Skip to content

incompatible character encodings: UTF-8 and ASCII-8BIT #51

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
mmukherjee opened this issue Mar 4, 2018 · 3 comments
Closed

incompatible character encodings: UTF-8 and ASCII-8BIT #51

mmukherjee opened this issue Mar 4, 2018 · 3 comments

Comments

@mmukherjee
Copy link

..so I updated my inspec version so as to move ahead from this issue

Just so that you know, I used a chef gem update inspec command to update my inspec gem. Post which, I had to manually edit the /opt/chefdk/bin/inspec file to update the inspec versions.

$ inspec version
2.0.32
$ inspec exec cis-docker-benchmark
/Users/mrinalmukherjee/.chefdk/gem/ruby/2.3.0/gems/inspec-2.0.32/lib/inspec/reporters/cli.rb:144:in `format_message': incompatible character encodings: UTF-8 and ASCII-8BIT (Encoding::CompatibilityError)
        from /Users/mrinalmukherjee/.chefdk/gem/ruby/2.3.0/gems/inspec-2.0.32/lib/inspec/reporters/cli.rb:128:in `format_result'
        from /Users/mrinalmukherjee/.chefdk/gem/ruby/2.3.0/gems/inspec-2.0.32/lib/inspec/reporters/cli.rb:78:in `block (2 levels) in print_standard_control_results'
        from /Users/mrinalmukherjee/.chefdk/gem/ruby/2.3.0/gems/inspec-2.0.32/lib/inspec/reporters/cli.rb:77:in `each'
        from /Users/mrinalmukherjee/.chefdk/gem/ruby/2.3.0/gems/inspec-2.0.32/lib/inspec/reporters/cli.rb:77:in `block in print_standard_control_results'
        from /Users/mrinalmukherjee/.chefdk/gem/ruby/2.3.0/gems/inspec-2.0.32/lib/inspec/reporters/cli.rb:73:in `each'
        from /Users/mrinalmukherjee/.chefdk/gem/ruby/2.3.0/gems/inspec-2.0.32/lib/inspec/reporters/cli.rb:73:in `print_standard_control_results'
        from /Users/mrinalmukherjee/.chefdk/gem/ruby/2.3.0/gems/inspec-2.0.32/lib/inspec/reporters/cli.rb:50:in `block in render'
        from /Users/mrinalmukherjee/.chefdk/gem/ruby/2.3.0/gems/inspec-2.0.32/lib/inspec/reporters/cli.rb:46:in `each'
        from /Users/mrinalmukherjee/.chefdk/gem/ruby/2.3.0/gems/inspec-2.0.32/lib/inspec/reporters/cli.rb:46:in `render'
        from /Users/mrinalmukherjee/.chefdk/gem/ruby/2.3.0/gems/inspec-2.0.32/lib/inspec/reporters.rb:24:in `render'
        from /Users/mrinalmukherjee/.chefdk/gem/ruby/2.3.0/gems/inspec-2.0.32/lib/inspec/runner.rb:111:in `block in render_output'
        from /Users/mrinalmukherjee/.chefdk/gem/ruby/2.3.0/gems/inspec-2.0.32/lib/inspec/runner.rb:110:in `each'
        from /Users/mrinalmukherjee/.chefdk/gem/ruby/2.3.0/gems/inspec-2.0.32/lib/inspec/runner.rb:110:in `render_output'
        from /Users/mrinalmukherjee/.chefdk/gem/ruby/2.3.0/gems/inspec-2.0.32/lib/inspec/runner.rb:134:in `run_tests'
        from /Users/mrinalmukherjee/.chefdk/gem/ruby/2.3.0/gems/inspec-2.0.32/lib/inspec/runner.rb:104:in `run'
        from /Users/mrinalmukherjee/.chefdk/gem/ruby/2.3.0/gems/inspec-2.0.32/lib/inspec/cli.rb:168:in `exec'
        from /opt/chefdk/embedded/lib/ruby/gems/2.3.0/gems/thor-0.19.1/lib/thor/command.rb:27:in `run'
        from /opt/chefdk/embedded/lib/ruby/gems/2.3.0/gems/thor-0.19.1/lib/thor/invocation.rb:126:in `invoke_command'
        from /opt/chefdk/embedded/lib/ruby/gems/2.3.0/gems/thor-0.19.1/lib/thor.rb:359:in `dispatch'
        from /opt/chefdk/embedded/lib/ruby/gems/2.3.0/gems/thor-0.19.1/lib/thor/base.rb:440:in `start'
        from /Users/mrinalmukherjee/.chefdk/gem/ruby/2.3.0/gems/inspec-2.0.32/bin/inspec:12:in `<top (required)>'
        from /usr/local/bin/inspec:50:in `load'
        from /usr/local/bin/inspec:50:in `<main>'

