GuillaumeHemmen/docker-bench-security
1
0
Fork 0
mirror of https://github.com/docker/docker-bench-security.git synced 2025-01-19 00:32:34 +01:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #236 from konstruktoid/notes

Browse source 
add note tag on informational checks
This commit is contained in:
Thomas Sjögren 2017-03-23 11:32:08 +01:00 committed by GitHub
commit 48b210dcfb
5 changed files with 15 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
output_lib.sh
View file

@ -21,6 +21,10 @@ warn () {
printf "%b\n" "${bldred}[WARN]${txtrst} $1" | tee -a "$logger" printf "%b\n" "${bldred}[WARN]${txtrst} $1" | tee -a "$logger"
} }
note () {
printf "%b\n" "${bldylw}[NOTE]${txtrst} $1" | tee -a "$logger"
}
yell () { yell () {
printf "%b\n" "${bldylw}$1${txtrst}\n" printf "%b\n" "${bldylw}$1${txtrst}\n"
} }

2
tests/1_host_configuration.sh
View file

@ -14,7 +14,7 @@ fi
# 1.2 # 1.2
check_1_2="1.2 - Harden the container host" check_1_2="1.2 - Harden the container host"
info "$check_1_2" note "$check_1_2"
# 1.3 # 1.3
check_1_3="1.3 - Keep Docker up to date" check_1_3="1.3 - Keep Docker up to date"

2
tests/2_docker_daemon_configuration.sh
View file

@ -285,4 +285,4 @@ fi
# 2.24 # 2.24
check_2_24="2.24 - Rotate swarm manager auto-lock key periodically" check_2_24="2.24 - Rotate swarm manager auto-lock key periodically"
info "$check_2_24" note "$check_2_24"

12
tests/4_container_images.sh
View file

@ -42,15 +42,15 @@ images=$(docker images -q)
# 4.2 # 4.2
check_4_2="4.2 - Use trusted base images for containers" check_4_2="4.2 - Use trusted base images for containers"
info "$check_4_2" note "$check_4_2"
# 4.3 # 4.3
check_4_3="4.3 - Do not install unnecessary packages in the container" check_4_3="4.3 - Do not install unnecessary packages in the container"
info "$check_4_3" note "$check_4_3"
# 4.4 # 4.4
check_4_4="4.4 - Scan and rebuild the images to include security patches" check_4_4="4.4 - Scan and rebuild the images to include security patches"
info "$check_4_4" note "$check_4_4"
# 4.5 # 4.5
check_4_5="4.5 - Enable Content trust for Docker" check_4_5="4.5 - Enable Content trust for Docker"
@ -100,7 +100,7 @@ fi
# 4.8 # 4.8
check_4_8="4.8 - Remove setuid and setgid permissions in the images" check_4_8="4.8 - Remove setuid and setgid permissions in the images"
info "$check_4_8" note "$check_4_8"
# 4.9 # 4.9
check_4_9="4.9 - Use COPY instead of ADD in Dockerfile" check_4_9="4.9 - Use COPY instead of ADD in Dockerfile"
@ -124,8 +124,8 @@ fi
# 4.10 # 4.10
check_4_10="4.10 - Do not store secrets in Dockerfiles" check_4_10="4.10 - Do not store secrets in Dockerfiles"
info "$check_4_10" note "$check_4_10"
# 4.11 # 4.11
check_4_11="4.11 - Install verified packages only" check_4_11="4.11 - Install verified packages only"
info "$check_4_11" note "$check_4_11"

6
tests/5_container_runtime.sh
View file

@ -213,7 +213,7 @@ else
# 5.8 # 5.8
check_5_8="5.8 - Open only needed ports on container" check_5_8="5.8 - Open only needed ports on container"
info "$check_5_8" note "$check_5_8"
# 5.9 # 5.9
check_5_9="5.9 - Do not share the host's network namespace" check_5_9="5.9 - Do not share the host's network namespace"
@ -521,11 +521,11 @@ else
# 5.22 # 5.22
check_5_22="5.22 - Do not docker exec commands with privileged option" check_5_22="5.22 - Do not docker exec commands with privileged option"
info "$check_5_22" note "$check_5_22"
# 5.23 # 5.23
check_5_23="5.23 - Do not docker exec commands with user option" check_5_23="5.23 - Do not docker exec commands with user option"
info "$check_5_23" note "$check_5_23"
# 5.24 # 5.24
check_5_24="5.24 - Confirm cgroup usage" check_5_24="5.24 - Confirm cgroup usage"