From 11886d47d88be6f813e2d64add7fc450a64b7de6 Mon Sep 17 00:00:00 2001 From: Razvan Stoica Date: Thu, 11 Mar 2021 15:00:12 +0200 Subject: [PATCH] Fixed invalid JSON log --- tests/1_host_configuration.sh | 22 +++++++++++----------- tests/2_docker_daemon_configuration.sh | 2 +- tests/4_container_images.sh | 2 +- 3 files changed, 13 insertions(+), 13 deletions(-) diff --git a/tests/1_host_configuration.sh b/tests/1_host_configuration.sh index 00a2261..709a01e 100644 --- a/tests/1_host_configuration.sh +++ b/tests/1_host_configuration.sh @@ -67,7 +67,7 @@ check_1_2() { check_1_2_1() { local id="1.2.1" local desc="Ensure a separate partition for containers has been created (Scored)" - local remediation="For new installations, you should create a separate partition for the \"/var/lib/docker\" mount point. For systems that have already been installed, you should use the Logical Volume Manager (LVM) within Linux to create a new partition." + local remediation="For new installations, you should create a separate partition for the \'/var/lib/docker\' mount point. For systems that have already been installed, you should use the Logical Volume Manager (LVM) within Linux to create a new partition." local check="$id - $desc" starttestjson "$id" "$desc" @@ -114,7 +114,7 @@ check_1_2_2() { check_1_2_3() { local id="1.2.3" local desc="Ensure auditing is configured for the Docker daemon (Scored)" - local remediation="Install and configure auditd using command \"sudo apt-get install auditd\". Add \"-w /usr/bin/dockerd -k docker\" to the \"/etc/audit/rules.d/audit.rules\" file. Then restart the audit daemon using command \"service auditd restart\"." + local remediation="Install and configure auditd using command \'sudo apt-get install auditd\'. Add \'-w /usr/bin/dockerd -k docker\' to the \'/etc/audit/rules.d/audit.rules\' file. Then restart the audit daemon using command \'service auditd restart\'." local remediationImpact="Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." local check="$id - $desc" starttestjson "$id" "$desc" @@ -148,7 +148,7 @@ check_1_2_3() { check_1_2_4() { local id="1.2.4" local desc="Ensure auditing is configured for Docker files and directories - /var/lib/docker (Scored)" - local remediation="Install and configure auditd using command \"sudo apt-get install auditd\". Add \"-w /var/lib/docker -k docker\" to the \"/etc/audit/rules.d/audit.rules\" file. Then restart the audit daemon using command \"service auditd restart\"." + local remediation="Install and configure auditd using command \'sudo apt-get install auditd\'. Add \'-w /var/lib/docker -k docker\' to the \'/etc/audit/rules.d/audit.rules\' file. Then restart the audit daemon using command \'service auditd restart\'." local remediationImpact="Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." local check="$id - $desc" starttestjson "$id" "$desc" @@ -190,7 +190,7 @@ check_1_2_4() { check_1_2_5() { local id="1.2.5" local desc="Ensure auditing is configured for Docker files and directories - /etc/docker (Scored)" - local remediation="Install and configure auditd using command \"sudo apt-get install auditd\". Add \"-w /etc/docker -k docker\" to the \"/etc/audit/rules.d/audit.rules\" file. Then restart the audit daemon using command \"service auditd restart\"." + local remediation="Install and configure auditd using command \'sudo apt-get install auditd\'. Add \'-w /etc/docker -k docker\' to the \'/etc/audit/rules.d/audit.rules\' file. Then restart the audit daemon using command \'service auditd restart\'." local remediationImpact="Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." local check="$id - $desc" starttestjson "$id" "$desc" @@ -232,7 +232,7 @@ fi check_1_2_6() { local id="1.2.6" local desc="Ensure auditing is configured for Docker files and directories - docker.service (Scored)" - local remediation="Install and configure auditd using command \"sudo apt-get install auditd\". Add \"-w $(systemctl show -p FragmentPath docker.service | sed 's/.*=//') -k docker\" to the \"/etc/audit/rules.d/audit.rules\" file. Then restart the audit daemon using command \"service auditd restart\"." + local remediation="Install and configure auditd using command \'sudo apt-get install auditd\'. Add \'-w $(systemctl show -p FragmentPath docker.service | sed 's/.*=//') -k docker\' to the \'/etc/audit/rules.d/audit.rules\' file. Then restart the audit daemon using command \'service auditd restart\'." local remediationImpact="Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." local check="$id - $desc" starttestjson "$id" "$desc" @@ -274,7 +274,7 @@ check_1_2_6() { check_1_2_7() { local id="1.2.7" local desc="Ensure auditing is configured for Docker files and directories - docker.socket (Scored)" - local remediation="Install and configure auditd using command \"sudo apt-get install auditd\". Add \"-w $(systemctl show -p FragmentPath docker.socket | sed 's/.*=//') -k docker\" to the \"/etc/audit/rules.d/audit.rules\" file. Then restart the audit daemon using command \"service auditd restart\"." + local remediation="Install and configure auditd using command \'sudo apt-get install auditd\'. Add \'-w $(systemctl show -p FragmentPath docker.socket | sed 's/.