mirror of
https://github.com/docker/docker-bench-security.git
synced 2025-01-18 16:22:33 +01:00
initial commit of tests/8_docker_enterprise_configuration.sh v1.3.1
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
This commit is contained in:
parent
4e379bbaf9
commit
32c5e5f1fb
1 changed files with 15 additions and 15 deletions
|
@ -1,4 +1,4 @@
|
||||||
#!/bin/sh
|
#!/bin/bash
|
||||||
|
|
||||||
check_8() {
|
check_8() {
|
||||||
logit ""
|
logit ""
|
||||||
|
@ -34,10 +34,10 @@ check_8_1_1() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
local id="8.1.1"
|
local id="8.1.1"
|
||||||
local desc="Configure the LDAP authentication service (Scored)"
|
local desc="Configure the LDAP authentication service (Automated)"
|
||||||
local remediation="You can configure LDAP integration via the UCP Admin Settings UI. LDAP integration can also be enabled via a configuration file"
|
local remediation="You can configure LDAP integration via the UCP Admin Settings UI. LDAP integration can also be enabled via a configuration file"
|
||||||
local remediationImpact="None."
|
local remediationImpact="None."
|
||||||
local check="$id - $desc"
|
local check="$id - $desc"
|
||||||
starttestjson "$id" "$desc"
|
starttestjson "$id" "$desc"
|
||||||
|
|
||||||
note -c "$check"
|
note -c "$check"
|
||||||
|
@ -50,10 +50,10 @@ check_8_1_2() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
local id="8.1.2"
|
local id="8.1.2"
|
||||||
local desc="Use external certificates (Scored)"
|
local desc="Use external certificates (Automated)"
|
||||||
local remediation="You can configure your own certificates for UCP either during installation or after installation via the UCP Admin Settings user interface."
|
local remediation="You can configure your own certificates for UCP either during installation or after installation via the UCP Admin Settings user interface."
|
||||||
local remediationImpact="None."
|
local remediationImpact="None."
|
||||||
local check="$id - $desc"
|
local check="$id - $desc"
|
||||||
starttestjson "$id" "$desc"
|
starttestjson "$id" "$desc"
|
||||||
|
|
||||||
note -c "$check"
|
note -c "$check"
|
||||||
|
@ -69,7 +69,7 @@ check_8_1_3() {
|
||||||
local desc="Enforce the use of client certificate bundles for unprivileged users (Not Scored)"
|
local desc="Enforce the use of client certificate bundles for unprivileged users (Not Scored)"
|
||||||
local remediation="Client certificate bundles can be created in one of two ways. User Management UI: UCP Administrators can provision client certificate bundles on behalf of users. Self-Provision: Users with access to the UCP console can create client certificate bundles themselves."
|
local remediation="Client certificate bundles can be created in one of two ways. User Management UI: UCP Administrators can provision client certificate bundles on behalf of users. Self-Provision: Users with access to the UCP console can create client certificate bundles themselves."
|
||||||
local remediationImpact="None."
|
local remediationImpact="None."
|
||||||
local check="$id - $desc"
|
local check="$id - $desc"
|
||||||
starttestjson "$id" "$desc"
|
starttestjson "$id" "$desc"
|
||||||
|
|
||||||
note -c "$check"
|
note -c "$check"
|
||||||
|
@ -85,7 +85,7 @@ check_8_1_4() {
|
||||||
local desc="Configure applicable cluster role-based access control policies (Not Scored)"
|
local desc="Configure applicable cluster role-based access control policies (Not Scored)"
|
||||||
local remediation="UCP RBAC components can be configured as required via the UCP User Management UI."
|
local remediation="UCP RBAC components can be configured as required via the UCP User Management UI."
|
||||||
local remediationImpact="None."
|
local remediationImpact="None."
