GuillaumeHemmen/docker-bench-security
1
0
Fork 0
mirror of https://github.com/docker/docker-bench-security.git synced 2025-01-31 06:22:32 +01:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #110 from konstruktoid/issue109

Browse source 
Fixes #109
This commit is contained in:
Thomas Sjögren 2015-12-22 19:17:26 +01:00
commit 81fc9ac3ed
2 changed files with 12 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
helper_lib.sh
View file

@ -88,5 +88,12 @@ get_docker_effective_command_line_args() {
get_systemd_service_file(){ get_systemd_service_file(){
SERVICE="$1" SERVICE="$1"
if [ -f "/etc/systemd/system/$SERVICE" ]; then
echo "/etc/systemd/system/$SERVICE"
elif systemctl show -p FragmentPath "$SERVICE" 2> /dev/null 1>&2; then
systemctl show -p FragmentPath "$SERVICE" | sed 's/.*=//' systemctl show -p FragmentPath "$SERVICE" | sed 's/.*=//'
else
echo "/usr/lib/systemd/system/$SERVICE"
fi
} }

8
tests/3_docker_daemon_configuration_files.sh
View file

@ -5,7 +5,7 @@ info "3 - Docker Daemon Configuration Files"
# 3.1 # 3.1
check_3_1="3.1 - Verify that docker.service file ownership is set to root:root" check_3_1="3.1 - Verify that docker.service file ownership is set to root:root"
file="$(get_systemd_service_file docker-registry.service)" file="$(get_systemd_service_file docker.service)"
if [ -f "$file" ]; then if [ -f "$file" ]; then
if [ "$(stat -c %u%g $file)" -eq 00 ]; then if [ "$(stat -c %u%g $file)" -eq 00 ]; then
pass "$check_3_1" pass "$check_3_1"
@ -20,7 +20,7 @@ fi
# 3.2 # 3.2
check_3_2="3.2 - Verify that docker.service file permissions are set to 644" check_3_2="3.2 - Verify that docker.service file permissions are set to 644"
file="$(get_systemd_service_file docker-registry.service)" file="$(get_systemd_service_file docker.service)"
if [ -f "$file" ]; then if [ -f "$file" ]; then
if [ "$(stat -c %a $file)" -eq 644 ]; then if [ "$(stat -c %a $file)" -eq 644 ]; then
pass "$check_3_2" pass "$check_3_2"
@ -65,7 +65,7 @@ fi
# 3.5 # 3.5
check_3_5="3.5 - Verify that docker.socket file ownership is set to root:root" check_3_5="3.5 - Verify that docker.socket file ownership is set to root:root"
file="/usr/lib/systemd/system/docker.socket" file="$(get_systemd_service_file docker.socket)"
if [ -f "$file" ]; then if [ -f "$file" ]; then
if [ "$(stat -c %u%g $file)" -eq 00 ]; then if [ "$(stat -c %u%g $file)" -eq 00 ]; then
pass "$check_3_5" pass "$check_3_5"
@ -80,7 +80,7 @@ fi
# 3.6 # 3.6
check_3_6="3.6 - Verify that docker.socket file permissions are set to 644" check_3_6="3.6 - Verify that docker.socket file permissions are set to 644"
file="/usr/lib/systemd/system/docker.socket" file="$(get_systemd_service_file docker.socket)"
if [ -f "$file" ]; then if [ -f "$file" ]; then
if [ "$(stat -c %a $file)" -eq 644 ]; then if [ "$(stat -c %a $file)" -eq 644 ]; then
pass "$check_3_6" pass "$check_3_6"