1.5.0>
  * Align with CIS Docker Benchmark v1.5.0.
  * Add support for .NanoCpus.

  v1.3.6 <https://github.com/docker/docker-bench-security/releases/tag/v1.3.6>
  * Add CIS Level 1 only functions.
  * Support user namespaces in partition check.
  * Deprecate rule 2.16 for Docker > 19.03.
  * Add checks for capabilities that allows container escape.
  * Implement listing of open ports.
  * Add 4.12 check.

- Rather than patching the script entirely using sed (which can make updates
  error-prone), apply an actual patch to switch to using a LIBEXEC variable we
  can replace during packaging. Backport of
  <https://github.com/docker/docker-bench-security/pull/559>.
  + 0001-dist-adjust-script-imports-to-be-able-to-use-usr-lib.patch

-------------------------------------------------------------------
Thu May  7 18:11:25 UTC 2020 - Andreas Stieger <andreas.stieger@gmx.de>

- fix include patch of functions_lib.sh (boo#1164631)

-------------------------------------------------------------------
Mon Nov 18 18:25:43 UTC 2019 - Andreas Stieger <andreas.stieger@gmx.de>

- update to 1.3.5:
  * Align with CIS Docker Benchmark v1.2.0
  * Add some command line options to support specific use cases

-------------------------------------------------------------------
Thu Jan 11 13:15:51 UTC 2018 - kbabioch@suse.com

- update to 1.3.3:
  * Adapt to CIS Docker Community Edition Benchmark v1.1.0
  * Correct check names
  * Require Docker version 1.13.0 or later
  * Handle busybox date conversion
  * Add Docker Swarm configuration checks

-------------------------------------------------------------------
Fri May  5 13:33:06 UTC 2017 - astieger@suse.com

- update to 1.3.2:
  * improve get_docker_configuration_file_args()
  * add [NOTE] for informational checks with no actual tests
  * fix various tests when using daemon.json
  * use stat instead of ls -ld output
- includes changes from 1.3.1:
  * Add daemon.json support
  * Correct multiple tests
  * Update default alpine Dockerfile
  * Use grep if auditctl isn't present

-------------------------------------------------------------------
Fri Feb 24 08:35:24 UTC 2017 - astieger@suse.com

- update to 1.3.0:
  * Inspired by the CIS Docker 1.13 Benchmark
  * adjust run-time package requirements

-------------------------------------------------------------------
Mon Aug  1 12:41:58 UTC 2016 - astieger@suse.com

- Docker Bench for Security v1.1.0:
  * check for docker 1.12.0
  * fix early-docker use
  * mention adjusting volumes

-------------------------------------------------------------------
Tue Jun  7 07:46:18 UTC 2016 - astieger@suse.com

- checks for docker 1.11.2, no benchmark changes
- requires docker >= 1.10.0

-------------------------------------------------------------------
Wed May 11 07:46:36 UTC 2016 - astieger@suse.com

- checks for docker 1.11.1

-------------------------------------------------------------------
Mon Apr 18 15:11:24 UTC 2016 - astieger@suse.com

- checks implementing CIS Docker 1.11.0 Benchmark
  https://benchmarks.cisecurity.org/downloads/show-single/index.cfm?file=docker16.110
- checks for docker 1.11.0
- use stat to verify permissions
- fixes for process detection

-------------------------------------------------------------------
Wed Feb 17 14:04:47 UTC 2016 - astieger@suse.com

- checks for docker 1.10.1

-------------------------------------------------------------------
Sun Feb  7 11:33:32 UTC 2016 - astieger@suse.com

- checks for docker 1.10
- improve version check
- fix checks for remotely obtained users/groups

-------------------------------------------------------------------
Fri Nov 27 23:15:17 UTC 2015 - astieger@suse.com

- checks for docker 1.9.1
- Fix command line option parsing
- check for TCP socket before checking for TLS

-------------------------------------------------------------------
Thu Nov 12 07:46:56 UTC 2015 - astieger@suse.com

- fix detection of socket security

-------------------------------------------------------------------
Wed Nov  4 17:41:48 UTC 2015 - astieger@suse.com

- checks for docker 1.9.0
- openSUSE dockerfile added

-------------------------------------------------------------------
Wed Nov  4 12:18:29 UTC 2015 - astieger@suse.com

- initial package
openSUSE Build Service is sponsored by
Places