Print remediation measures at the end of the logs

docker-bench-security.sh

@@ -109,6 +109,9 @@ beginjson "$version" "$(date +%s)"
 
 # Load all the tests from tests/ and run them
 main () {
+  logit "\n${bldylw}Section A - Checks result${txtrsr}"
+  globalRemediation=""
+
   # Get configuration location
   get_docker_configuration_file
 
@@ -193,9 +196,12 @@ main () {
     fi
   done
 
-  printf "\n"
+  logit "\n\n${bldylw}Section B - Remediation measures${txtrst}"
+  logit "${globalRemediation}"
+
+  logit "\n\n${bldylw}Section C - Score${txtrst}\n"
   info "Checks: $totalChecks"
-  info "Score: $currentScore"
+  info "Score: $currentScore\n"
 
   endjson "$totalChecks" "$currentScore" "$(date +%s)"
 }

output_lib.sh

@@ -7,10 +7,10 @@ if [ -n "$nocolor" ] && [ "$nocolor" = "nocolor" ]; then
   bldylw=''
   txtrst=''
 else
-  bldred='\033[1;31m'
+  bldred='\033[1;31m' # Bold Red
-  bldgrn='\033[1;32m'
+  bldgrn='\033[1;32m' # Bold Green
-  bldblu='\033[1;34m'
+  bldblu='\033[1;34m' # Bold Blue
-  bldylw='\033[1;33m' # Yellow
+  bldylw='\033[1;33m' # Bold Yellow
   txtrst='\033[0m'
 fi
 
@@ -111,3 +111,45 @@ resulttestjson() {
   fi
   printf "}" | tee -a "$logger.json" 2>/dev/null 1>&2
 }
+
+saveRemediation() {
+  local id remediation remediationImpact
+  while [ "${1}" ]; do
+    case "${1}" in
+      --id)
+        id="${2}"
+        shift
+        ;;
+      --rem)
+        remediation="${2}"
+        shift
+        ;;
+      --imp)
+        remediationImpact="${2}"
+        shift
+        ;;
+      *)
+        echo "Unknown parameter: ${1}" >&2
+        return 1
+    esac
+    if ! shift; then
+      echo 'Missing parameter argument.' >&2
+      return 1
+    fi
+  done
+
+  if [ -n "${remediation}" ]; then
+    if [ -n "${checkHeader}" ]; then
+      if [ -n "${addSpaceHeader}" ]; then
+        globalRemediation="${globalRemediation}\n"
+      fi
+      globalRemediation="${globalRemediation}\n${bldblu}[INFO]${txtrst} ${checkHeader}"
+      checkHeader=""
+      addSpaceHeader="1"
+    fi
+    globalRemediation="${globalRemediation}\n${bldblu}[INFO]${txtrst} ${id} - ${remediation}"
+    if [ -n "${remediationImpact}" ]; then
+      globalRemediation="${globalRemediation} Impact: ${remediationImpact}"
+    fi
+  fi
+}

tests/1_host_configuration.sh

@@ -4,13 +4,12 @@ check_1() {
   logit ""
   local id="1"
   local desc="Host Configuration"
-  local check="$id - $desc"
+  checkHeader="$id - $desc"
-  info "$check"
+  info "$checkHeader"
   startsectionjson "$id" "$desc"
 }
 
 check_1_1() {
-  logit ""
   local id="1.1"
   local desc="General Configuration"
   local check="$id - $desc"
@@ -58,7 +57,6 @@ check_1_1_2() {
 }
 
 check_1_2() {
-  logit ""
   local id="1.2"
   local desc="Linux Hosts Specific Configuration"
   local check="$id - $desc"
@@ -69,7 +67,7 @@ check_1_2() {
 check_1_2_1() {
   local id="1.2.1"
   local desc="Ensure a separate partition for containers has been created (Scored)"
-  local remediation="For new installations, you should create a separate partition for the /var/lib/docker mount point. For systems that have already been installed, you should use the Logical Volume Manager (LVM) within Linux to create a new partition."
+  local remediation="For new installations, you should create a separate partition for the \"/var/lib/docker\" mount point. For systems that have already been installed, you should use the Logical Volume Manager (LVM) within Linux to create a new partition."
   local check="$id - $desc"
   starttestjson "$id" "$desc"
 