|
||||||
local check="$id - $desc"
|
local check="$id - $desc"
|
||||||
starttestjson "$id" "$desc"
|
starttestjson "$id" "$desc"
|
||||||
|
|
||||||
note -c "$check"
|
note -c "$check"
|
||||||
|
@ -98,8 +98,8 @@ check_8_1_5() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
local id="8.1.5"
|
local id="8.1.5"
|
||||||
local desc="Enable signed image enforcement (Scored)"
|
local desc="Enable signed image enforcement (Automated)"
|
||||||
local check="$id - $desc"
|
local check="$id - $desc"
|
||||||
starttestjson "$id" "$desc"
|
starttestjson "$id" "$desc"
|
||||||
|
|
||||||
note -c "$check"
|
note -c "$check"
|
||||||
|
@ -112,10 +112,10 @@ check_8_1_6() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
local id="8.1.6"
|
local id="8.1.6"
|
||||||
local desc="Set the Per-User Session Limit to a value of '3' or lower (Scored)"
|
local desc="Set the Per-User Session Limit to a value of '3' or lower (Automated)"
|
||||||
local remediation="Retrieve a UCP API token. Retrieve and save UCP config. Open the ucp-config.toml file, set the per_user_limit entry under the [auth.sessions] section to a value of 3 or lower, but greater than 0. Update UCP with the new configuration."
|
local remediation="Retrieve a UCP API token. Retrieve and save UCP config. Open the ucp-config.toml file, set the per_user_limit entry under the [auth.sessions] section to a value of 3 or lower, but greater than 0. Update UCP with the new configuration."
|
||||||
local remediationImpact="None."
|
local remediationImpact="None."
|
||||||
local check="$id - $desc"
|
local check="$id - $desc"
|
||||||
starttestjson "$id" "$desc"
|
starttestjson "$id" "$desc"
|
||||||
|
|
||||||
note -c "$check"
|
note -c "$check"
|
||||||
|
@ -128,10 +128,10 @@ check_8_1_7() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
local id="8.1.7"
|
local id="8.1.7"
|
||||||
local desc="Set the 'Lifetime Minutes' and 'Renewal Threshold Minutes' values to '15' or lower and '0' respectively (Scored)"
|
local desc="Set the 'Lifetime Minutes' and 'Renewal Threshold Minutes' values to '15' or lower and '0' respectively (Automated)"
|
||||||
local remediation="Retrieve a UCP API token. Retrieve and save UCP config. Open the ucp-config.toml file, set the lifetime_minutes and renewal_threshold_minutes entries under the [auth.sessions] section to values of 15 or lower and 0 respectively. Update UCP with the new configuration."
|
local remediation="Retrieve a UCP API token. Retrieve and save UCP config. Open the ucp-config.toml file, set the lifetime_minutes and renewal_threshold_minutes entries under the [auth.sessions] section to values of 15 or lower and 0 respectively. Update UCP with the new configuration."
|
||||||
local remediationImpact="Setting the Lifetime Minutes setting to a value that is too lower would result in users having to constantly re-authenticate to their Docker Enterprise cluster."
|
local remediationImpact="Setting the Lifetime Minutes setting to a value that is too lower would result in users having to constantly re-authenticate to their Docker Enterprise cluster."
|
||||||
local check="$id - $desc"
|
local check="$id - $desc"
|
||||||
starttestjson "$id" "$desc"
|
starttestjson "$id" "$desc"
|
||||||
|
|
||||||
note -c "$check"
|
note -c "$check"
|
||||||
|
@ -155,10 +155,10 @@ check_8_2_1() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
local id="8.2.1"
|
local id="8.2.1"
|
||||||
local desc="Enable image vulnerability scanning (Scored)"
|
local desc="Enable image vulnerability scanning (Automated)"
|
||||||
local remediation="You can navigate to DTR Settings UI and select the Security tab to access the image scanning configuration. Select the Enable Scanning slider to enable this functionality."
|
local remediation="You can navigate to DTR Settings UI and select the Security tab to access the image scanning configuration. Select the Enable Scanning slider to enable this functionality."
|
||||||
local remediationImpact="None."
|
local remediationImpact="None."
|
||||||
local check="$id - $desc"
|
local check="$id - $desc"
|
||||||
starttestjson "$id" "$desc"
|
starttestjson "$id" "$desc"
|
||||||
|
|
||||||
note -c "$check"
|
note -c "$check"
|
||||||
|
|
Loading…
Reference in a new issue