What am I missing?
@atomic111
Copy link
Member

@mmukherjee can you provide me more information, because on my arch linux is it working. I update the Gemfile to use inspec version 2.0.0 (see #52) and i did a bundle install inside the cis-docker-benchmark

inspec version:

±> bundle exec inspec version                                                                                                                                          44d [1ec3569]
2.0.32

±> bundle exec inspec exec ./                                                                                                                                          

44d [1ec3569]

Profile: CIS Docker Benchmark Profile (cis-docker-benchmark)
Version: 2.0.0
Target:  local://

  ↺  docker-5.1: Verify AppArmor Profile, if applicable
     ↺  Skipped control due to only_if condition.
  ↺  docker-5.2: Verify SELinux security options, if applicable
     ↺  Skipped control due to only_if condition.
  ✔  docker-5.22: Do not docker exec commands with privileged option
     ✔  should be empty
  ✔  docker-5.23: Do not docker exec commands with user option
     ✔  should be empty
  ↺  docker-5.27: Ensure docker commands always get the latest version of the image
     ↺  Ensure docker commands always get the latest version of the image
  ↺  docker-5.29: Do not use Docker's default bridge docker0
     ↺  Not implemented yet
  ✔  docker-3.1: Verify that docker.service file ownership is set to root:root
     ✔  File /usr/lib/systemd/system/docker.service should exist
     ✔  File /usr/lib/systemd/system/docker.service should be file
     ✔  File /usr/lib/systemd/system/docker.service should be owned by "root"
     ✔  File /usr/lib/systemd/system/docker.service should be grouped into "root"
  ✔  docker-3.2: Verify that docker.service file permissions are set to 644 or more restrictive
     ✔  File /usr/lib/systemd/system/docker.service should exist
     ✔  File /usr/lib/systemd/system/docker.service should be file
     ✔  File /usr/lib/systemd/system/docker.service should be readable by owner
     ✔  File /usr/lib/systemd/system/docker.service should be writable by owner
     ✔  File /usr/lib/systemd/system/docker.service should be readable by group
     ✔  File /usr/lib/systemd/system/docker.service should not be writable by group
     ✔  File /usr/lib/systemd/system/docker.service should be readable by other
     ✔  File /usr/lib/systemd/system/docker.service should not be writable by other
     ✔  File /usr/lib/systemd/system/docker.service should not be executable
  ✔  docker-3.3: Verify that docker.socket file ownership is set to root:root
     ✔  File /usr/lib/systemd/system/docker.socket should exist
     ✔  File /usr/lib/systemd/system/docker.socket should be file
     ✔  File /usr/lib/systemd/system/docker.socket should be owned by "root"
     ✔  File /usr/lib/systemd/system/docker.socket should be grouped into "root"
  ✔  docker-3.4: Verify that docker.socket file permissions are set to 644 or more restrictive
     ✔  File /usr/lib/systemd/system/docker.socket should exist
     ✔  File /usr/lib/systemd/system/docker.socket should be file
     ✔  File /usr/lib/systemd/system/docker.socket should be readable by owner
     ✔  File /usr/lib/systemd/system/docker.socket should be writable by owner
     ✔  File /usr/lib/systemd/system/docker.socket should be readable by group
     ✔  File /usr/lib/systemd/system/docker.socket should not be writable by group
     ✔  File /usr/lib/systemd/system/docker.socket should be readable by other
     ✔  File /usr/lib/systemd/system/docker.socket should not be writable by other
     ✔  File /usr/lib/systemd/system/docker.socket should not be executable
  ✔  docker-3.5: Verify that /etc/docker directory ownership is set to root:root
     ✔  File /etc/docker should exist
     ✔  File /etc/docker should be directory
     ✔  File /etc/docker should be owned by "root"
     ✔  File /etc/docker should be grouped into "root"
  ×  docker-3.6: Verify that /etc/docker directory permissions are set to 755 or more restrictive (4 failed)
     ✔  File /etc/docker should exist
     ✔  File /etc/docker should be directory
     ✔  File /etc/docker should be readable by owner
     ✔  File /etc/docker should be writable by owner
     ✔  File /etc/docker should be executable by owner
     ×  File /etc/docker should be readable by group
     expected File /etc/docker to be readable by group                                                                                                                                                               
     ✔  File /etc/docker should not be writable by group
     ×  File /etc/docker should be executable by group
     expected File /etc/docker to be executable by group                                                                                                                                                             
     ×  File /etc/docker should be readable by other
     expected File /etc/docker to be readable by other                                                                                                                                                               
     ✔  File /etc/docker should not be writable by other
     ×  File /etc/docker should be executable by other
     expected File /etc/docker to be executable by other                                                                                                                                                             
  ×  docker-3.7: Verify that registry certificate file ownership is set to root:root (12 failed)
     ×  File /etc/docker/certs.d should exist
     expected File /etc/docker/certs.d to exist                                                                                                                                                                      
     ×  File /etc/docker/certs.d should be directory
     expected `File /etc/docker/certs.d.directory?` to return true, got false                                                                                                                                        
     ×  File /etc/docker/certs.d should be owned by "root"
     expected `File /etc/docker/certs.d.owned_by?("root")` to return true, got false                                                                                                                                 
     ×  File /etc/docker/certs.d should be grouped into "root"
     expected `File /etc/docker/certs.d.grouped_into?("root")` to return true, got false                                                                                                                             