@@ -85,7 +83,7 @@ check_1_2_1() {
     currentScore=$((currentScore + 1))
   else
     warn "$check"
-    info "       * Remediation: $remediation"
+    saveRemediation --id "${id}" --rem "${remediation}" --imp "${remediationImpact}"
     resulttestjson "WARN"
     currentScore=$((currentScore - 1))
   fi
@@ -116,8 +114,8 @@ check_1_2_2() {
 check_1_2_3() {
   local id="1.2.3"
   local desc="Ensure auditing is configured for the Docker daemon (Scored)"
-  local remediation="Install and configure auditd using the following command: sudo apt-get install auditd. Add the following line to the /etc/audit/rules.d/audit.rules file: -w /usr/bin/dockerd -k docker. Then restart the audit daemon using the following command: service auditd restart."
+  local remediation="Install and configure auditd using command \"sudo apt-get install auditd\". Add \"-w /usr/bin/dockerd -k docker\" to the \"/etc/audit/rules.d/audit.rules\" file. Then restart the audit daemon using command \"service auditd restart\"."
-  local remediationImpact="Because the audit can generate large log files, you need to make sure that they are rotated and archived periodically. It is a good idea to create a separate partition for audit logs to avoid filling up other critical partitions."
+  local remediationImpact="Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions."
   local check="$id  - $desc"
   starttestjson "$id" "$desc"
 
@@ -130,8 +128,7 @@ check_1_2_3() {
       currentScore=$((currentScore + 1))
     else
       warn "$check"
-      info "       * Remediation: $remediation"
+      saveRemediation --id "${id}" --rem "${remediation}" --imp "${remediationImpact}"
-      info "       * Remediation impact: $remediationImpact"
       resulttestjson "WARN"
       currentScore=$((currentScore - 1))
     fi
@@ -141,8 +138,7 @@ check_1_2_3() {
     currentScore=$((currentScore + 1))
   else
     warn "$check"
-    info "       * Remediation: $remediation"
+    saveRemediation --id "${id}" --rem "${remediation}" --imp "${remediationImpact}"
-    info "       * Remediation impact: $remediationImpact"
     resulttestjson "WARN"
     currentScore=$((currentScore - 1))
   fi
@@ -152,8 +148,8 @@ check_1_2_3() {
 check_1_2_4() {
   local id="1.2.4"
   local desc="Ensure auditing is configured for Docker files and directories - /var/lib/docker (Scored)"
-  local remediation="Install and configure auditd using the following command: sudo apt-get install auditd. Add the following line to the /etc/audit/rules.d/audit.rules file: -w /var/lib/docker -k docker. Then restart the audit daemon using the following command: service auditd restart."
+  local remediation="Install and configure auditd using command \"sudo apt-get install auditd\". Add \"-w /var/lib/docker -k docker\" to the \"/etc/audit/rules.d/audit.rules\" file. Then restart the audit daemon using command \"service auditd restart\"."
-  local remediationImpact="Because the audit can generate large log files, you need to make sure that they are rotated and archived periodically. It is a good idea to create a separate partition for audit logs to avoid filling up other critical partitions."
+  local remediationImpact="Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions."
   local check="$id  - $desc"
   starttestjson "$id" "$desc"
 
