h4cker/docker-and-k8s-security/docker/run_cis_bench_locally.sh

46 lines
1.3 KiB
Bash
Raw Normal View History

#!/bin/bash
# A simple script to install Chef inspec and the CIS Docker Benchmark InSpec Profile
# Runs on Ubuntu, Debian, Parrot, and Kali Linux
# Author: Omar Santos @santosomar
2022-02-22 16:36:16 +00:00
# version 0.2
2021-04-12 00:22:14 +00:00
#color settings
red=$(tput setaf 1)
green=$(tput setaf 2)
reset=$(tput sgr0)
2021-04-11 23:55:35 +00:00
clear
2021-04-12 00:22:14 +00:00
#welcome screen
2021-04-12 00:45:19 +00:00
echo "🔥🔥🔥 ${green} R U N C I S D O C K E R B E N C H M A R K ${reset} 🔥🔥🔥
2021-04-11 23:55:35 +00:00
Author: Omar Ωr Santos
Twitter: @santosomar
2022-02-22 16:36:16 +00:00
Version: 0.2
2021-04-11 23:55:35 +00:00
${red}This script will automatically install or upgrade InSpec and will run the latest CIS Docker Benchmark from github/dev-sec/cis-docker-benchmark
"
read -n 1 -s -r -p "Press any key to continue the setup..."
2021-04-12 00:22:14 +00:00
#installing InSpec
echo "${green}Installing InSpec"
echo "${reset}========================="
curl https://omnitruck.chef.io/install.sh | sudo bash -s -- -P inspec
2021-04-12 00:53:04 +00:00
inspec --chef-license=accept
2021-04-11 23:57:02 +00:00
clear
2021-04-12 00:22:14 +00:00
#running CIS Docker Benchmark directly from GitHub locally
2021-04-12 00:19:24 +00:00
echo "${red}>> Running CIS Docker Benchmark ${reset}locally on $(hostname)"
2021-04-11 23:51:03 +00:00
inspec exec https://github.com/dev-sec/cis-docker-benchmark > cis_benchmark_results.txt
printf -- '\n';
echo "${red}REPORT SUMMARY:"
tail -n 2 cis_benchmark_results.txt
2021-04-12 00:22:14 +00:00
#printing the results
2021-04-11 23:51:03 +00:00
printf -- '\n';
2021-04-12 00:44:18 +00:00
echo "${reset}The complete results have been stored at:
2021-04-12 00:29:13 +00:00
${green}$(pwd)/cis_benchmark_results.txt "