     ×  File /etc/docker/certs.d/registry_hostname:port should exist
     expected File /etc/docker/certs.d/registry_hostname:port to exist                                                                                                                                               
     ×  File /etc/docker/certs.d/registry_hostname:port should be directory
     expected `File /etc/docker/certs.d/registry_hostname:port.directory?` to return true, got false                                                                                                                 
     ×  File /etc/docker/certs.d/registry_hostname:port should be owned by "root"
     expected `File /etc/docker/certs.d/registry_hostname:port.owned_by?("root")` to return true, got false                                                                                                          
     ×  File /etc/docker/certs.d/registry_hostname:port should be grouped into "root"
     expected `File /etc/docker/certs.d/registry_hostname:port.grouped_into?("root")` to return true, got false                                                                                                      
     ×  File /etc/docker/certs.d/registry_hostname:port/ca.crt should exist
     expected File /etc/docker/certs.d/registry_hostname:port/ca.crt to exist                                                                                                                                        
     ×  File /etc/docker/certs.d/registry_hostname:port/ca.crt should be file
     expected `File /etc/docker/certs.d/registry_hostname:port/ca.crt.file?` to return true, got false                                                                                                               
     ×  File /etc/docker/certs.d/registry_hostname:port/ca.crt should be owned by "root"
     expected `File /etc/docker/certs.d/registry_hostname:port/ca.crt.owned_by?("root")` to return true, got false                                                                                                   
     ×  File /etc/docker/certs.d/registry_hostname:port/ca.crt should be grouped into "root"
     expected `File /etc/docker/certs.d/registry_hostname:port/ca.crt.grouped_into?("root")` to return true, got false                                                                                               
  ×  docker-3.8: Verify that registry certificate file permissions are set to 444 or more restrictive (3 failed)
     ×  File /etc/docker/certs.d/registry_hostname:port/ca.crt should exist
     expected File /etc/docker/certs.d/registry_hostname:port/ca.crt to exist                                                                                                                                        
     ×  File /etc/docker/certs.d/registry_hostname:port/ca.crt should be file
     expected `File /etc/docker/certs.d/registry_hostname:port/ca.crt.file?` to return true, got false                                                                                                               
     ×  File /etc/docker/certs.d/registry_hostname:port/ca.crt should be readable
     expected File /etc/docker/certs.d/registry_hostname:port/ca.crt to be readable                                                                                                                                  
     ✔  File /etc/docker/certs.d/registry_hostname:port/ca.crt should not be executable
     ✔  File /etc/docker/certs.d/registry_hostname:port/ca.crt should not be writable
  ×  docker-3.9: Verify that TLS CA certificate file ownership is set to root:root (4 failed)
     ×  File  should exist
     expected File  to exist                                                                                                                                                                                         
     ×  File  should be file
     expected `File .file?` to return true, got false                                                                                                                                                                
     ×  File  should be owned by "root"
     expected `File .owned_by?("root")` to return true, got false                                                                                                                                                    
     ×  File  should be grouped into "root"
     expected `File .grouped_into?("root")` to return true, got false                                                                                                                                                
  ×  docker-3.10: Verify that TLS CA certificate file permissions are set to 444 or more restrictive (3 failed)
     ×  File  should exist
     expected File  to exist                                                                                                                                                                                         
     ×  File  should be file
     expected `File .file?` to return true, got false                                                                                                                                                                
     ×  File  should be readable
     expected File  to be readable                                                                                                                                                                                   
     ✔  File  should not be executable
     ✔  File  should not be writable
  ×  docker-3.11: Verify that Docker server certificate file ownership is set to root:root (4 failed)
     ×  File  should exist
     expected File  to exist                                                                                                                                                                                         
     ×  File  should be file
     expected `File .file?` to return true, got false                                                                                                                                                                
     ×  File  should be owned by "root"
     expected `File .owned_by?("root")` to return true, got false                                                                                                                                                    
     ×  File  should be grouped into "root"