@@ -167,8 +163,7 @@ check_1_2_4() {
         currentScore=$((currentScore + 1))
       else
         warn "$check"
-        info "       * Remediation: $remediation"
+        saveRemediation --id "${id}" --rem "${remediation}" --imp "${remediationImpact}"
-        info "       * Remediation impact: $remediationImpact"
         resulttestjson "WARN"
         currentScore=$((currentScore - 1))
       fi
@@ -178,8 +173,7 @@ check_1_2_4() {
       currentScore=$((currentScore + 1))
     else
       warn "$check"
-      info "       * Remediation: $remediation"
+      saveRemediation --id "${id}" --rem "${remediation}" --imp "${remediationImpact}"
-      info "       * Remediation impact: $remediationImpact"
       resulttestjson "WARN"
       currentScore=$((currentScore - 1))
     fi
@@ -195,8 +189,8 @@ check_1_2_4() {
 check_1_2_5() {
   local id="1.2.5"
   local desc="Ensure auditing is configured for Docker files and directories - /etc/docker (Scored)"
-  local remediation="Install and configure auditd using the following command: sudo apt-get install auditd. Add the following line to the /etc/audit/rules.d/audit.rules file: -w /etc/docker -k docker. Then restart the audit daemon using the following command: service auditd restart."
+  local remediation="Install and configure auditd using command \"sudo apt-get install auditd\". Add \"-w /etc/docker -k docker\" to the \"/etc/audit/rules.d/audit.rules\" file. Then restart the audit daemon using command \"service auditd restart\"."
-  local remediationImpact="Because the audit can generate large log files, you need to make sure that they are rotated and archived periodically. It is a good idea to create a separate partition for audit logs to avoid filling up other critical partitions."
+  local remediationImpact="Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions."
   local check="$id  - $desc"
   starttestjson "$id" "$desc"
 
@@ -210,8 +204,7 @@ check_1_2_5() {
         currentScore=$((currentScore + 1))
       else
         warn "$check"
-        info "       * Remediation: $remediation"
+        saveRemediation --id "${id}" --rem "${remediation}" --imp "${remediationImpact}"
-        info "       * Remediation impact: $remediationImpact"
         resulttestjson "WARN"
         currentScore=$((currentScore - 1))
       fi
@@ -221,8 +214,7 @@ check_1_2_5() {
       currentScore=$((currentScore + 1))
     else
       warn "$check"
-      info "       * Remediation: $remediation"
+      saveRemediation --id "${id}" --rem "${remediation}" --imp "${remediationImpact}"
-      info "       * Remediation impact: $remediationImpact"
       resulttestjson "WARN"
       currentScore=$((currentScore - 1))
     fi
@@ -238,8 +230,8 @@ fi
 check_1_2_6() {
   local id="1.2.6"
   local desc="Ensure auditing is configured for Docker files and directories - docker.service (Scored)"
-  local remediation="Install and configure auditd using the following command: sudo apt-get install auditd. Add the following line to the /etc/audit/rules.d/audit.rules file: -w $(systemctl show -p FragmentPath docker.service | sed 's/.*=//') -k docker. Then restart the audit daemon using the following command: service auditd restart."
+  local remediation="Install and configure auditd using command \"sudo apt-get install auditd\". Add \"-w $(systemctl show -p FragmentPath docker.service | sed 's/.*=//') -k docker\" to the \"/etc/audit/rules.d/audit.rules\" file. Then restart the audit daemon using command \"service auditd restart\"."
-  local remediationImpact="Because the audit can generate large log files, you need to make sure that they are rotated and archived periodically. It is a good idea to create a separate partition for audit logs to avoid filling up other critical partitions."
+  local remediationImpact="Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions."
   local check="$id  - $desc"
   starttestjson "$id" "$desc"
 
@@ -253,8 +245,7 @@ check_1_2_6() {
         currentScore=$((currentScore + 1))
       else
         warn "$check"
-        info "       * Remediation: $remediation"
+        saveRemediation --id "${id}" --rem "${remediation}" --imp "${remediationImpact}"
-        info "       * Remediation impact: $remediationImpact"
         resulttestjson "WARN"
         currentScore=$((currentScore - 1))
       fi
@@ -264,8 +255,7 @@ check_1_2_6() {
       currentScore=$((currentScore + 1))
     else
       warn "$check"
-      info "       * Remediation: $remediation"
+      saveRemediation --id "${id}" --rem "${remediation}" --imp "${remediationImpact}"
-      info "       * Remediation impact: $remediationImpact"
       resulttestjson "WARN"
       currentScore=$((currentScore - 1))
     fi
@@ -281,8 +271,8 @@ check_1_2_6() {
 check_1_2_7() {
   local id="1.2.7"
   local desc="Ensure auditing is configured for Docker files and directories - docker.socket (Scored)"
-  local remediation="Install and configure auditd using the following command: sudo apt-get install auditd. Add the following line to the /etc/audit/rules.d/audit.rules file: -w $(systemctl show -p FragmentPath docker.socket | sed 's/.*=//') -k docker. Then restart the audit daemon using the following command: service auditd restart."
+  local remediation="Install and configure auditd using command \"sudo apt-get install auditd\". Add \"-w $(systemctl show -p FragmentPath docker.socket | sed 's/.*=//') -k docker\" to the \"/etc/audit/rules.d/audit.rules\" file. Then restart the audit daemon using command \"service auditd restart\"."
-  local remediationImpact="Because the audit can generate large log files, you need to make sure that they are rotated and archived periodically. It is a good idea to create a separate partition for audit logs to avoid filling up other critical partitions."
+  local remediationImpact="Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions."
   local check="$id  - $desc"
   starttestjson "$id" "$desc"
 
