Scan your Linux container runtime !!
Lxd-Probe is an open source audit scanner who perform audit check on a linux container manager and output a security report.
The audit tests are the full implementation of CIS Lxd Benchmark specification
audit result now can be leveraged as webhook via user plugin(using go plugin)
Audit checks are performed on linux containers, and output audit report include :
- root cause of the security issue.
- proposed remediation for security issue
git clone https://github.com/chen-keinan/kube-beacon cd kube-beacon make build ./lxd-probe
Note : lxd-probe require privileged user to execute tests
Usage: lxd-probe [--version] [--help] <command> [<args>] Available commands are: -r , --report : run audit tests and generate failure report -i , --include: execute only specific audit test, example -i=1.2.3,1.4.5 -e , --exclude: ignore specific audit tests, example -e=1.2.3,1.4.5