     expected `File .grouped_into?("root")` to return true, got false                                                                                                                                                
  ×  docker-3.12: Verify that Docker server certificate file permissions are set to 444 or more restrictive (3 failed)
     ×  File  should exist
     expected File  to exist                                                                                                                                                                                         
     ×  File  should be file
     expected `File .file?` to return true, got false                                                                                                                                                                
     ×  File  should be readable
     expected File  to be readable                                                                                                                                                                                   
     ✔  File  should not be executable
     ✔  File  should not be writable
  ×  docker-3.13: Verify that Docker server certificate key file ownership is set to root:root (4 failed)
     ×  File  should exist
     expected File  to exist                                                                                                                                                                                         
     ×  File  should be file
     expected `File .file?` to return true, got false                                                                                                                                                                
     ×  File  should be owned by "root"
     expected `File .owned_by?("root")` to return true, got false                                                                                                                                                    
     ×  File  should be grouped into "root"
     expected `File .grouped_into?("root")` to return true, got false                                                                                                                                                
  ×  docker-3.14: Verify that Docker server certificate key file permissions are set to 444 or more restrictive (3 failed)
     ×  File  should exist
     expected File  to exist                                                                                                                                                                                         
     ×  File  should be file
     expected `File .file?` to return true, got false                                                                                                                                                                
     ×  File  should be readable
     expected File  to be readable                                                                                                                                                                                   
     ✔  File  should not be executable
     ✔  File  should not be writable
  ×  docker-3.15: Verify that Docker socket file ownership is set to root:docker (4 failed)
     ×  File /var/run/docker.sock should exist
     expected File /var/run/docker.sock to exist                                                                                                                                                                     
     ×  File /var/run/docker.sock should be socket
     expected `File /var/run/docker.sock.socket?` to return true, got false                                                                                                                                          
     ×  File /var/run/docker.sock should be owned by "root"
     expected `File /var/run/docker.sock.owned_by?("root")` to return true, got false                                                                                                                                
     ×  File /var/run/docker.sock should be grouped into "docker"
     expected `File /var/run/docker.sock.grouped_into?("docker")` to return true, got false                                                                                                                          
  ×  docker-3.16: Verify that Docker socket file permissions are set to 660 or more restrictive (6 failed)
     ×  File /var/run/docker.sock should exist
     expected File /var/run/docker.sock to exist                                                                                                                                                                     
     ×  File /var/run/docker.sock should be socket
     expected `File /var/run/docker.sock.socket?` to return true, got false                                                                                                                                          
     ×  File /var/run/docker.sock should be readable by owner
     expected File /var/run/docker.sock to be readable by owner                                                                                                                                                      
     ×  File /var/run/docker.sock should be writable by owner
     expected File /var/run/docker.sock to be writable by owner                                                                                                                                                      
     ✔  File /var/run/docker.sock should not be executable by owner
     ×  File /var/run/docker.sock should be readable by group
     expected File /var/run/docker.sock to be readable by group                                                                                                                                                      
     ×  File /var/run/docker.sock should be writable by group
     expected File /var/run/docker.sock to be writable by group                                                                                                                                                      
     ✔  File /var/run/docker.sock should not be executable by group
     ✔  File /var/run/docker.sock should not be readable by other
     ✔  File /var/run/docker.sock should not be writable by other
     ✔  File /var/run/docker.sock should not be executable by other
  ×  docker-3.17: Verify that daemon.json file ownership is set to root:root (4 failed)
     ×  File /etc/docker/daemon.json should exist
     expected File /etc/docker/daemon.json to exist                                                                                                                                                                  