@@ -296,8 +286,7 @@ check_1_2_7() {
         currentScore=$((currentScore + 1))
       else
         warn "$check"
-        info "       * Remediation: $remediation"
+        saveRemediation --id "${id}" --rem "${remediation}" --imp "${remediationImpact}"
-        info "       * Remediation impact: $remediationImpact"
         resulttestjson "WARN"
         currentScore=$((currentScore - 1))
       fi
@@ -307,8 +296,7 @@ check_1_2_7() {
       currentScore=$((currentScore + 1))
     else
       warn "$check"
-      info "       * Remediation: $remediation"
+      saveRemediation --id "${id}" --rem "${remediation}" --imp "${remediationImpact}"
-      info "       * Remediation impact: $remediationImpact"
       resulttestjson "WARN"
       currentScore=$((currentScore - 1))
     fi
@@ -324,8 +312,8 @@ check_1_2_7() {
 check_1_2_8() {
   local id="1.2.8"
   local desc="Ensure auditing is configured for Docker files and directories - /etc/default/docker (Scored)"
-  local remediation="Install and configure auditd using the following command: sudo apt-get install auditd. Add the following line to the /etc/audit/rules.d/audit.rules file: -w /etc/default/docker -k docker. Then restart the audit daemon using the following command: service auditd restart."
+  local remediation="Install and configure auditd using command \"sudo apt-get install auditd\". Add \"-w /etc/default/docker -k docker\" to the \"/etc/audit/rules.d/audit.rules\" file. Then restart the audit daemon using command \"service auditd restart\"."
-  local remediationImpact="Because the audit can generate large log files, you need to make sure that they are rotated and archived periodically. It is a good idea to create a separate partition for audit logs to avoid filling up other critical partitions."
+  local remediationImpact="Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions."
   local check="$id  - $desc"
   starttestjson "$id" "$desc"
 
@@ -339,8 +327,7 @@ check_1_2_8() {
         currentScore=$((currentScore + 1))
       else
         warn "$check"
-        info "       * Remediation: $remediation"
+        saveRemediation --id "${id}" --rem "${remediation}" --imp "${remediationImpact}"
-        info "       * Remediation impact: $remediationImpact"
         resulttestjson "WARN"
         currentScore=$((currentScore - 1))
       fi
@@ -350,8 +337,7 @@ check_1_2_8() {
       currentScore=$((currentScore + 1))
     else
       warn "$check"
-      info "       * Remediation: $remediation"
+      saveRemediation --id "${id}" --rem "${remediation}" --imp "${remediationImpact}"
-      info "       * Remediation impact: $remediationImpact"
       resulttestjson "WARN"
       currentScore=$((currentScore - 1))
     fi
@@ -367,8 +353,8 @@ check_1_2_8() {
 check_1_2_9() {
   local id="1.2.9"
   local desc="Ensure auditing is configured for Docker files and directories - /etc/sysconfig/docker (Scored)"
-  local remediation="Install and configure auditd using the following command: sudo apt-get install auditd. Add the following line to the /etc/audit/rules.d/audit.rules file: -w /etc/sysconfig/docker -k docker. Then restart the audit daemon using the following command: service auditd restart."
+  local remediation="Install and configure auditd using command \"sudo apt-get install auditd\". Add \"-w /etc/sysconfig/docker -k docker\" to the \"/etc/audit/rules.d/audit.rules\" file. Then restart the audit daemon using command \"service auditd restart\"."
-  local remediationImpact="Because the audit can generate large log files, you need to make sure that they are rotated and archived periodically. It is a good idea to create a separate partition for audit logs to avoid filling up other critical partitions."
+  local remediationImpact="Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions."
   local check="$id  - $desc"
   starttestjson "$id" "$desc"
 
