2019-08-27 16:11:38 +02:00
|
|
|
#!/bin/sh
|
|
|
|
|
|
|
|
|
|
check_8() {
|
2021-03-10 20:47:52 +01:00
|
|
|
logit ""
|
2021-03-09 11:42:48 +01:00
|
|
|
local id="8"
|
|
|
|
|
local desc="Docker Enterprise Configuration"
|
2021-03-10 20:47:52 +01:00
|
|
|
checkHeader="$id - $desc"
|
|
|
|
|
info "$checkHeader"
|
2021-03-09 11:42:48 +01:00
|
|
|
startsectionjson "$id" "$desc"
|
2019-08-27 16:11:38 +02:00
|
|
|
}
|
|
|
|
|
|
2019-08-28 11:49:22 +02:00
|
|
|
check_product_license() {
|
2019-08-29 09:53:40 +02:00
|
|
|
if docker version | grep -Eqi '^Server.*Community$|Version.*-ce$'; then
|
2019-08-28 11:49:22 +02:00
|
|
|
info " * Community Engine license, skipping section 8"
|
|
|
|
|
enterprise_license=0
|
|
|
|
|
else
|
|
|
|
|
enterprise_license=1
|
|
|
|
|
fi
|
|
|
|
|
}
|
|
|
|
|
|
2019-08-27 16:11:38 +02:00
|
|
|
check_8_1() {
|
2019-08-28 11:49:22 +02:00
|
|
|
if [ "$enterprise_license" -ne 1 ]; then
|
|
|
|
|
return
|
|
|
|
|
fi
|
|
|
|
|
|
2021-03-09 11:42:48 +01:00
|
|
|
local id="8.1"
|
|
|
|
|
local desc="Universal Control Plane Configuration"
|
|
|
|
|
local check="$id - $desc"
|
|
|
|
|
info "$check"
|
2019-08-27 16:11:38 +02:00
|
|
|
}
|
|
|
|
|
|
2019-08-28 10:26:44 +02:00
|
|
|
check_8_1_1() {
|
|
|
|
|
if [ "$enterprise_license" -ne 1 ]; then
|
|
|
|
|
return
|
|
|
|
|
fi
|
|
|
|
|
|
2021-03-09 11:42:48 +01:00
|
|
|
local id="8.1.1"
|
|
|
|
|
local desc="Configure the LDAP authentication service (Scored)"
|
|
|
|
|
local check="$id - $desc"
|
|
|
|
|
starttestjson "$id" "$desc"
|
2019-08-28 10:26:44 +02:00
|
|
|
|
2021-03-16 09:05:49 +01:00
|
|
|
note -c "$check"
|
|
|
|
|
logcheckresult "INFO"
|
2019-08-28 10:26:44 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
check_8_1_2() {
|
|
|
|
|
if [ "$enterprise_license" -ne 1 ]; then
|
|
|
|
|
return
|
|
|
|
|
fi
|
|
|
|
|
|
2021-03-09 11:42:48 +01:00
|
|
|
local id="8.1.2"
|
|
|
|
|
local desc="Use external certificates (Scored)"
|
|
|
|
|
local check="$id - $desc"
|
|
|
|
|
starttestjson "$id" "$desc"
|
2019-08-28 10:26:44 +02:00
|
|
|
|
2021-03-16 09:05:49 +01:00
|
|
|
note -c "$check"
|
|
|
|
|
logcheckresult "INFO"
|
2019-08-28 10:26:44 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
check_8_1_3() {
|
|
|
|
|
if [ "$enterprise_license" -ne 1 ]; then
|
|
|
|
|
return
|
|
|
|
|
fi
|
|
|
|
|
|
2021-03-09 11:42:48 +01:00
|
|
|
local id="8.1.3"
|
|
|
|
|
local desc="Enforce the use of client certificate bundles for unprivileged users (Not Scored)"
|
|
|
|
|
local check="$id - $desc"
|
|
|
|
|
starttestjson "$id" "$desc"
|
2019-08-28 10:26:44 +02:00
|
|
|
|
2021-03-16 09:05:49 +01:00
|
|
|
note -c "$check"
|
|
|
|
|
logcheckresult "INFO"
|
2019-08-28 10:26:44 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
check_8_1_4() {
|
|
|
|
|
if [ "$enterprise_license" -ne 1 ]; then
|
|
|
|
|
return
|
|
|
|
|
fi
|
|
|
|
|
|
2021-03-09 11:42:48 +01:00
|
|
|
local id="8.1.4"
