Lxd-Probe is an open source audit scanner who perform audit check on a linux container manager and output a security report.
The audit tests are the full implementation of CIS Lxd Benchmark specification
audit result now can be leveraged as webhook via user plugin(using go plugin)
- root cause of the security issue.
- proposed remediation for security issue
git clone https://github.com/chen-keinan/kube-beacon
cd kube-beacon
make build
./lxd-probe
Note : lxd-probe require privileged user to execute tests
Usage: lxd-prob [--version] [--help] <command> [<args>]
Available commands are:
-r , --report : run audit tests and generate failure report
-i , --include: execute only specific audit test, example -i=1.2.3,1.4.5
-e , --exclude, ignore specific audit tests, example -e=1.2.3,1.4.5