@@ -382,8 +368,7 @@ check_1_2_9() {
         currentScore=$((currentScore + 1))
       else
         warn "$check"
-        info "       * Remediation: $remediation"
+        saveRemediation --id "${id}" --rem "${remediation}" --imp "${remediationImpact}"
-        info "       * Remediation impact: $remediationImpact"
         resulttestjson "WARN"
         currentScore=$((currentScore - 1))
       fi
@@ -393,8 +378,7 @@ check_1_2_9() {
       currentScore=$((currentScore + 1))
     else
       warn "$check"
-      info "       * Remediation: $remediation"
+      saveRemediation --id "${id}" --rem "${remediation}" --imp "${remediationImpact}"
-      info "       * Remediation impact: $remediationImpact"
       resulttestjson "WARN"
       currentScore=$((currentScore - 1))
     fi
@@ -410,8 +394,8 @@ check_1_2_9() {
 check_1_2_10() {
   local id="1.2.10"
   local desc="Ensure auditing is configured for Docker files and directories - /etc/docker/daemon.json (Scored)"
-  local remediation="Install and configure auditd using the following command: sudo apt-get install auditd. Add the following line to the /etc/audit/rules.d/audit.rules file: -w /etc/docker/daemon.json -k docker. Then restart the audit daemon using the following command: service auditd restart."
+  local remediation="Install and configure auditd using command \"sudo apt-get install auditd\". Add \"-w /etc/docker/daemon.json -k docker\" to the \"/etc/audit/rules.d/audit.rules\" file. Then restart the audit daemon using command \"service auditd restart\"."
-  local remediationImpact="Because the audit can generate large log files, you need to make sure that they are rotated and archived periodically. It is a good idea to create a separate partition for audit logs to avoid filling up other critical partitions."
+  local remediationImpact="Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions."
   local check="$id  - $desc"
   starttestjson "$id" "$desc"
 
@@ -425,8 +409,7 @@ check_1_2_10() {
         currentScore=$((currentScore + 1))
       else
         warn "$check"
-        info "       * Remediation: $remediation"
+        saveRemediation --id "${id}" --rem "${remediation}" --imp "${remediationImpact}"
-        info "       * Remediation impact: $remediationImpact"
         resulttestjson "WARN"
         currentScore=$((currentScore - 1))
       fi
@@ -436,8 +419,7 @@ check_1_2_10() {
       currentScore=$((currentScore + 1))
     else
       warn "$check"
-      info "       * Remediation: $remediation"
+      saveRemediation --id "${id}" --rem "${remediation}" --imp "${remediationImpact}"
-      info "       * Remediation impact: $remediationImpact"
       resulttestjson "WARN"
       currentScore=$((currentScore - 1))
     fi
@@ -453,8 +435,8 @@ check_1_2_10() {
 check_1_2_11() {
   local id="1.2.11"
   local desc="Ensure auditing is configured for Docker files and directories - /usr/bin/containerd (Scored)"
-  local remediation="Install and configure auditd using the following command: sudo apt-get install auditd. Add the following line to the /etc/audit/rules.d/audit.rules file: -w /usr/bin/containerd -k docker. Then restart the audit daemon using the following command: service auditd restart."
+  local remediation="Install and configure auditd using command \"sudo apt-get install auditd\". Add \"-w /usr/bin/containerd -k docker\" to the \"/etc/audit/rules.d/audit.rules\" file. Then restart the audit daemon using command \"service auditd restart\"."
-  local remediationImpact="Because the audit can generate large log files, you need to make sure that they are rotated and archived periodically. It is a good idea to create a separate partition for audit logs to avoid filling up other critical partitions."
+  local remediationImpact="Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions."
   local check="$id  - $desc"
   starttestjson "$id" "$desc"
 