     ×  File /etc/docker/daemon.json should be file
     expected `File /etc/docker/daemon.json.file?` to return true, got false                                                                                                                                         
     ×  File /etc/docker/daemon.json should be owned by "root"
     expected `File /etc/docker/daemon.json.owned_by?("root")` to return true, got false                                                                                                                             
     ×  File /etc/docker/daemon.json should be grouped into "root"
     expected `File /etc/docker/daemon.json.grouped_into?("root")` to return true, got false                                                                                                                         
  ×  docker-3.18: Verify that /etc/docker/daemon.json file permissions are set to 644 or more restrictive (6 failed)
     ×  File /etc/docker/daemon.json should exist
     expected File /etc/docker/daemon.json to exist                                                                                                                                                                  
     ×  File /etc/docker/daemon.json should be file
     expected `File /etc/docker/daemon.json.file?` to return true, got false                                                                                                                                         
     ×  File /etc/docker/daemon.json should be readable by owner
     expected File /etc/docker/daemon.json to be readable by owner                                                                                                                                                   
     ×  File /etc/docker/daemon.json should be writable by owner
     expected File /etc/docker/daemon.json to be writable by owner                                                                                                                                                   
     ✔  File /etc/docker/daemon.json should not be executable by owner
     ×  File /etc/docker/daemon.json should be readable by group
     expected File /etc/docker/daemon.json to be readable by group                                                                                                                                                   
     ✔  File /etc/docker/daemon.json should not be writable by group
     ✔  File /etc/docker/daemon.json should not be executable by group
     ×  File /etc/docker/daemon.json should be readable by other
     expected File /etc/docker/daemon.json to be readable by other                                                                                                                                                   
     ✔  File /etc/docker/daemon.json should not be writable by other
     ✔  File /etc/docker/daemon.json should not be executable by other
  ×  docker-3.19: Verify that /etc/default/docker file ownership is set to root:root (4 failed)
     ×  File /etc/default/docker should exist
     expected File /etc/default/docker to exist                                                                                                                                                                      
     ×  File /etc/default/docker should be file
     expected `File /etc/default/docker.file?` to return true, got false                                                                                                                                             
     ×  File /etc/default/docker should be owned by "root"
     expected `File /etc/default/docker.owned_by?("root")` to return true, got false                                                                                                                                 
     ×  File /etc/default/docker should be grouped into "root"
     expected `File /etc/default/docker.grouped_into?("root")` to return true, got false                                                                                                                             
  ×  docker-3.20: Verify that /etc/default/docker file permissions are set to 644 or more restrictive (6 failed)
     ×  File /etc/default/docker should exist
     expected File /etc/default/docker to exist                                                                                                                                                                      
     ×  File /etc/default/docker should be file
     expected `File /etc/default/docker.file?` to return true, got false                                                                                                                                             
     ×  File /etc/default/docker should be readable by owner
     expected File /etc/default/docker to be readable by owner                                                                                                                                                       
     ×  File /etc/default/docker should be writable by owner
     expected File /etc/default/docker to be writable by owner                                                                                                                                                       
     ✔  File /etc/default/docker should not be executable by owner
     ×  File /etc/default/docker should be readable by group
     expected File /etc/default/docker to be readable by group                                                                                                                                                       
     ✔  File /etc/default/docker should not be writable by group
     ✔  File /etc/default/docker should not be executable by group
     ×  File /etc/default/docker should be readable by other
     expected File /etc/default/docker to be readable by other                                                                                                                                                       
     ✔  File /etc/default/docker should not be writable by other
     ✔  File /etc/default/docker should not be executable by other
  ×  docker-4.2: Use trusted base images for containers
     ×  Environment variable DOCKER_CONTENT_TRUST content should eq "1"
                                                                                                                                                                                                                     
