Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/chen-keinan/lxd-probe
Open Source runtime scanner for Linux containers (LXD / LXC), It performs security audit checks based on CIS Linux containers Benchmark specification
https://github.com/chen-keinan/lxd-probe
audit cis-benchmark containers linux linuxcontainers lxd security
Last synced: about 2 months ago
JSON representation
Open Source runtime scanner for Linux containers (LXD / LXC), It performs security audit checks based on CIS Linux containers Benchmark specification
- Host: GitHub
- URL: https://github.com/chen-keinan/lxd-probe
- Owner: chen-keinan
- License: apache-2.0
- Created: 2021-06-25T05:05:37.000Z (over 3 years ago)
- Default Branch: master
- Last Pushed: 2024-08-12T00:36:48.000Z (4 months ago)
- Last Synced: 2024-10-14T14:58:23.938Z (about 2 months ago)
- Topics: audit, cis-benchmark, containers, linux, linuxcontainers, lxd, security
- Language: Go
- Homepage:
- Size: 25.4 MB
- Stars: 23
- Watchers: 2
- Forks: 4
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
Awesome Lists containing this project
- awesome-starred - chen-keinan/lxd-probe - Open Source runtime scanner for Linux containers (LXD / LXC), It performs security audit checks based on CIS Linux containers Benchmark specification (security)
README
[![Go Report Card](https://goreportcard.com/badge/github.com/chen-keinan/lxd-probe)](https://goreportcard.com/report/github.com/chen-keinan/lxd-probe)
[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://github.com/chen-keinan/lxd-probe/blob/main/LICENSE)
[![Build Status](https://travis-ci.com/chen-keinan/lxd-probe.svg?branch=master)](https://travis-ci.com/chen-keinan/lxd-probe)
[![Gitter](https://badges.gitter.im/beacon-sec/lxd-probe.svg)](https://gitter.im/beacon-sec/lxd-probe?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge)
# lxd-probe### Scan your Linux container (LXD / LXC) runtime !!
Lxd-Probe is an open source audit scanner who perform audit check on a linux container manager and output it security report.The audit tests are the full implementation of [CIS Lxd Benchmark specification](https://www.cisecurity.org/benchmark/lxd/)
audit result now can be leveraged as webhook via user plugin(using go plugin)
#### Audit checks are performed on linux containers, and output audit report include :
1. root cause of the security issue.
2. proposed remediation for security issue#### Linux container audit scan output:
![lxd-probe](./pkg/img/lxd-probe.gif)--------------------------------------------------------------------------------------------------------
* [Installation](#installation)
* [Quick Start](#quick-start)
* [User Plugin Usage](#user-plugin-usage)
* [Supported Specs](#supported-specs)
* [Contribution](#Contribution)## Installation
```
git clone https://github.com/chen-keinan/lxd-probe
cd lxd-probe
make build
./lxd-probe
```Note : lxd-probe require privileged user to execute tests.
## Quick Start
```
Usage: lxd-probe [--version] [--help] []Available commands are:
-r , --report : run audit tests and generate failure and warn report
-i , --include: execute only specific audit test, example -i=1.2.3,1.4.5
-e , --exclude: ignore specific audit tests, example -e=1.2.3,1.4.5
-c , --classic: test report in classic view, example -c```
## User Plugin Usage
The lxd-probe expose hook for user plugins [Example](https://github.com/chen-keinan/lxd-probe/tree/master/examples/plugins) :
- **LxdBenchAuditResultHook** - this hook accepts audit benchmark results as found by audit test##### Compile user plugin
```
go build -buildmode=plugin -o=~//bench_plugin.so //bench_plugin.go
```
##### Copy plugin to folder (.lxd-probe folder is created on the 1st startup)
```
cp //bench_plugin.so ~/.lxd-probe/plugins/compile/bench_plugin.so
```
Note: Plugin and binary must compile with the same linux env
## Supported Specs
The lxd-probe support cis specs and can be easily extended:
- master config file change spec [CIS Lxd Benchmark specification](https://www.cisecurity.org/benchmark/lxd/)
both specs can be easily extended by amended the spec files under ```~/.lxd-probe/benchmarks/lxd/v1.0.0``` folder## Contribution
- code contribution is welcome !! , contribution with tests and passing linter is more than welcome :)
- /.dev folder include vagrantfile to be used for development : [Dev Instruction](https://github.com/chen-keinan/lxd-probe/tree/master/.dev)