From 0602870be5ea087770ea7da1992a090a142dfe3f Mon Sep 17 00:00:00 2001
From: liron-l <levinlir@gmail.com>
Date: Thu, 18 Jun 2015 13:21:57 +0300
Subject: [PATCH] Fix CIS 5.8 - Reverse container port and reduce privileged
 port to 1024

-- According to CIS, 5.8 apply to priviliged port on the host not on the
container:
`processes are not allowed to use them for various security reasons.
Docker allows a
container port to be mapped to a privileged port.`
-- Also privileged port should be less than 1024 inclusive

Signed-off-by: liron-l <levinlir@gmail.com>
---
 tests/5_container_runtime.sh | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/tests/5_container_runtime.sh b/tests/5_container_runtime.sh
index 35c41b5..9f581bf 100644
--- a/tests/5_container_runtime.sh
+++ b/tests/5_container_runtime.sh
@@ -201,11 +201,12 @@ else
 
   fail=0
   for c in $containers; do
-    ports=$(docker port "$c" | awk '{print $1}' | cut -d '/' -f1)
+    # Port format is private port -> ip: public port
+    ports=$(docker port "$c" | awk '{print $0}' | cut -d ':' -f2)
 
     # iterate through port range (line delimited)
     for port in $ports; do
-    if [ ! -z "$port" ] && [ "0$port" -lt 1025 ]; then
+    if [ ! -z "$port" ] && [ "0$port" -lt 1024 ]; then
         # If it's the first container, fail the test
         if [ $fail -eq 0 ]; then
           warn "$check_5_8"