     expected: "1"                                                                                                                                                                                                   
          got: nil                                                                                                                                                                                                   
                                                                                                                                                                                                                     
     (compared using ==)                                                                                                                                                                                             

  ↺  docker-4.3: Do not install unnecessary packages in the container
     ↺  Do not install unnecessary packages in the container
  ↺  docker-4.4: Rebuild the images to include security patches
     ↺  Rebuild the images to include security patches
  ×  docker-4.5: Enable Content trust for Docker
     ×  Environment variable DOCKER_CONTENT_TRUST content should eq "1"
                                                                                                                                                                                                                     
     expected: "1"                                                                                                                                                                                                   
          got: nil                                                                                                                                                                                                   
                                                                                                                                                                                                                     
     (compared using ==)                                                                                                                                                                                             

  ↺  docker-4.8: Remove setuid and setgid permissions in the images
     ↺  Use DevSec Linux Baseline in Container
  ↺  docker-4.10: Do not store secrets in Dockerfiles
     ↺  Manually verify that you have not used secrets in images
  ↺  docker-4.11: Install verified packages only
     ↺  Manually verify that you installed verified packages
  ↺  docker-2.1: Restrict network traffic between containers
     ↺  No such file: /etc/docker/daemon.json
  ↺  docker-2.2: Set the logging level
     ↺  No such file: /etc/docker/daemon.json
  ↺  docker-2.3: Allow Docker to make changes to iptables
     ↺  No such file: /etc/docker/daemon.json
  ↺  docker-2.4: Do not use insecure registries
     ↺  No such file: /etc/docker/daemon.json
  ↺  docker-2.5: Do not use the aufs storage driver
     ↺  No such file: /etc/docker/daemon.json
  ↺  docker-2.6: Configure TLS authentication for Docker daemon
     ↺  No such file: /etc/docker/daemon.json
  ↺  docker-2.7: Set default ulimit as appropriate
     ↺  No such file: /etc/docker/daemon.json
  ↺  docker-2.8: Enable user namespace support (4 failed) (1 skipped)
     ↺  No such file: /etc/docker/daemon.json
     ×  File /etc/subuid should exist
     expected File /etc/subuid to exist                                                                                                                                                                              
     ×  File /etc/subuid should be file
     expected `File /etc/subuid.file?` to return true, got false                                                                                                                                                     
     ×  File /etc/subgid should exist
     expected File /etc/subgid to exist                                                                                                                                                                              
     ×  File /etc/subgid should be file
     expected `File /etc/subgid.file?` to return true, got false                                                                                                                                                     
  ↺  docker-2.9: Confirm default cgroup usage
     ↺  No such file: /etc/docker/daemon.json
  ↺  docker-2.10: Do not change base device size until needed
     ↺  No such file: /etc/docker/daemon.json
  ↺  docker-2.11: Use authorization plugin
     ↺  No such file: /etc/docker/daemon.json
  ↺  docker-2.12: Configure centralized and remote logging
     ↺  No such file: /etc/docker/daemon.json
  ↺  docker-2.13: Disable operations on legacy registry (v1)
     ↺  No such file: /etc/docker/daemon.json
  ↺  docker-2.14: Enable live restore
     ↺  No such file: /etc/docker/daemon.json
  ×  docker-2.15: Do not enable swarm mode, if not needed
     ×  #<Hashie::Mash> Swarm.LocalNodeState 
     undefined method `LocalNodeState' for nil:NilClass                                                                                                                                                              
  ↺  docker-2.16: Control the number of manager nodes in a swarm
     ↺  Skipped control due to only_if condition.
  ↺  docker-2.17: Bind swarm services to a specific host interface
     ↺  Skipped control due to only_if condition.
  ↺  docker-2.18: Disable Userland Proxy (1 failed) (1 skipped)
     ↺  No such file: /etc/docker/daemon.json
     ×  [] should include "userland-proxy=false"
     expected [] to include "userland-proxy=false"                                                                                                                                                                   
  ↺  docker-2.19: Encrypt data exchanged between containers on different nodes on the overlay network
     ↺  Skipped control due to only_if condition.
  ↺  docker-2.20: Apply a daemon-wide custom seccomp profile, if needed
     ↺  No such file: /etc/docker/daemon.json
  ×  docker-2.21: Avoid experimental features in production
     ×  should eq "false"
                                                                                                                                                                                                                     
     expected: "false"                                                                                                                                                                                               
          got: ""                                                                                                                                                                                                    
                                                                                                                                                                                                                     
     (compared using ==)                                                                                                                                                                                             

  ↺  docker-2.22: Use Docker's secret management commands for managing secrets in a Swarm cluster
     ↺  Skipped control due to only_if condition.
  ↺  docker-2.23: Run swarm manager in auto-lock mode
     ↺  Skipped control due to only_if condition.
  ×  host-1.1: Create a separate partition for containers
     ×  Mount /var/lib/docker should be mounted
                                                                                                                                                                                                                     
