mirror of
https://github.com/docker/docker-bench-security.git
synced 2025-01-18 16:22:33 +01:00
skeleton json
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
This commit is contained in:
Thomas Sjögren
parent
a5a40e80a9
commit
809da21c4a
3 changed files with 26 additions and 0 deletions
|
|
@ -72,6 +72,7 @@ if [ "x$ID" != "x0" ]; then
|
|||
fi
|
||||
|
||||
logit "Initializing $(date)\n"
|
||||
beginjson "$(date +%s)"
|
||||
|
||||
# Load all the tests from tests/ and run them
|
||||
main () {
|
||||
|
|
@ -92,6 +93,8 @@ main () {
|
|||
do
|
||||
. ./"$test"
|
||||
done
|
||||
|
||||
endjson "$(date +%s)"
|
||||
}
|
||||
|
||||
main "$@"
|
||||
|
|
|
|||
|
|
@ -28,3 +28,15 @@ note () {
|
|||
yell () {
|
||||
printf "%b\n" "${bldylw}$1${txtrst}\n"
|
||||
}
|
||||
|
||||
beginjson () {
|
||||
printf "{\n \"start\": %s," "$1" | tee "$logger.json" 2>/dev/null 1>&2
|
||||
}
|
||||
|
||||
endjson (){
|
||||
printf "\n \"end\": %s \n}\n" "$1" | tee -a "$logger.json" 2>/dev/null 1>&2
|
||||
}
|
||||
|
||||
logjson (){
|
||||
printf "\n \"%s\": \"%s\"," "$1" "$2" | tee -a "$logger.json" 2>/dev/null 1>&2
|
||||
}
|
||||
|
|
|
|||
|
|
@ -8,15 +8,19 @@ auditrules="/etc/audit/audit.rules"
|
|||
check_1_1="1.1 - Ensure a separate partition for containers has been created"
|
||||
if grep /var/lib/docker /etc/fstab >/dev/null 2>&1; then
|
||||
pass "$check_1_1"
|
||||
logjson "1.1" "PASS"
|
||||
elif mountpoint -q -- /var/lib/docker >/dev/null 2>&1; then
|
||||
pass "$check_1_1"
|
||||
logjson "1.1" "PASS"
|
||||
else
|
||||
warn "$check_1_1"
|
||||
logjson "1.1" "WARN"
|
||||
fi
|
||||
|
||||
# 1.2
|
||||
check_1_2="1.2 - Ensure the container host has been Hardened"
|
||||
note "$check_1_2"
|
||||
logjson "1.2" "INFO"
|
||||
|
||||
# 1.3
|
||||
check_1_3="1.3 - Ensure Docker is up to date"
|
||||
|
|
@ -28,10 +32,12 @@ if [ $? -eq 11 ]; then
|
|||
info "$check_1_3"
|
||||
info " * Using $docker_version, verify is it up to date as deemed necessary"
|
||||
info " * Your operating system vendor may provide support and security maintenance for Docker"
|
||||
logjson "1.3" "INFO"
|
||||
else
|
||||
pass "$check_1_3"
|
||||
info " * Using $docker_version which is current"
|
||||
info " * Check with your operating system vendor for support and security maintenance for Docker"
|
||||
logjson "1.3" "PASS"
|
||||
fi
|
||||
|
||||
# 1.4
|
||||
|
|
@ -40,6 +46,7 @@ docker_users=$(getent group docker)
|
|||
info "$check_1_4"
|
||||
for u in $docker_users; do
|
||||
info " * $u"
|
||||
logjson "1.4" "$u"
|
||||
done
|
||||
|
||||
# 1.5
|
||||
|
|
@ -48,13 +55,17 @@ file="/usr/bin/docker "
|
|||
if command -v auditctl >/dev/null 2>&1; then
|
||||
if auditctl -l | grep "$file" >/dev/null 2>&1; then
|
||||
pass "$check_1_5"
|
||||
logjson "1.5" "PASS"
|
||||
else
|
||||
warn "$check_1_5"
|
||||
logjson "1.5" "WARN"
|
||||
fi
|
||||
elif grep -s "$file" "$auditrules" | grep "^[^#;]" 2>/dev/null 1>&2; then
|
||||
pass "$check_1_5"
|
||||
logjson "1.5" "PASS"
|
||||
else
|
||||
warn "$check_1_5"
|
||||
logjson "1.5" "WARN"
|
||||
fi
|
||||
|
||||
# 1.6
|
||||
|
|
|
|||
Loading…
Reference in a new issue