|
|
|
|
|
local desc="Configure applicable cluster role-based access control policies (Not Scored)"
|
|
|
|
|
local check="$id - $desc"
|
|
|
|
|
starttestjson "$id" "$desc"
|
2019-08-28 10:26:44 +02:00
|
|
|
|
2021-03-16 09:05:49 +01:00
|
|
|
note -c "$check"
|
|
|
|
|
logcheckresult "INFO"
|
2019-08-28 10:26:44 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
check_8_1_5() {
|
|
|
|
|
if [ "$enterprise_license" -ne 1 ]; then
|
|
|
|
|
return
|
|
|
|
|
fi
|
|
|
|
|
|
2021-03-09 11:42:48 +01:00
|
|
|
local id="8.1.5"
|
|
|
|
|
local desc="Enable signed image enforcement (Scored)"
|
|
|
|
|
local check="$id - $desc"
|
|
|
|
|
starttestjson "$id" "$desc"
|
2019-08-28 10:26:44 +02:00
|
|
|
|
2021-03-16 09:05:49 +01:00
|
|
|
note -c "$check"
|
|
|
|
|
logcheckresult "INFO"
|
2019-08-28 10:26:44 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
check_8_1_6() {
|
|
|
|
|
if [ "$enterprise_license" -ne 1 ]; then
|
|
|
|
|
return
|
|
|
|
|
fi
|
|
|
|
|
|
2021-03-09 11:42:48 +01:00
|
|
|
local id="8.1.6"
|
|
|
|
|
local desc="Set the Per-User Session Limit to a value of '3' or lower (Scored)"
|
|
|
|
|
local check="$id - $desc"
|
|
|
|
|
starttestjson "$id" "$desc"
|
2019-08-28 10:26:44 +02:00
|
|
|
|
2021-03-16 09:05:49 +01:00
|
|
|
note -c "$check"
|
|
|
|
|
logcheckresult "INFO"
|
2019-08-28 10:26:44 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
check_8_1_7() {
|
|
|
|
|
if [ "$enterprise_license" -ne 1 ]; then
|
|
|
|
|
return
|
|
|
|
|
fi
|
|
|
|
|
|
2021-03-09 11:42:48 +01:00
|
|
|
local id="8.1.7"
|
|
|
|
|
local desc="Set the 'Lifetime Minutes' and 'Renewal Threshold Minutes' values to '15' or lower and '0' respectively (Scored)"
|
|
|
|
|
local check="$id - $desc"
|
|
|
|
|
starttestjson "$id" "$desc"
|
2019-08-28 10:26:44 +02:00
|
|
|
|
2021-03-16 09:05:49 +01:00
|
|
|
note -c "$check"
|
|
|
|
|
logcheckresult "INFO"
|
2019-08-28 10:26:44 +02:00
|
|
|
}
|
|
|
|
|
|
2019-08-27 16:11:38 +02:00
|
|
|
check_8_2() {
|
2019-08-28 11:49:22 +02:00
|
|
|
if [ "$enterprise_license" -ne 1 ]; then
|
|
|
|
|
return
|
|
|
|
|
fi
|
|
|
|
|
|
2021-03-09 11:42:48 +01:00
|
|
|
local id="8.2"
|
|
|
|
|
local desc="Docker Trusted Registry Configuration"
|
|
|
|
|
local check="$id - $desc"
|
|
|
|
|
info "$check"
|
2019-08-27 16:11:38 +02:00
|
|
|
}
|
|
|
|
|
|
2019-08-28 10:26:44 +02:00
|
|
|
check_8_2_1() {
|
|
|
|
|
if [ "$enterprise_license" -ne 1 ]; then
|
|
|
|
|
return
|
|
|
|
|
fi
|
|
|
|
|
|
2021-03-09 11:42:48 +01:00
|
|
|
local id="8.2.1"
|
|
|
|
|
local desc="Enable image vulnerability scanning (Scored)"
|
|
|
|
|
local check="$id - $desc"
|
|
|
|
|
starttestjson "$id" "$desc"
|
2019-08-28 10:26:44 +02:00
|
|
|
|
2021-03-16 09:05:49 +01:00
|
|
|
note -c "$check"
|
|
|
|
|
logcheckresult "INFO"
|
2019-08-28 10:26:44 +02:00
|
|
|
}
|
|
|
|
|
|
2019-08-27 16:11:38 +02:00
|
|
|
check_8_end() {
|
|
|
|
|
endsectionjson
|
|
|
|
|
}
|