     Mount /var/lib/docker is not mounted                                                                                                                                                                            

  ↺  host-1.2: Use the updated Linux Kernel
     ↺  Skipped control due to only_if condition.
  ↺  host-1.3: Harden the container host
     ↺  Harden the container host. Use the Dev-Sec Hardening Framework
  ↺  host-1.4: Remove all non-essential services from the host
     ↺  Remove all non-essential services from the host. Use the Dev-Sec Hardening Framework
  ×  host-1.5: Keep Docker up to date (2 failed)
     ×  Docker Host version.Client.Version 
     undefined method `Version' for nil:NilClass
     ×  Docker Host version.Server.Version 
     undefined method `Version' for nil:NilClass
  ×  host-1.6: Only allow trusted users to control Docker daemon (1 failed)
     ✔  Group docker should exist
     ×  #<Inspec::Resources::EtcGroupView:0x00005590d9410810> users should include "vagrant"
     expected ["user"] to include "vagrant"
  ×  host-1.7: Audit docker daemon (4 failed)
     ×  Auditd Rules lines should include "-w /usr/bin/docker -p rwxa -k docker"
     expected [] to include "-w /usr/bin/docker -p rwxa -k docker"
     ×  Service auditd should be installed
     expected that `Service auditd` is installed
     ×  Service auditd should be enabled
     expected that `Service auditd` is enabled
     ×  Service auditd should be running
     expected that `Service auditd` is running
  ×  host-1.8: Audit Docker files and directories - /var/lib/docker
     ×  Auditd Rules lines should include "-w /var/lib/docker/ -p rwxa -k docker"
     expected [] to include "-w /var/lib/docker/ -p rwxa -k docker"
  ×  host-1.9: Audit Docker files and directories - /etc/docker
     ×  Auditd Rules lines should include "-w /etc/docker/ -p rwxa -k docker"
     expected [] to include "-w /etc/docker/ -p rwxa -k docker"
  ×  host-1.10: Audit Docker files and directories - docker.service
     ×  Auditd Rules lines should include "-w /usr/lib/systemd/system/docker.service -p rwxa -k docker"
     expected [] to include "-w /usr/lib/systemd/system/docker.service -p rwxa -k docker"
  ×  host-1.11: Audit Docker files and directories - docker.socket
     ×  Auditd Rules lines should include "-w /usr/lib/systemd/system/docker.socket -p rwxa -k docker"
     expected [] to include "-w /usr/lib/systemd/system/docker.socket -p rwxa -k docker"
