Comments (8)
Can you open the inspec shell via inspec shell
and run docker.containers.running?.ids
?
from cis-docker-benchmark.
Seems to be a bug in inspec
from cis-docker-benchmark.
Sure, this is what I get:
Welcome to the interactive InSpec Shell
To find out how to use it, type: help
You are currently running on:
OS platform: amazon
OS family: amazon
OS release: 2016.09
inspec> docker
=> Docker Host
inspec> docker.containers
=> #<Inspec::Resources::DockerContainerFilter:0x0000000233f480 @containers=[{}]>
inspec> docker.containers.running?
=> #<Inspec::Resources::DockerContainerFilter:0x0000000221d610> with status downcase start_with? "up"
inspec> docker.containers.running?.ids
=> []
from cis-docker-benchmark.
I am running into the same issue with a docker container I built based on chef/inspec where I just add the docker client:
Dockerfile
FROM chef/inspec:1.23.0
RUN apk add --update docker \
&& rm -rf /usr/bin/docker-* /usr/bin/dockerd \
&& rm -rf /var/cache/apk/*
I am running the container and bind mount my docker socket and get the same error as described:
docker run -ti --rm --name inspec -v /var/run/docker.sock:/var/run/docker.sock:ro jdel/inspec exec https://github.com/dev-sec/cis-docker-benchmark
[2017-05-03T15:41:40+00:00] WARN: URL target https://github.com/dev-sec/cis-docker-benchmark transformed to https://github.com/dev-sec/cis-docker-benchmark/archive/master.tar.gz. Consider using the git fetcher
/usr/local/bundle/gems/inspec-1.23.0/lib/resources/docker.rb:32:in `block (2 levels) in <class:DockerContainerFilter>': undefined method `downcase' for nil:NilClass (NoMethodError)
[...]
Below is the result from docker run -ti --rm --name inspec -v /var/run/docker.sock:/var/run/docker.sock:ro jdel/inspec shell
with the troubleshooting commands you requested:
I have a different output than @kidbrax
Welcome to the interactive InSpec Shell
To find out how to use it, type: help
You are currently running on:
OS platform: alpine
OS family: alpine
OS release: 3.4.6
inspec> docker
=> Docker Host
inspec> docker.containers
=> #<Inspec::Resources::DockerContainerFilter:0x005648f99aa298 @containers=[{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}]>
inspec> docker.containers.running?
NoMethodError: undefined method `downcase' for nil:NilClass
from /usr/local/bundle/gems/inspec-1.23.0/lib/resources/docker.rb:32:in `block (2 levels) in <class:DockerContainerFilter>'
inspec> docker.containers.running?.ids?
NoMethodError: undefined method `downcase' for nil:NilClass
from /usr/local/bundle/gems/inspec-1.23.0/lib/resources/docker.rb:32:in `block (2 levels) in <class:DockerContainerFilter>'
If I run docker run -ti --rm --name inspec -v /var/run/docker.sock:/var/run/docker.sock:ro --entrypoint /bin/sh jdel/inspec
I can then do a docker ps
and see my containers running (4 of them).
To me this looks like a bug in docker.containers.running?
I have tried inspec 1.21, 1.22, and 1.23 with no success.
from cis-docker-benchmark.
@jdel Thank you, I agree that this looks like a bug in docker.containers.running?
Can you please open an issue in https://github.com/chef/inspec/issues ?
from cis-docker-benchmark.
I have submitted an issue to inspec, inspec/inspec#1788
from cis-docker-benchmark.
Based on the inspec implementation, our baseline works only with Docker 1.13+
from cis-docker-benchmark.
I opened PR #35 to document the required docker version in our Readme. Since InSpec is keeping track of that, we can lower the required version if InSpec supports more. I am going to close this issue now. Please reopen if it required
from cis-docker-benchmark.
Related Issues (20)
- splitt controls in components
- rename control titles
- Update to CIS 1.13
- use own control number scheme HOT 1
- check the running daemon for the configuration HOT 1
- Commands in cis-docker-benchmark-5.22 and cis-docker-benchmark-5.23 take too long to execute HOT 2
- docker variable not defined HOT 1
- Test running docker via -t docker:// HOT 9
- load_with_context': undefined method `each' for nil:NilClass (NoMethodError) exception in cis-docker-benchmark-master/controls/container_runtime.rb:194 HOT 2
- Verify enable content trust per-shell or per-invocation check
- uploading cis docker profile to chef compliance HOT 2
- Having all controls be `impact 1.0` or `impact 0.0` makes the data less than useful HOT 3
- method_missing: undefined local variable or method docker HOT 1
- incompatible character encodings: UTF-8 and ASCII-8BIT HOT 3
- Examples not working HOT 7
- Implement latest CIS Benchmark
- Wrong placement of flag in command HOT 4
- Overuse of `describe docker.object(id) do`
- Control docker-4.7 fails when running tests on environment with redhat/ubi9-minimal
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cis-docker-benchmark.