*=//') -k docker\' to the \'/etc/audit/rules.d/audit.rules\' file. Then restart the audit daemon using command \'service auditd restart\'." local remediationImpact="Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." local check="$id - $desc" starttestjson "$id" "$desc" @@ -316,7 +316,7 @@ check_1_2_7() { check_1_2_8() { local id="1.2.8" local desc="Ensure auditing is configured for Docker files and directories - /etc/default/docker (Scored)" - local remediation="Install and configure auditd using command \"sudo apt-get install auditd\". Add \"-w /etc/default/docker -k docker\" to the \"/etc/audit/rules.d/audit.rules\" file. Then restart the audit daemon using command \"service auditd restart\"." + local remediation="Install and configure auditd using command \'sudo apt-get install auditd\'. Add \'-w /etc/default/docker -k docker\' to the \'/etc/audit/rules.d/audit.rules\' file. Then restart the audit daemon using command \'service auditd restart\'." local remediationImpact="Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." local check="$id - $desc" starttestjson "$id" "$desc" @@ -358,7 +358,7 @@ check_1_2_8() { check_1_2_9() { local id="1.2.9" local desc="Ensure auditing is configured for Docker files and directories - /etc/sysconfig/docker (Scored)" - local remediation="Install and configure auditd using command \"sudo apt-get install auditd\". Add \"-w /etc/sysconfig/docker -k docker\" to the \"/etc/audit/rules.d/audit.rules\" file. Then restart the audit daemon using command \"service auditd restart\"." + local remediation="Install and configure auditd using command \'sudo apt-get install auditd\'. Add \'-w /etc/sysconfig/docker -k docker\' to the \'/etc/audit/rules.d/audit.rules\' file. Then restart the audit daemon using command \'service auditd restart\'." local remediationImpact="Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." local check="$id - $desc" starttestjson "$id" "$desc" @@ -400,7 +400,7 @@ check_1_2_9() { check_1_2_10() { local id="1.2.10" local desc="Ensure auditing is configured for Docker files and directories - /etc/docker/daemon.json (Scored)" - local remediation="Install and configure auditd using command \"sudo apt-get install auditd\". Add \"-w /etc/docker/daemon.json -k docker\" to the \"/etc/audit/rules.d/audit.rules\" file. Then restart the audit daemon using command \"service auditd restart\"." + local remediation="Install and configure auditd using command \'sudo apt-get install auditd\'. Add \'-w /etc/docker/daemon.json -k docker\' to the \'/etc/audit/rules.d/audit.rules\' file. Then restart the audit daemon using command \'service auditd restart\'." local remediationImpact="Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." local check="$id - $desc" starttestjson "$id" "$desc" @@ -442,7 +442,7 @@ check_1_2_10() { check_1_2_11() { local id="1.2.11" local desc="Ensure auditing is configured for Docker files and directories - /usr/bin/containerd (Scored)" - local remediation="Install and configure auditd using command \"sudo apt-get install auditd\". Add \"-w /usr/bin/containerd -k docker\" to the \"/etc/audit/rules.d/audit.rules\" file. Then restart the audit daemon using command \"service auditd restart\"." + local remediation="Install and configure auditd using command \'sudo apt-get install auditd\'. Add \'-w /usr/bin/containerd -k docker\' to the \'/etc/audit/rules.d/audit.rules\' file. Then restart the audit daemon using command \'service auditd restart\'." local remediationImpact="Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." local check="$id - $desc" starttestjson "$id" "$desc" @@ -484,7 +484,7 @@ check_1_2_11() { check_1_2_12() { local id="1.2.12" local desc="Ensure auditing is configured for Docker files and directories - /usr/sbin/runc (Scored)" - local remediation="Install and configure auditd using command \"sudo apt-get install auditd\". Add \"-w /usr/sbin/runc -k docker\" to the \"/etc/audit/rules.d/audit.rules\" file. Then restart the audit daemon using command \"service auditd restart\"." + local remediation="Install and configure auditd using command \'sudo apt-get install auditd\'. Add \'-w /usr/sbin/runc -k docker\' to the \'/etc/audit/rules.d/audit.rules\' file. Then restart the audit daemon using command \'service auditd restart\'." local remediationImpact="Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." local check="$id - $desc" starttestjson "$id" "$desc" diff --git a/tests/2_docker_daemon_configuration.sh b/tests/2_docker_daemon_configuration.sh index 89fe6fe..00f87c1 100644 --- a/tests/2_docker_daemon_configuration.sh +++ b/tests/2_docker_daemon_configuration.sh @@ -13,7 +13,7 @@ check_2() { check_2_1() { local id="2.1" local desc="Ensure network traffic is restricted between containers on the default bridge (Scored)" - local remediation="Edit the Docker daemon configuration file to ensure that inter-container communication is disabled: \"icc\": false." + local remediation="Edit the Docker daemon configuration file to ensure that inter-container communication is disabled: \'icc\': false." local remediationImpact="Inter-container communication is disabled on the default network bridge. If any communication between containers on the same host is desired, it needs to be explicitly defined using container linking or custom networks." local check="$id - $desc" starttestjson "$id" "$desc" diff --git a/tests/4_container_images.sh b/tests/4_container_images.sh index ce6696c..fcd4e42 100644 --- a/tests/4_container_images.sh +++ b/tests/4_container_images.sh @@ -104,7 +104,7 @@ check_4_4() { check_4_5() { local id="4.5" local desc="Ensure Content trust for Docker is Enabled (Scored)" - local remediation="Add DOCKER_CONTENT_TRUST variable to the /etc/environment file using command echo \"DOCKER_CONTENT_TRUST=1\" | sudo tee -a /etc/environment." + local remediation="Add DOCKER_CONTENT_TRUST variable to the /etc/environment file using command echo \'DOCKER_CONTENT_TRUST=1\' | sudo tee -a /etc/environment." local remediationImpact="This prevents users from working with tagged images unless they contain a signature." local check="$id - $desc" starttestjson "$id" "$desc"