  ×  host-1.12: Audit Docker files and directories - /etc/default/docker
     ×  Auditd Rules lines should include "-w /etc/default/docker -p rwxa -k docker"
     expected [] to include "-w /etc/default/docker -p rwxa -k docker"
  ×  host-1.13: Audit Docker files and directories - /etc/docker/daemon.json
     ×  Auditd Rules lines should include "-w /etc/docker/daemon.json -p rwxa -k docker"
     expected [] to include "-w /etc/docker/daemon.json -p rwxa -k docker"
  ×  host-1.14: Audit Docker files and directories - /usr/bin/docker-containerd
     ×  Auditd Rules lines should include "-w /usr/bin/docker-containerd -p rwxa -k docker"
     expected [] to include "-w /usr/bin/docker-containerd -p rwxa -k docker"
  ×  host-1.15: Audit Docker files and directories - /usr/bin/docker-runc
     ×  Auditd Rules lines should include "-w /usr/bin/docker-runc -p rwxa -k docker"
     expected [] to include "-w /usr/bin/docker-runc -p rwxa -k docker"
  ↺  docker-6.1: Perform regular security audits of your host system and containers
     ↺  Perform regular security audits of your host system and containers
  ↺  docker-6.2: Monitor Docker containers usage, performance and metering
     ↺  Monitor Docker containers usage, performance and metering
  ↺  docker-6.3: Backup container data
     ↺  Backup container data
  ✔  host-6.4: Avoid image sprawl
     ✔  [] should be empty
  ✔  host-6.5: Avoid container sprawl
     ✔  0 should be <= 25


Profile Summary: 9 successful controls, 33 control failures, 34 controls skipped
Test Summary: 65 successful, 95 failures, 36 skipped

@aschmidt75
Copy link
Member

i just had the same (or say similar) issue, it can occur depending on what your specs actually execute and want to output using inspecs reporter (/inspec/reporters/cli.rb:144 in the error message).
In my case it was the docker history command which truncates overlong entries with UTF-8 "..." dash, like:

7d652170a458 8 weeks ago /bin/sh -c apt-get update -y -q && apt-get … 117MB

I think this is more an issue to the inspec reporters regarding UTF-8 handling? However in my case i fixed this using docker's --no-trunc option in the spec.

Still have no clue why this pops up since i'm running on a debian:9 and have all LANGUAGE, LC_ALL, ... env vars set.

@aschmidt75 aschmidt75 mentioned this issue Apr 11, 2018
Merged
@chris-rock
Copy link
Member

Fixed in #53 please reopen if the issue still applies

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@chris-rock @mmukherjee @aschmidt75 @atomic111