diff --git a/docker-bench-security.sh b/docker-bench-security.sh old mode 100644 new mode 100755 diff --git a/tests/5_container_runtime.sh b/tests/5_container_runtime.sh index 11e14df..7133b9e 100644 --- a/tests/5_container_runtime.sh +++ b/tests/5_container_runtime.sh @@ -201,18 +201,21 @@ else fail=0 for c in $containers; do - port=$(docker port "$c" | awk '{print $1}' | cut -d '/' -f1) + ports=$(docker port "$c" | awk '{print $1}' | cut -d '/' -f1) - if [ ! -z "$port" ] && [ "$port" -lt 1025 ]; then - # If it's the first container, fail the test - if [ $fail -eq 0 ]; then - warn "$check_5_8" - warn " * Privileged Port in use: $port in $c" - fail=1 - else - warn " * Privileged Port in use: $port in $c" + # iterate through port range (line delimited) + for port in $ports; do + if [ ! -z "$port" ] && [ "0$port" -lt 1025 ]; then + # If it's the first container, fail the test + if [ $fail -eq 0 ]; then + warn "$check_5_8" + warn " * Privileged Port in use: $port in $c" + fail=1 + else + warn " * Privileged Port in use: $port in $c" + fi fi - fi + done done # We went through all the containers and found no privileged ports if [ $fail -eq 0 ]; then diff --git a/tests/6_docker_security_operations.sh b/tests/6_docker_security_operations.sh index f5b1f01..3165986 100644 --- a/tests/6_docker_security_operations.sh +++ b/tests/6_docker_security_operations.sh @@ -40,8 +40,8 @@ images=$(docker images -q | wc -l | awk '{print $1}') active_images=0 for c in $(docker inspect -f "{{.Image}}" $(docker ps -qa)); do - if [[ $(docker images --no-trunc -a | grep $c) ]]; then - ((active_images++)) + if docker images --no-trunc -a | grep $c > /dev/null ; then + active_images=$(( active_images += 1 )) fi done @@ -53,7 +53,7 @@ else info " * There are currently: $images images" fi -if [[ "$active_images" -lt "$((images / 2))" ]]; then +if [ "$active_images" -lt "$((images / 2))" ]; then warn " * Only $active_images out of $images are in use" fi