Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can't seem to capture the output in a log file #483

Closed
poencho opened this issue Sep 20, 2021 · 7 comments
Closed

Can't seem to capture the output in a log file #483

poencho opened this issue Sep 20, 2021 · 7 comments

Comments

@poencho
Copy link

poencho commented Sep 20, 2021
edited
Loading

Hey all,

When running the docker container I would like to save the output into a log file. According to the readme: "If the docker container is used then the log files will be created inside the container in location /usr/local/bin/log/". However when I bind the /usr/local/bin/log to my /tmp/ folder it doesn't seem to create a log file there. Here is the docker run command we use:

docker run -d --rm --net host --pid host --userns host --cap-add audit_control \ -e DOCKER_CONTENT_TRUST=$DOCKER_CONTENT_TRUST \ -v /etc:/etc:ro \ -v /usr/lib/systemd/system:/lib/systemd/system:ro \ -v /usr/bin/containerd:/usr/bin/containerd:ro \ -v /usr/bin/runc:/usr/bin/runc:ro \ -v /usr/lib/systemd:/usr/lib/systemd:ro \ -v /var/lib:/var/lib:ro \ -v /var/run/docker.sock:/var/run/docker.sock:ro \ -v /tmp/docker-security-bench:/usr/local/bin/log/ \ --label docker_bench_security \ docker/docker-bench-security

What am I doing wrong here?

I was thinking that maybe I should pass the option -l FILE. Can I pass this without adjusting the dockerfile/rebuilding the image?
@Vdsouza22
Copy link

I am facing the same issue . Any solution for this ?

@konstruktoid
Copy link
Collaborator

Hi @poencho and @Vdsouza22 and so sorry for the delay.

I can't reproduce this.
Are you building the docker image by yourself or using the public one (ref #405)?

~$ docker build --no-cache -t docker/docker-bench-security .
~$ docker run -d --rm --net host --pid host --userns host --cap-add audit_control  -e DOCKER_CONTENT_TRUST=$DOCKER_CONTENT_TRUST -v /etc:/etc:ro  -v /usr/lib/systemd/system:/lib/systemd/system:ro -v /    usr/bin/containerd:/usr/bin/containerd:ro -v /usr/bin/runc:/usr/bin/runc:ro -v /usr/lib/systemd:/usr/lib/systemd:ro -v /var/lib:/var/lib:ro -v /var/run/docker.sock:/var/run/docker.sock:ro -v /tmp/dock    er-security-bench:/usr/local/bin/log/ --label docker_bench_security docker/docker-bench-security
  1 aa213ce1951630d2e322c4900caa669aca0ebcb7eb5fa940d02f47e9a5e72b74
~$ jq '.dockerbenchsecurity' /tmp/docker-security-bench/docker-bench-security.log.json
"1.3.6"

@poencho
Copy link
Author

poencho commented Sep 24, 2021

@konstruktoid I am using the public image: docker/docker-bench-security

The way I launch the container the log file should appear in my tmp folder when using this volume mount correct? -v /tmp/docker-security-bench:/usr/local/bin/log/

@konstruktoid
Copy link
Collaborator

Yeah, the public image is broken in all sorts of ways, see #405.

I recommend you build your own.

@poencho
Copy link
Author

poencho commented Sep 24, 2021
edited
Loading

Good to know. That's what I get for being lazy. Thanks!

@konstruktoid
Copy link
Collaborator

You weren't lazy and the public image should be up-to-date and working, sorry to say that isn't the case.

This was referenced Sep 28, 2021
Open
Closed
@konstruktoid
Copy link
Collaborator

Closing due to inactivity.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@konstruktoid @poencho @Vdsouza22