GuillaumeHemmen/docker-bench-security
1
0
Fork 0
mirror of https://github.com/docker/docker-bench-security.git synced 2025-11-04 02:58:59 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch 'master' into docker-benchmark-1.12.0

Browse source
This commit is contained in:
Thomas Sjögren 2017-01-23 12:14:23 +01:00 committed by GitHub
commit 27773128f8
7 changed files with 75 additions and 43 deletions

15
tests/2_docker_daemon_configuration.sh
View file

@ -57,19 +57,26 @@ fi
check_2_6="2.6 - Configure TLS authentication for Docker daemon"
get_docker_cumulative_command_line_args '-H' | grep -vE '(unix|fd)://' >/dev/null 2>&1
if [ $? -eq 0 ]; then
get_command_line_args docker | grep "tlsverify" | grep "tlskey" >/dev/null 2>&1
get_docker_cumulative_command_line_args '--tlskey' | grep 'tlskey=' >/dev/null 2>&1
if [ $? -eq 0 ]; then
pass "$check_2_6"
info " * Docker daemon currently listening on TCP"
get_docker_cumulative_command_line_args '--tlsverify' | grep 'tlsverify' >/dev/null 2>&1
if [ $? -eq 0 ]; then
pass "$check_2_6"
#pass " * Docker daemon currently listening on TCP with TLS and verification"
else
warn "$check_2_6"
warn " * Docker daemon currently listening on TCP with TLS, but no verification"
fi
else
warn "$check_2_6"
warn " * Docker daemon currently listening on TCP without --tlsverify"
warn " * Docker daemon currently listening on TCP without TLS"
fi
else
info "$check_2_6"
info " * Docker daemon not listening on TCP"
fi
# 2.7
check_2_7="2.7 - Set default ulimit as appropriate"
get_docker_effective_command_line_args '--default-ulimit' | grep "default-ulimit" >/dev/null 2>&1