From 81ac358e82625887eb20de6748c4fe338f50c0bd Mon Sep 17 00:00:00 2001 From: Razvan Stoica Date: Mon, 29 Mar 2021 15:32:34 +0300 Subject: [PATCH] Remove temporary files --- functions/output_lib.sh.save | 194 ------ ..._docker_daemon_configuration_files.sh.save | 607 ------------------ 2 files changed, 801 deletions(-) delete mode 100644 functions/output_lib.sh.save delete mode 100644 tests/3_docker_daemon_configuration_files.sh.save diff --git a/functions/output_lib.sh.save b/functions/output_lib.sh.save deleted file mode 100644 index 6ead504..0000000 --- a/functions/output_lib.sh.save +++ /dev/null @@ -1,194 +0,0 @@ -#!/bin/sh - -bldred='\033[1;31m' # Bold Red -bldgrn='\033[1;32m' # Bold Green -bldblu='\033[1;34m' # Bold Blue -bldylw='\033[1;33m' # Bold Yellow -txtrst='\033[0m' - -if [ -n "$nocolor" -] && [ "$nocolor" = "nocolor" ]; then - bldred='' - bldgrn='' - bldblu='' - bldylw='' - txtrst='' -fi - -logit () { - printf "%b\n" "$1" | tee -a "$logger" -} - -info () { - local infoCountCheck - while getopts c args - do - case $args in - c) infoCountCheck="true" ;; - *) exit 1 ;; - esac - done - if [ "$infoCountCheck" = "true" ]; then - printf "%b\n" "${bldblu}[INFO]${txtrst} $2" | tee -a "$logger" - totalChecks=$((totalChecks + 1)) - return - fi - printf "%b\n" "${bldblu}[INFO]${txtrst} $1" | tee -a "$logger" -} - -pass () { - local passScored - while getopts sc args - do - case $args in - s) passScored="true" ;; - c) passCountCheck="true" ;; - *) exit 1 ;; - esac - done - if [ "$passScored" = "true" ] || [ "$passCountCheck" = "true" ]; then - printf "%b\n" "${bldgrn}[PASS]${txtrst} $2" | tee -a "$logger" - totalChecks=$((totalChecks + 1)) - fi - if [ "$passScored" = "true" ]; then - currentScore=$((currentScore + 1)) - fi - if [ "$passScored" != "true" ] && [ "$passCountCheck" != "true" ]; then - printf "%b\n" "${bldgrn}[PASS]${txtrst} $1" | tee -a "$logger" - fi -} - -warn () { - local warnScored - while getopts s args - do - case $args in - s) warnScored="true" ;; - *) exit 1 ;; - esac - done - if [ "$warnScored" = "true" ]; then - printf "%b\n" "${bldred}[WARN]${txtrst} $2" | tee -a "$logger" - totalChecks=$((totalChecks + 1)) - currentScore=$((currentScore - 1)) - return - fi - printf "%b\n" "${bldred}[WARN]${txtrst} $1" | tee -a "$logger" -} - -note () { - local noteCountCheck - while getopts c args - do - case $args in - c) noteCountCheck="true" ;; - *) exit 1 ;; - esac - done - if [ "$noteCountCheck" = "true" ]; then - printf "%b\n" "${bldylw}[NOTE]${txtrst} $2" | tee -a "$logger" - totalChecks=$((totalChecks + 1)) - return - fi - printf "%b\n" "${bldylw}[NOTE]${txtrst} $1" | tee -a "$logger" -} - -yell () { - printf "%b\n" "${bldylw}$1${txtrst}\n" -} - -appendjson () { - if [ -s "$logger.json" ]; then - tail -n 1 "$logger.json" | wc -c | xargs -I {} truncate "$logger.json" -s -{} - printf "},\n" | tee -a "$logger.json" 2>/dev/null 1>&2 - return - fi - printf "[" | tee -a "$logger.json" 2>/dev/null 1>&2 -} - -beginjson () { - printf "{\n \"dockerbenchsecurity\": \"%s\",\n \"start\": %s,\n \"tests\": [" "$1" "$2" | tee -a "$logger.json" 2>/dev/null 1>&2 -} - -endjson (){ - printf "\n ], \"checks\": %s, \"score\": %s, \"end\": %s\n}]" "$1" "$2" "$3" | tee -a "$logger.json" 2>/dev/null 1>&2 -} - -logjson (){ - printf "\n \"%s\": \"%s\"," "$1" "$2" | tee -a "$logger.json" 2>/dev/null 1>&2 -} - -SSEP= -SEP= -startsectionjson() { - printf "%s\n {\"id\": \"%s\", \"desc\": \"%s\", \"results\": [" "$SSEP" "$1" "$2" | tee -a "$logger.json" 2>/dev/null 1>&2 - SEP= - SSEP="," -} - -endsectionjson() { - printf "\n ]}" | tee -a "$logger.json" 2>/dev/null 1>&2 -} - -starttestjson() { - printf "%s\n {\"id\": \"%s\", \"desc\": \"%s\", " "$SEP" "$1" "$2" | tee -a "$logger.json" 2>/dev/null 1>&2 - SEP="," -} - -logcheckresult() { - # Log to JSON - if [ $# -eq 1 ]; then - printf "\"result\": \"%s\"" "$1" | tee -a "$logger.json" 2>/dev/null 1>&2 - fi - - if [ $# -eq 2 ] && [ $# -ne 1 ]; then - # Result also contains details - printf "\"result\": \"%s\", \"details\": \"%s\"" "$1" "$2" | tee -a "$logger.json" 2>/dev/null 1>&2 - fi - - if [ $# -ne 2 ] && [ $# -ne 1 ]; then - # Result also includes details and a list of items. Add that directly to details and to an array property "items" - # Also limit the number of items to $limit, if $limit is non-zero - if [ $limit != 0 ]; then - truncItems="" - ITEM_COUNT=0 - for item in $3; do - truncItems="$truncItems $item" - ITEM_COUNT=$((ITEM_COUNT + 1)); - if [ "$ITEM_COUNT" == "$limit" ]; then - truncItems="$truncItems (truncated)" - break; - fi - done - else - truncItems=$3 - fi - itemsJson=$(printf "["; ISEP=""; ITEMCOUNT=0; for item in $truncItems; do printf "%s\"%s\"" "$ISEP" "$item"; ISEP=","; done; printf "]") - printf "\"result\": \"%s\", \"details\": \"%s: %s\", \"items\": %s" "$1" "$2" "$truncItems" "$itemsJson" | tee -a "$logger.json" 2>/dev/null 1>&2 - fi - - # Log remediation measure to JSON - if [ -n "$remediation" ] && [ "$1" != "PASS" ] && [ "$printremediation" = "1" ]; then - printf ", \"remediation\": \"%s\"" "$remediation" | tee -a "$logger.json" 2>/dev/null 1>&2 - if [ -n "$remediationImpact" ]; then - printf ", \"remediation-impact\": \"%s\"" "$remediationImpact" | tee -a "$logger.json" 2>/dev/null 1>&2 - fi - fi - printf "}" | tee -a "$logger.json" 2>/dev/null 1>&2 - - # Save remediation measure for print log to stdout - if [ -n "$remediation" ] && [ "$1" != "PASS" ]; then - if [ -n "${checkHeader}" ]; then - if [ -n "${addSpaceHeader}" ]; then - globalRemediation="${globalRemediation}\n" - fi - globalRemediation="${globalRemediation}\n${bldblu}[INFO]${txtrst} ${checkHeader}" - checkHeader="" - addSpaceHeader="1" - fi - globalRemediation="${globalRemediation}\n${bldblu}[INFO]${txtrst} ${id} - ${remediation}" - if [ -n "${remediationImpact}" ]; then - globalRemediation="${globalRemediation} Impact: ${remediationImpact}" - fi - fi -} diff --git a/tests/3_docker_daemon_configuration_files.sh.save b/tests/3_docker_daemon_configuration_files.sh.save deleted file mode 100644 index 0d9019f..0000000 --- a/tests/3_docker_daemon_configuration_files.sh.save +++ /dev/null @@ -1,607 +0,0 @@ -#!/bin/sh - -check_3() { - logit "" - local id="3" - local desc="Docker daemon configuration files" - checkHeader="$id - $desc" - info "$checkHeader" - startsectionjson "$id" "$desc" -} - -check_3_1() { - local id="3.1" - local desc="Ensure that the docker.service file ownership is set to root:root (Scored)" - local remediation="Find out the file location: systemctl show -p FragmentPath docker.service. - -IFind out the file location: -systemctl show -p FragmentPath docker.service - -" - local remediationImpact="None." - local check="$id - $desc" - starttestjson "$id" "$desc" - - file="$(get_service_file docker.service)" - if [ -f "$file" ]; then - if [ "$(stat -c %u%g $file)" -eq 00 ]; then - pass -s "$check" - logcheckresult "PASS" - else - warn -s "$check" - warn " * Wrong ownership for $file" - logcheckresult "WARN" "Wrong ownership for $file" - fi - else - info -c "$check" - info " * File not found" - logcheckresult "INFO" "File not found" - fi -} - -check_3_2() { - local id="3.2" - local desc="Ensure that docker.service file permissions are appropriately set (Scored)" - local remediation="" - local remediationImpact="None." - local check="$id - $desc" - starttestjson "$id" "$desc" - - file="$(get_service_file docker.service)" - if [ -f "$file" ]; then - if [ "$(stat -c %a $file)" -le 644 ]; then - pass -s "$check" - logcheckresult "PASS" - else - warn -s "$check" - warn " * Wrong permissions for $file" - logcheckresult "WARN" "Wrong permissions for $file" - fi - else - info -c "$check" - info " * File not found" - logcheckresult "INFO" "File not found" - fi -} - -check_3_3() { - local id="3.3" - local desc="Ensure that docker.socket file ownership is set to root:root (Scored)" - local remediation="" - local remediationImpact="None." - local check="$id - $desc" - starttestjson "$id" "$desc" - - file="$(get_service_file docker.socket)" - if [ -f "$file" ]; then - if [ "$(stat -c %u%g $file)" -eq 00 ]; then - pass -s "$check" - logcheckresult "PASS" - else - warn -s "$check" - warn " * Wrong ownership for $file" - logcheckresult "WARN" "Wrong ownership for $file" - fi - else - info -c "$check" - info " * File not found" - logcheckresult "INFO" "File not found" - fi -} - -check_3_4() { - local id="3.4" - local desc="Ensure that docker.socket file permissions are set to 644 or more restrictive (Scored)" - local remediation="" - local remediationImpact="None." - local check="$id - $desc" - starttestjson "$id" "$desc" - - file="$(get_service_file docker.socket)" - if [ -f "$file" ]; then - if [ "$(stat -c %a $file)" -le 644 ]; then - pass -s "$check" - logcheckresult "PASS" - else - warn -s "$check" - warn " * Wrong permissions for $file" - logcheckresult "WARN" "Wrong permissions for $file" - fi - else - info -c "$check" - info " * File not found" - logcheckresult "INFO" "File not found" - fi -} - -check_3_5() { - local id="3.5" - local desc="Ensure that the /etc/docker directory ownership is set to root:root (Scored)" - local remediation="You should run the following command: chown root:root /etc/docker. This sets the ownership and group ownership for the directory to root." - local remediationImpact="None." - local check="$id - $desc" - starttestjson "$id" "$desc" - - directory="/etc/docker" - if [ -d "$directory" ]; then - if [ "$(stat -c %u%g $directory)" -eq 00 ]; then - pass -s "$check" - logcheckresult "PASS" - else - warn -s "$check" - warn " * Wrong ownership for $directory" - logcheckresult "WARN" "Wrong ownership for $directory" - fi - else - info -c "$check" - info " * Directory not found" - logcheckresult "INFO" "Directory not found" - fi -} - -check_3_6() { - local id="3.6" - local desc="Ensure that /etc/docker directory permissions are set to 755 or more restrictively (Scored)" - local remediation="You should run the following command: chmod 755 /etc/docker. This sets the permissions for the directory to 755." - local remediationImpact="None." - local check="$id - $desc" - starttestjson "$id" "$desc" - - directory="/etc/docker" - if [ -d "$directory" ]; then - if [ "$(stat -c %a $directory)" -le 755 ]; then - pass -s "$check" - logcheckresult "PASS" - else - warn -s "$check" - warn " * Wrong permissions for $directory" - logcheckresult "WARN" "Wrong permissions for $directory" - fi - else - info -c "$check" - info " * Directory not found" - logcheckresult "INFO" "Directory not found" - fi -} - -check_3_7() { - local id="3.7" - local desc="Ensure that registry certificate file ownership is set to root:root (Scored)" - local