mirror of
https://github.com/docker/docker-bench-security.git
synced 2025-01-18 16:22:33 +01:00
commit
4edccd7859
2 changed files with 7 additions and 12 deletions
|
@ -125,7 +125,7 @@ get_docker_configuration_file_args() {
|
||||||
if "$HAVE_JQ"; then
|
if "$HAVE_JQ"; then
|
||||||
jq --monochrome-output --raw-output ".[\"${OPTION}\"]" "$CONFIG_FILE"
|
jq --monochrome-output --raw-output ".[\"${OPTION}\"]" "$CONFIG_FILE"
|
||||||
else
|
else
|
||||||
cat "$CONFIG_FILE" | tr { '\n' | tr , '\n' | tr } '\n' | grep "$OPTION" | sed 's/.*://g' | tr -d '" ',
|
cat "$CONFIG_FILE" | tr , '\n' | grep "$OPTION" | sed 's/.*://g' | tr -d '" ',
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -34,7 +34,7 @@ check_2_2() {
|
||||||
logcheckresult "PASS"
|
logcheckresult "PASS"
|
||||||
return
|
return
|
||||||
fi
|
fi
|
||||||
if get_docker_configuration_file_args 'icc' | grep "false" >/dev/null 2>&1; then
|
if [[ $(get_docker_configuration_file_args 'icc' | grep "false") ]] && [[ $(get_docker_configuration_file_args 'icc' | grep "false") != "null" ]] ; then
|
||||||
pass -s "$check"
|
pass -s "$check"
|
||||||
logcheckresult "PASS"
|
logcheckresult "PASS"
|
||||||
return
|
return
|
||||||
|
@ -93,7 +93,7 @@ check_2_4() {
|
||||||
logcheckresult "WARN"
|
logcheckresult "WARN"
|
||||||
return
|
return
|
||||||
fi
|
fi
|
||||||
if get_docker_configuration_file_args 'iptables' | grep "false" >/dev/null 2>&1; then
|
if [[ $(get_docker_configuration_file_args 'iptables' | grep "false") ]] && [[ $(get_docker_configuration_file_args 'iptables' | grep "false") != "null" ]] ; then
|
||||||
warn -s "$check"
|
warn -s "$check"
|
||||||
logcheckresult "WARN"
|
logcheckresult "WARN"
|
||||||
return
|
return
|
||||||
|
@ -115,12 +115,7 @@ check_2_5() {
|
||||||
logcheckresult "WARN"
|
logcheckresult "WARN"
|
||||||
return
|
return
|
||||||
fi
|
fi
|
||||||
if ! [ -z "$(get_docker_configuration_file_args 'insecure-registries')" ]; then
|
if [[ $(get_docker_configuration_file_args 'insecure-registries' | grep -v '\[]') ]] && [[ $(get_docker_configuration_file_args 'insecure-registries' | grep -v '\[]') != "null" ]] ; then
|
||||||
if get_docker_configuration_file_args 'insecure-registries' | grep '\[]' >/dev/null 2>&1; then
|
|
||||||
pass -s "$check"
|
|
||||||
logcheckresult "PASS"
|
|
||||||
return
|
|
||||||
fi
|
|
||||||
warn -s "$check"
|
warn -s "$check"
|
||||||
logcheckresult "WARN"
|
logcheckresult "WARN"
|
||||||
return
|
return
|
||||||
|
@ -187,7 +182,7 @@ check_2_8() {
|
||||||
local check="$id - $desc"
|
local check="$id - $desc"
|
||||||
starttestjson "$id" "$desc"
|
starttestjson "$id" "$desc"
|
||||||
|
|
||||||
if get_docker_configuration_file_args 'default-ulimit' | grep -v '{}' >/dev/null 2>&1; then
|
if [[ $(get_docker_configuration_file_args 'default-ulimits' | grep -v '{}') ]] && [[ $(get_docker_configuration_file_args 'default-ulimits' | grep -v '{}') != "null" ]] ; then
|
||||||
pass -c "$check"
|
pass -c "$check"
|
||||||
logcheckresult "PASS"
|
logcheckresult "PASS"
|
||||||
return
|
return
|
||||||
|
@ -210,7 +205,7 @@ check_2_9() {
|
||||||
local check="$id - $desc"
|
local check="$id - $desc"
|
||||||
starttestjson "$id" "$desc"
|
starttestjson "$id" "$desc"
|
||||||
|
|
||||||
if get_docker_configuration_file_args 'userns-remap' | grep -v '""'; then
|
if [[ $(get_docker_configuration_file_args 'userns-remap' | grep -v '""') ]] && [[ $(get_docker_configuration_file_args 'userns-remap' | grep -v '""') != "null" ]] ; then
|
||||||
pass -s "$check"
|
pass -s "$check"
|
||||||
logcheckresult "PASS"
|
logcheckresult "PASS"
|
||||||
return
|
return
|
||||||
|
@ -278,7 +273,7 @@ check_2_12() {
|
||||||
local check="$id - $desc"
|
local check="$id - $desc"
|
||||||
starttestjson "$id" "$desc"
|
starttestjson "$id" "$desc"
|
||||||
|
|
||||||
if get_docker_configuration_file_args 'authorization-plugins' | grep -v '\[]'; then
|
if [[ $(get_docker_configuration_file_args 'authorization-plugins' | grep -v '\[]') ]] && [[ $(get_docker_configuration_file_args 'authorization-plugins' | grep -v '\[]') != "null" ]] ; then
|
||||||
pass -s "$check"
|
pass -s "$check"
|
||||||
logcheckresult "PASS"
|
logcheckresult "PASS"
|
||||||
return
|
return
|
||||||
|
|
Loading…
Reference in a new issue