Merge pull request #300 from konstruktoid/lint

Lint and yell function

docker-bench-security.sh

@@ -1,22 +1,27 @@
 #!/bin/sh
 # ------------------------------------------------------------------------------
-# Docker Bench for Security v1.3.4
+# Docker Bench for Security
 #
 # Docker, Inc. (c) 2015-
 #
 # Checks for dozens of common best-practices around deploying Docker containers in production.
-# Inspired by the CIS Docker Community Edition Benchmark v1.1.0.
 # ------------------------------------------------------------------------------
 
+version='1.3.4'
+
 # Load dependencies
 . ./functions_lib.sh
 . ./helper_lib.sh
 . ./output_lib.sh
 
 # Setup the paths
-this_path=$(abspath "$0")       ## Path of this file including filenamel
+this_path=$(abspath "$0")       ## Path of this file including filename
 myname=$(basename "${this_path}")     ## file name of this script.
 
+readonly version
+readonly this_path
+readonly myname
+
 export PATH=/bin:/sbin:/usr/bin:/usr/local/bin:/usr/sbin/
 
 # Check for required program(s)
@@ -62,14 +67,7 @@ if [ -z "$logger" ]; then
   logger="${myname}.log"
 fi
 
-yell "# ------------------------------------------------------------------------------
+yell_info
-# Docker Bench for Security v1.3.4
-#
-# Docker, Inc. (c) 2015-
-#
-# Checks for dozens of common best-practices around deploying Docker containers in production.
-# Inspired by the CIS Docker Community Edition Benchmark v1.1.0.
-# ------------------------------------------------------------------------------"
 
 # Warn if not root
 ID=$(id -u)
@@ -85,7 +83,7 @@ totalChecks=0
 currentScore=0
 
 logit "Initializing $(date)\n"
-beginjson "1.3.4" "$(date +%s)"
+beginjson "$version" "$(date +%s)"
 
 # Load all the tests from tests/ and run them
 main () {
@@ -118,15 +116,14 @@ main () {
     running_containers=1
   fi
 
-  for test in tests/*.sh
+  for test in tests/*.sh; do
-  do
     . ./"$test"
   done
 
-  if [ -z "$check" ] && [ ! "$checkexclude" ] ; then
+  if [ -z "$check" ] && [ ! "$checkexclude" ]; then
     cis
   elif [ -z "$check" ] && [ "$checkexclude" ]; then
-    checkexcluded="$(echo $checkexclude | sed 's/,/|/g')"
+    checkexcluded="$(echo "$checkexclude" | sed 's/,/|/g')"
     for c in $(grep 'check_[0-9]_' functions_lib.sh | grep -vE "$checkexcluded"); do
       "$c"
     done

helper_lib.sh

@@ -32,8 +32,7 @@ do_version_check() {
 get_command_line_args() {
   PROC="$1"
 
-    for PID in $(pgrep -f -n "$PROC")
+  for PID in $(pgrep -f -n "$PROC"); do
-    do
     tr "\0" " " < /proc/"$PID"/cmdline
   done
 }
@@ -99,7 +98,7 @@ get_docker_configuration_file_args() {
   grep "$OPTION" "$CONFIG_FILE" | sed 's/.*: //g' | tr -d \",
 }
 
-get_systemd_service_file(){
+get_systemd_service_file() {
   SERVICE="$1"
 
   if [ -f "/etc/systemd/system/$SERVICE" ]; then
@@ -110,3 +109,14 @@ get_systemd_service_file(){
     echo "/usr/lib/systemd/system/$SERVICE"
   fi
 }
+
+yell_info() {
+  yell "# ------------------------------------------------------------------------------
+  # Docker Bench for Security v$version
+  #
+  # Docker, Inc. (c) 2015-
+  #
+  # Checks for dozens of common best-practices around deploying Docker containers in production.
+  # Inspired by the CIS Docker Community Edition Benchmark v1.1.0.
+  # ------------------------------------------------------------------------------"
+}