remediation="You should run the following command: chown root:root /etc/docker/certs.d//*. This would set the individual ownership and group ownership for the registry certificate files to root." - local remediationImpact="None." - local check="$id - $desc" - starttestjson "$id" "$desc" - - directory="/etc/docker/certs.d/" - if [ -d "$directory" ]; then - fail=0 - owners=$(find "$directory" -type f -name '*.crt') - for p in $owners; do - if [ "$(stat -c %u $p)" -ne 0 ]; then - fail=1 - fi - done - if [ $fail -eq 1 ]; then - warn -s "$check" - warn " * Wrong ownership for $directory" - logcheckresult "WARN" "Wrong ownership for $directory" - else - pass -s "$check" - logcheckresult "PASS" - fi - else - info -c "$check" - info " * Directory not found" - logcheckresult "INFO" "Directory not found" - fi -} - -check_3_8() { - local id="3.8" - local desc="Ensure that registry certificate file permissions are set to 444 or more restrictively (Scored)" - local remediation="You should run the following command: chmod 444 /etc/docker/certs.d//*. This would set the permissions for the registry certificate files to 444." - local remediationImpact="None." - local check="$id - $desc" - starttestjson "$id" "$desc" - - directory="/etc/docker/certs.d/" - if [ -d "$directory" ]; then - fail=0 - perms=$(find "$directory" -type f -name '*.crt') - for p in $perms; do - if [ "$(stat -c %a $p)" -gt 444 ]; then - fail=1 - fi - done - if [ $fail -eq 1 ]; then - warn -s "$check" - warn " * Wrong permissions for $directory" - logcheckresult "WARN" "Wrong permissions for $directory" - else - pass -s "$check" - logcheckresult "PASS" - fi - else - info -c "$check" - info " * Directory not found" - logcheckresult "INFO" "Directory not found" - fi -} - -check_3_9() { - local id="3.9" - local desc="Ensure that TLS CA certificate file ownership is set to root:root (Scored)" - local remediation="You should run the following command: chown root:root . This sets the individual ownership and group ownership for the TLS CA certificate file to root." - local remediationImpact="None." - local check="$id - $desc" - starttestjson "$id" "$desc" - - if [ -n "$(get_docker_configuration_file_args 'tlscacert')" ]; then - tlscacert=$(get_docker_configuration_file_args 'tlscacert') - else - tlscacert=$(get_docker_effective_command_line_args '--tlscacert' | sed -n 's/.*tlscacert=\([^s]\)/\1/p' | sed 's/--/ --/g' | cut -d " " -f 1) - fi - if [ -f "$tlscacert" ]; then - if [ "$(stat -c %u%g "$tlscacert")" -eq 00 ]; then - pass -s "$check" - logcheckresult "PASS" - else - warn -s "$check" - warn " * Wrong ownership for $tlscacert" - logcheckresult "WARN" "Wrong ownership for $tlscacert" - fi - else - info -c "$check" - info " * No TLS CA certificate found" - logcheckresult "INFO" "No TLS CA certificate found" - fi -} - -check_3_10() { - local id="3.10" - local desc="Ensure that TLS CA certificate file permissions are set to 444 or more restrictively (Scored)" - local remediation="You should run the following command: chmod 444 . This sets the file permissions on the TLS CA file to 444." - local remediationImpact="None." - local check="$id - $desc" - starttestjson "$id" "$desc" - - if [ -n "$(get_docker_configuration_file_args 'tlscacert')" ]; then - tlscacert=$(get_docker_configuration_file_args 'tlscacert') - else - tlscacert=$(get_docker_effective_command_line_args '--tlscacert' | sed -n 's/.