lxd-probe
Scan your Linux container runtime !!
Lxd-Probe is an open source audit scanner who perform audit check on a linux container manager and output a security report.
The audit tests are the full implementation of CIS Lxd Benchmark specification
audit result now can be leveraged as webhook via user plugin(using go plugin)
Audit checks are performed on linux containers, and output audit report include :
- root cause of the security issue.
- proposed remediation for security issue
Installation
git clone https://github.com/chen-keinan/kube-beacon
cd kube-beacon
make build
./lxd-probe
Note : lxd-probe require privileged user to execute tests
Quick Start
Usage: lxd-probe [--version] [--help] <command> [<args>]
Available commands are:
-r , --report : run audit tests and generate failure report
-i , --include: execute only specific audit test, example -i=1.2.3,1.4.5
-e , --exclude: ignore specific audit tests, example -e=1.2.3,1.4.5