@@ -468,8 +450,7 @@ check_1_2_11() {
         currentScore=$((currentScore + 1))
       else
         warn "$check"
-        info "       * Remediation: $remediation"
+        saveRemediation --id "${id}" --rem "${remediation}" --imp "${remediationImpact}"
-        info "       * Remediation impact: $remediationImpact"
         resulttestjson "WARN"
         currentScore=$((currentScore - 1))
       fi
@@ -479,8 +460,7 @@ check_1_2_11() {
       currentScore=$((currentScore + 1))
     else
       warn "$check"
-      info "       * Remediation: $remediation"
+      saveRemediation --id "${id}" --rem "${remediation}" --imp "${remediationImpact}"
-      info "       * Remediation impact: $remediationImpact"
       resulttestjson "WARN"
       currentScore=$((currentScore - 1))
     fi
@@ -496,8 +476,8 @@ check_1_2_11() {
 check_1_2_12() {
   local id="1.2.12"
   local desc="Ensure auditing is configured for Docker files and directories - /usr/sbin/runc (Scored)"
-  local remediation="Install and configure auditd using the following command: sudo apt-get install auditd. Add the following line to the /etc/audit/rules.d/audit.rules file: -w /usr/sbin/runc -k docker. Then restart the audit daemon using the following command: service auditd restart."
+  local remediation="Install and configure auditd using command \"sudo apt-get install auditd\". Add \"-w /usr/sbin/runc -k docker\" to the \"/etc/audit/rules.d/audit.rules\" file. Then restart the audit daemon using command \"service auditd restart\"."
-  local remediationImpact="Because the audit can generate large log files, you need to make sure that they are rotated and archived periodically. It is a good idea to create a separate partition for audit logs to avoid filling up other critical partitions."
+  local remediationImpact="Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions."
   local check="$id  - $desc"
   starttestjson "$id" "$desc"
 
@@ -511,8 +491,7 @@ check_1_2_12() {
         currentScore=$((currentScore + 1))
       else
         warn "$check"
-        info "       * Remediation: $remediation"
+        saveRemediation --id "${id}" --rem "${remediation}" --imp "${remediationImpact}"
-        info "       * Remediation impact: $remediationImpact"
         resulttestjson "WARN"
         currentScore=$((currentScore - 1))
       fi
@@ -522,8 +501,7 @@ check_1_2_12() {
       currentScore=$((currentScore + 1))
     else
       warn "$check"
-      info "       * Remediation: $remediation"
+      saveRemediation --id "${id}" --rem "${remediation}" --imp "${remediationImpact}"
-      info "       * Remediation impact: $remediationImpact"
       resulttestjson "WARN"
       currentScore=$((currentScore - 1))
     fi

tests/2_docker_daemon_configuration.sh

@@ -1,11 +1,11 @@
 #!/bin/sh
 
 check_2() {
-  logit "\n"
+  logit ""
   local id="2"
   local desc="Docker daemon configuration"
-  local check="$id - $desc"
+  checkHeader="$id - $desc"
-  info "$check"
+  info "$checkHeader"
   startsectionjson "$id" "$desc"
 }
 
@@ -13,6 +13,8 @@ check_2() {
 check_2_1() {
   local id="2.1"
   local desc="Ensure network traffic is restricted between containers on the default bridge (Scored)"
+  local remediation="Edit the Docker daemon configuration file to ensure that inter-container communication is disabled: \"icc\": false"
+  local remediationImpact="Inter-container communication is disabled on the default network bridge. If any communication between containers on the same host is desired, it needs to be explicitly defined using container linking or custom networks."
   local check="$id  - $desc"
   starttestjson "$id" "$desc"
 
