diff --git a/tests/1_host_configuration.sh b/tests/1_host_configuration.sh index e2da4a9..3c9f5f0 100644 --- a/tests/1_host_configuration.sh +++ b/tests/1_host_configuration.sh @@ -5,7 +5,7 @@ info "1 - Host Configuration" auditrules="/etc/audit/audit.rules" # 1.1 -check_1_1="1.1 - Create a separate partition for containers" +check_1_1="1.1 - Ensure a separate partition for containers has been created" if grep /var/lib/docker /etc/fstab >/dev/null 2>&1; then pass "$check_1_1" else @@ -13,11 +13,11 @@ else fi # 1.2 -check_1_2="1.2 - Harden the container host" +check_1_2="1.2 - Ensure the container host has been Hardened" note "$check_1_2" # 1.3 -check_1_3="1.3 - Keep Docker up to date" +check_1_3="1.3 - Ensure Docker is up to date" docker_version=$(docker version | grep -i -A1 '^server' | grep -i 'version:' \ | awk '{print $NF; exit}' | tr -d '[:alpha:]-,') docker_current_version="$(date +%y.%m.0)" @@ -34,7 +34,7 @@ else fi # 1.4 -check_1_4="1.4 - Only allow trusted users to control Docker daemon" +check_1_4="1.4 - Ensure only trusted users are allowed to control Docker daemon" docker_users=$(getent group docker) info "$check_1_4" for u in $docker_users; do @@ -42,7 +42,7 @@ for u in $docker_users; do done # 1.5 -check_1_5="1.5 - Audit docker daemon - /usr/bin/docker" +check_1_5="1.5 - Ensure auditing is configured for the Docker daemon" file="/usr/bin/docker " if command -v auditctl >/dev/null 2>&1; then if auditctl -l | grep "$file" >/dev/null 2>&1; then @@ -57,7 +57,7 @@ else fi # 1.6 -check_1_6="1.6 - Audit Docker files and directories - /var/lib/docker" +check_1_6="1.6 - Ensure auditing is configured for Docker files and directories - /var/lib/docker" directory="/var/lib/docker" if [ -d "$directory" ]; then if command -v auditctl >/dev/null 2>&1; then @@ -77,7 +77,7 @@ else fi # 1.7 -check_1_7="1.7 - Audit Docker files and directories - /etc/docker" +check_1_7="1.7 - Ensure auditing is configured for Docker files and directories - /etc/docker" directory="/etc/docker" if [ -d "$directory" ]; then if command -v auditctl >/dev/null 2>&1; then @@ -97,7 +97,7 @@ else fi # 1.8 -check_1_8="1.8 - Audit Docker files and directories - docker.service" +check_1_8="1.8 - Ensure auditing is configured for Docker files and directories - docker.service" file="$(get_systemd_service_file docker.service)" if [ -f "$file" ]; then if command -v auditctl >/dev/null 2>&1; then @@ -117,7 +117,7 @@ else fi # 1.9 -check_1_9="1.9 - Audit Docker files and directories - docker.socket" +check_1_9="1.9 - Ensure auditing is configured for Docker files and directories - docker.socket" file="$(get_systemd_service_file docker.socket)" if [ -e "$file" ]; then if command -v auditctl >/dev/null 2>&1; then @@ -137,7 +137,7 @@ else fi # 1.10 -check_1_10="1.10 - Audit Docker files and directories - /etc/default/docker" +check_1_10="1.10 - Ensure auditing is configured for Docker files and directories - /etc/default/docker" file="/etc/default/docker" if [ -f "$file" ]; then if command -v auditctl >/dev/null 2>&1; then @@ -157,7 +157,7 @@ else fi # 1.11 -check_1_11="1.11 - Audit Docker files and directories - /etc/docker/daemon.json" +check_1_11="1.11 - Ensure auditing is configured for Docker files and directories - /etc/docker/daemon.json" file="/etc/docker/daemon.json" if [ -f "$file" ]; then if command -v auditctl >/dev/null 2>&1; then @@ -177,7 +177,7 @@ else fi # 1.12 -check_1_12="1.12 - Audit Docker files and directories - /usr/bin/docker-containerd" +check_1_12="1.12 - Ensure auditing is configured for Docker files and directories - /usr/bin/docker-containerd" file="/usr/bin/docker-containerd" if [ -f "$file" ]; then if command -v auditctl >/dev/null 2>&1; then @@ -197,7 +197,7 @@ else fi # 1.13 -check_1_13="1.13 - Audit Docker files and directories - /usr/bin/docker-runc" +check_1_13="1.13 - Ensure auditing is configured for Docker files and directories - /usr/bin/docker-runc" file="/usr/bin/docker-runc" if [ -f "$file" ]; then if command -v auditctl >/dev/null 2>&1; then