*tlscacert=\([^s]\)/\1/p' | sed 's/--/ --/g' | cut -d " " -f 1) - fi - if [ -f "$tlscacert" ]; then - if [ "$(stat -c %a $tlscacert)" -le 444 ]; then - pass -s "$check" - logcheckresult "PASS" - else - warn -s "$check" - warn " * Wrong permissions for $tlscacert" - logcheckresult "WARN" "Wrong permissions for $tlscacert" - fi - else - info -c "$check" - info " * No TLS CA certificate found" - logcheckresult "INFO" "No TLS CA certificate found" - fi -} - -check_3_11() { - local id="3.11" - local desc="Ensure that Docker server certificate file ownership is set to root:root (Scored)" - local remediation="You should run the following command: chown root:root . This sets the individual ownership and the group ownership for the Docker server certificate file to root." - local remediationImpact="None." - local check="$id - $desc" - starttestjson "$id" "$desc" - - if [ -n "$(get_docker_configuration_file_args 'tlscert')" ]; then - tlscert=$(get_docker_configuration_file_args 'tlscert') - else - tlscert=$(get_docker_effective_command_line_args '--tlscert' | sed -n 's/.*tlscert=\([^s]\)/\1/p' | sed 's/--/ --/g' | cut -d " " -f 1) - fi - if [ -f "$tlscert" ]; then - if [ "$(stat -c %u%g "$tlscert")" -eq 00 ]; then - pass -s "$check" - logcheckresult "PASS" - else - warn -s "$check" - warn " * Wrong ownership for $tlscert" - logcheckresult "WARN" "Wrong ownership for $tlscert" - fi - else - info -c "$check" - info " * No TLS Server certificate found" - logcheckresult "INFO" "No TLS Server certificate found" - fi -} - -check_3_12() { - local id="3.12" - local desc="Ensure that the Docker server certificate file permissions are set to 444 or more restrictively (Scored)" - local remediation="You should run the following command: chmod 444 . This sets the file permissions of the Docker server certificate file to 444." - local remediationImpact="None." - local check="$id - $desc" - starttestjson "$id" "$desc" - - if [ -n "$(get_docker_configuration_file_args 'tlscert')" ]; then - tlscert=$(get_docker_configuration_file_args 'tlscert') - else - tlscert=$(get_docker_effective_command_line_args '--tlscert' | sed -n 's/.*tlscert=\([^s]\)/\1/p' | sed 's/--/ --/g' | cut -d " " -f 1) - fi - if [ -f "$tlscert" ]; then - if [ "$(stat -c %a $tlscert)" -le 444 ]; then - pass -s "$check" - logcheckresult "PASS" - else - warn -s "$check" - warn " * Wrong permissions for $tlscert" - logcheckresult "WARN" "Wrong permissions for $tlscert" - fi - else - info -c "$check" - info " * No TLS Server certificate found" - logcheckresult "INFO" "No TLS Server certificate found" - fi -} - -check_3_13() { - local id="3.13" - local desc="Ensure that the Docker server certificate key file ownership is set to root:root (Scored)" - local remediation="You should run the following command: chown root:root . This sets the individual ownership and group ownership for the Docker server certificate key file to root." - local remediationImpact="None." - local check="$id - $desc" - starttestjson "$id" "$desc" - - if [ -n "$(get_docker_configuration_file_args 'tlskey')" ]; then - tlskey=$(get_docker_configuration_file_args 'tlskey') - else - tlskey=$(get_docker_effective_command_line_args '--tlskey' | sed -n 's/.