@@ -27,6 +29,7 @@ check_2_1() {
     currentScore=$((currentScore + 1))
   else
     warn "$check"
+    saveRemediation --id "${id}" --rem "${remediation}" --imp "${remediationImpact}"
     resulttestjson "WARN"
     currentScore=$((currentScore - 1))
   fi

tests/3_docker_daemon_configuration_files.sh

@@ -1,11 +1,11 @@
 #!/bin/sh
 
 check_3() {
-  logit "\n"
+  logit ""
   local id="3"
   local desc="Docker daemon configuration files"
-  local check="$id - $desc"
+  checkHeader="$id - $desc"
-  info "$check"
+  info "$checkHeader"
   startsectionjson "$id" "$desc"
 }
 

tests/4_container_images.sh

@@ -1,11 +1,11 @@
 #!/bin/sh
 
 check_4() {
-  logit "\n"
+  logit ""
   local id="4"
   local desc="Container Images and Build File"
-  local check="$id - $desc"
+  checkHeader="$id - $desc"
-  info "$check"
+  info "$checkHeader"
   startsectionjson "$id" "$desc"
 }
 
@@ -104,6 +104,8 @@ check_4_4() {
 check_4_5() {
   local id="4.5"
   local desc="Ensure Content trust for Docker is Enabled (Scored)"
+  local remediation="Add \"DOCKER_CONTENT_TRUST\" variable to the \"/etc/environment\" file using command \"echo \"DOCKER_CONTENT_TRUST=1\" | sudo tee -a /etc/environment\"."
+  local remediationImpact="This prevents users from working with tagged images unless they contain a signature."
   local check="$id  - $desc"
   starttestjson "$id" "$desc"
 
@@ -114,6 +116,7 @@ check_4_5() {
     currentScore=$((currentScore + 1))
   else
     warn "$check"
+    saveRemediation --id "${id}" --rem "${remediation}" --imp "${remediationImpact}"
     resulttestjson "WARN"
     currentScore=$((currentScore - 1))
   fi

tests/5_container_runtime.sh

@@ -1,11 +1,11 @@
 #!/bin/sh
 
 check_5() {
-  logit "\n"
+  logit ""
   local id="5"
   local desc="Container Runtime"
-  local check="$id - $desc"
+  checkHeader="$id - $desc"
-  info "$check"
+  info "$checkHeader"
   startsectionjson "$id" "$desc"
 }
 

tests/6_docker_security_operations.sh

@@ -1,11 +1,11 @@
 #!/bin/sh
 
 check_6() {
-  logit "\n"
+  logit ""
   local id="6"
   local desc="Docker Security Operations"
-  local check="$id - $desc"
+  checkHeader="$id - $desc"
-  info "$check"
+  info "$checkHeader"
   startsectionjson "$id" "$desc"
 }
 

tests/7_docker_swarm_configuration.sh

@@ -1,11 +1,11 @@
 #!/bin/sh
 
 check_7() {
-  logit "\n"
+  logit ""
   local id="7"
   local desc="Docker Swarm Configuration"
-  local check="$id - $desc"
+  checkHeader="$id - $desc"
-  info "$check"
+  info "$checkHeader"
   startsectionjson "$id" "$desc"
 }
 

tests/8_docker_enterprise_configuration.sh

@@ -1,11 +1,11 @@
 #!/bin/sh
 
 check_8() {
-  logit "\n"
+  logit ""
   local id="8"
   local desc="Docker Enterprise Configuration"
-  local check="$id - $desc"
+  checkHeader="$id - $desc"
-  info "$check"
+  info "$checkHeader"
   startsectionjson "$id" "$desc"
 }
 
@@ -153,7 +153,6 @@ check_8_2() {
     return
   fi
 
-  logit "\n"
   local id="8.2"
   local desc="Docker Trusted Registry Configuration"
   local check="$id - $desc"

tests/99_community_checks.sh

@@ -1,10 +1,10 @@
 #!/bin/sh
 check_c() {
-  logit "\n"
+  logit ""
   local id="99"
   local desc="Community contributed checks"
-  local check="$id - $desc"
+  checkHeader="$id - $desc"
-  info "$check"
+  info "$checkHeader"
   startsectionjson "$id" "$desc"
 }