{"id":13928771,"url":"https://github.com/chen-keinan/lxd-probe","last_synced_at":"2025-03-17T06:31:20.211Z","repository":{"id":37044970,"uuid":"380129634","full_name":"chen-keinan/lxd-probe","owner":"chen-keinan","description":"Open Source runtime scanner for Linux containers (LXD / LXC), It performs security audit checks based on CIS Linux containers  Benchmark specification","archived":false,"fork":false,"pushed_at":"2024-08-12T00:36:48.000Z","size":26641,"stargazers_count":24,"open_issues_count":2,"forks_count":4,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-03-16T08:51:12.047Z","etag":null,"topics":["audit","cis-benchmark","containers","linux","linuxcontainers","lxd","security"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/chen-keinan.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-06-25T05:05:37.000Z","updated_at":"2025-02-26T07:30:54.000Z","dependencies_parsed_at":"2024-04-12T16:31:24.632Z","dependency_job_id":"f9dbb3e1-77f3-4ebf-bd9d-c75978f17623","html_url":"https://github.com/chen-keinan/lxd-probe","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chen-keinan%2Flxd-probe","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chen-keinan%2Flxd-probe/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chen-keinan%2Flxd-probe/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chen-keinan%2Flxd-probe/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/chen-keinan","download_url":"https://codeload.github.com/chen-keinan/lxd-probe/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243985822,"owners_count":20379212,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["audit","cis-benchmark","containers","linux","linuxcontainers","lxd","security"],"created_at":"2024-08-07T18:01:40.195Z","updated_at":"2025-03-17T06:31:18.650Z","avatar_url":"https://github.com/chen-keinan.png","language":"Go","funding_links":[],"categories":["linux"],"sub_categories":[],"readme":"[![Go Report Card](https://goreportcard.com/badge/github.com/chen-keinan/lxd-probe)](https://goreportcard.com/report/github.com/chen-keinan/lxd-probe)\n[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://github.com/chen-keinan/lxd-probe/blob/main/LICENSE)\n[![Build Status](https://travis-ci.com/chen-keinan/lxd-probe.svg?branch=master)](https://travis-ci.com/chen-keinan/lxd-probe)\n\u003cimg src=\"./pkg/img/coverage_badge.png\" alt=\"test coverage badge\"\u003e\n[![Gitter](https://badges.gitter.im/beacon-sec/lxd-probe.svg)](https://gitter.im/beacon-sec/lxd-probe?utm_source=badge\u0026utm_medium=badge\u0026utm_campaign=pr-badge)\n\n\u003cbr\u003e\u003cimg src=\"./pkg/img/lxd_containers.png\" width=\"300\" alt=\"lxd-probe logo\"\u003e\u003cbr\u003e\n# lxd-probe\n\n###  Scan your Linux container (LXD / LXC) runtime !!\nLxd-Probe is an open source audit scanner who perform audit check on a linux container manager and output it security report.\n\nThe audit tests are the full implementation of [CIS Lxd Benchmark specification](https://www.cisecurity.org/benchmark/lxd/) \u003cbr\u003e\n\naudit result now can be leveraged as webhook via user plugin(using go plugin)\n#### Audit checks are performed on linux containers, and output audit report include :\n 1.  root cause of the security issue.\n 2. proposed remediation for security issue\n\n#### Linux container audit scan output:\n![lxd-probe](./pkg/img/lxd-probe.gif)\n\n\n--------------------------------------------------------------------------------------------------------\n\n* [Installation](#installation)\n* [Quick Start](#quick-start)\n* [User Plugin Usage](#user-plugin-usage)\n* [Supported Specs](#supported-specs)\n* [Contribution](#Contribution)\n\n## Installation\n\n```\ngit clone https://github.com/chen-keinan/lxd-probe\ncd lxd-probe\nmake build\n./lxd-probe\n```\n\nNote : lxd-probe require privileged user to execute tests.\n\n## Quick Start\n\n```\nUsage: lxd-probe [--version] [--help] \u003ccommand\u003e [\u003cargs\u003e]\n\nAvailable commands are:\n  -r , --report :  run audit tests and generate failure and warn report\n  -i , --include:  execute only specific audit test,   example -i=1.2.3,1.4.5\n  -e , --exclude:  ignore specific audit tests,  example -e=1.2.3,1.4.5\n  -c , --classic:  test report in classic view,  example -c\n\n```\n## User Plugin Usage\nThe lxd-probe expose hook for user plugins [Example](https://github.com/chen-keinan/lxd-probe/tree/master/examples/plugins) :\n- **LxdBenchAuditResultHook** - this hook accepts audit benchmark results as found by audit test\n\n##### Compile user plugin\n```\ngo build -buildmode=plugin -o=~/\u003cplugin folder\u003e/bench_plugin.so /\u003cplugin folder\u003e/bench_plugin.go\n```\n##### Copy plugin to folder (.lxd-probe folder is created on the 1st startup)\n```\ncp /\u003cplugin folder\u003e/bench_plugin.so ~/.lxd-probe/plugins/compile/bench_plugin.so\n```\nNote: Plugin and binary must compile with the same linux env\n## Supported Specs\nThe lxd-probe support cis specs and can be easily extended:\n- master config file change spec [CIS Lxd Benchmark specification](https://www.cisecurity.org/benchmark/lxd/)\nboth specs can be easily extended by amended the spec files under ```~/.lxd-probe/benchmarks/lxd/v1.0.0``` folder\n\n## Contribution\n- code contribution is welcome !! , contribution with tests and passing linter is more than welcome :)\n- /.dev folder include vagrantfile to be used for development : [Dev Instruction](https://github.com/chen-keinan/lxd-probe/tree/master/.dev)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchen-keinan%2Flxd-probe","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fchen-keinan%2Flxd-probe","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchen-keinan%2Flxd-probe/lists"}