*tlskey=\([^s]\)/\1/p' | sed 's/--/ --/g' | cut -d " " -f 1) - fi - if [ -f "$tlskey" ]; then - if [ "$(stat -c %u%g "$tlskey")" -eq 00 ]; then - pass -s "$check" - logcheckresult "PASS" - else - warn -s "$check" - warn " * Wrong ownership for $tlskey" - logcheckresult "WARN" "Wrong ownership for $tlskey" - fi - else - info -c "$check" - info " * No TLS Key found" - logcheckresult "INFO" "No TLS Key found" - fi -} - -check_3_14() { - local id="3.14" - local desc="Ensure that the Docker server certificate key file permissions are set to 400 (Scored)" - local remediation="You should run the following command: chmod 400 . This sets the Docker server certificate key file permissions to 400." - local remediationImpact="None." - local check="$id - $desc" - starttestjson "$id" "$desc" - - if [ -n "$(get_docker_configuration_file_args 'tlskey')" ]; then - tlskey=$(get_docker_configuration_file_args 'tlskey') - else - tlskey=$(get_docker_effective_command_line_args '--tlskey' | sed -n 's/.*tlskey=\([^s]\)/\1/p' | sed 's/--/ --/g' | cut -d " " -f 1) - fi - if [ -f "$tlskey" ]; then - if [ "$(stat -c %a $tlskey)" -eq 400 ]; then - pass -s "$check" - logcheckresult "PASS" - else - warn -s "$check" - warn " * Wrong permissions for $tlskey" - logcheckresult "WARN" "Wrong permissions for $tlskey" - fi - else - info -c "$check" - info " * No TLS Key found" - logcheckresult "INFO" "No TLS Key found" - fi -} - -check_3_15() { - local id="3.15" - local desc="Ensure that the Docker socket file ownership is set to root:docker (Scored)" - local remediation="You should run the following command: chown root:docker /var/run/docker.sock. This sets the ownership to root and group ownership to docker for the default Docker socket file." - local remediationImpact="None." - local check="$id - $desc" - starttestjson "$id" "$desc" - - file="/var/run/docker.sock" - if [ -S "$file" ]; then - if [ "$(stat -c %U:%G $file)" = 'root:docker' ]; then - pass -s "$check" - logcheckresult "PASS" - else - warn -s "$check" - warn " * Wrong ownership for $file" - logcheckresult "WARN" "Wrong ownership for $file" - fi - else - info -c "$check" - info " * File not found" - logcheckresult "INFO" "File not found" - fi -} - -check_3_16() { - local id="3.16" - local desc="Ensure that the Docker socket file permissions are set to 660 or more restrictively (Scored)" - local remediation="You should run the following command: chmod 660 /var/run/docker.sock. This sets the file permissions of the Docker socket file to 660." - local remediationImpact="None." - local check="$id - $desc" - starttestjson "$id" "$desc" - - file="/var/run/docker.sock" - if [ -S "$file" ]; then - if [ "$(stat -c %a $file)" -le 660 ]; then - pass -s "$check" - logcheckresult "PASS" - else - warn -s "$check" - warn " * Wrong permissions for $file" - logcheckresult "WARN" "Wrong permissions for $file" - fi - else - info -c "$check" - info " * File not found" - logcheckresult "INFO" "File not found" - fi -} - -check_3_17() { - local id="3.17" - local desc="Ensure that the daemon.json file ownership is set to root:root (Scored)" - local remediation="You should run the following command: chown root:root /etc/docker/daemon.json. This sets the ownership and group ownership for the file to root." - local remediationImpact="None." - local check="$id - $desc" - starttestjson "$id" "$desc" - - file="/etc/docker/daemon.json" - if [ -f "$file" ]; then - if [ "$(stat -c %U:%G $file)" = 'root:root' ]; then - pass -s "$check" - logcheckresult "PASS" - else - warn -s "$check" - warn " * Wrong ownership for $file" - logcheckresult "WARN" "Wrong ownership for $file" - fi - else - info -c "$check" - info " * File not found" - logcheckresult "INFO" "File not found" - fi -} - -check_3_18() { - local id="3.18" - local desc="Ensure that daemon.json file permissions are set to 644 or more restrictive (Scored)" - local remediation="You should run the following command: chmod 644 /etc/docker/daemon.json. This sets the file permissions for this file to 644." - local remediationImpact="None." - local check="$id - $desc" - starttestjson "$id" "$desc" - - file="/etc/docker/daemon.json" - if [ -f "$file" ]; then - if [ "$(stat -c %a $file)" -le 644 ]; then - pass -s "$check" - logcheckresult "PASS" - else - warn -s "$check" - warn " * Wrong permissions for $file" - logcheckresult "WARN" "Wrong permissions for $file" - fi - else - info -c "$check" - info " * File not found" - logcheckresult "INFO" "File not found" - fi -} - -check_3_19() { - local id="3.19" - local desc="Ensure that the /etc/default/docker file ownership is set to root:root (Scored)" - local remediation="You should run the following command: chown root:root /etc/default/docker. This sets the ownership and group ownership of the file to root." - local remediationImpact="None." - local check="$id - $desc" - starttestjson "$id" "$desc" - - file="/etc/default/docker" - if [ -f "$file" ]; then - if [ "$(stat -c %U:%G $file)" = 'root:root' ]; then - pass -s "$check" - logcheckresult "PASS" - else - warn -s "$check" - warn " * Wrong ownership for $file" - logcheckresult "WARN" "Wrong ownership for $file" - fi - else - info -c "$check" - info " * File not found" - logcheckresult "INFO" "File not found" - fi -} - -check_3_20() { - local id="3.20" - local desc="Ensure that the /etc/sysconfig/docker file ownership is set to root:root (Scored)" - local remediation="You should run the following command: chown root:root /etc/sysconfig/docker. This sets the ownership and group ownership for the file to root." - local remediationImpact="None." - local check="$id - $desc" - starttestjson "$id" "$desc" - - file="/etc/sysconfig/docker" - if [ -f "$file" ]; then - if [ "$(stat -c %U:%G $file)" = 'root:root' ]; then - pass -s "$check" - logcheckresult "PASS" - else - warn -s "$check" - warn " * Wrong ownership for $file" - logcheckresult "WARN" "Wrong ownership for $file" - fi - else - info -c "$check" - info " * File not found" - logcheckresult "INFO" "File not found" - fi -} - -check_3_21() { - local id="3.21" - local desc="Ensure that the /etc/sysconfig/docker file permissions are set to 644 or more restrictively (Scored)" - local remediation="You should run the following command: chmod 644 /etc/sysconfig/docker. This sets the file permissions for this file to 644." - local remediationImpact="None." - local check="$id - $desc" - starttestjson "$id" "$desc" - - file="/etc/sysconfig/docker" - if [ -f "$file" ]; then - if [ "$(stat -c %a $file)" -le 644 ]; then - pass -s "$check" - logcheckresult "PASS" - else - warn -s "$check" - warn " * Wrong permissions for $file" - logcheckresult "WARN" "Wrong permissions for $file" - fi - else - info -c "$check" - info " * File not found" - logcheckresult "INFO" "File not found" - fi -} - -check_3_22() { - local id="3.22" - local desc="Ensure that the /etc/default/docker file permissions are set to 644 or more restrictively (Scored)" - local remediation="You should run the following command: chmod 644 /etc/default/docker. This sets the file permissions for this file to 644." - local remediationImpact="None." - local check="$id - $desc" - starttestjson "$id" "$desc" - - file="/etc/default/docker" - if [ -f "$file" ]; then - if [ "$(stat -c %a $file)" -le 644 ]; then - pass -s "$check" - logcheckresult "PASS" - else - warn -s "$check" - warn " * Wrong permissions for $file" - logcheckresult "WARN" "Wrong permissions for $file" - fi - else - info -c "$check" - info " * File not found" - logcheckresult "INFO" "File not found" - fi -} - -check_3_end() { - endsectionjson -}