diff --git a/tests/1_host_configuration.sh b/tests/1_host_configuration.sh index a8deced..c3e3d86 100644 --- a/tests/1_host_configuration.sh +++ b/tests/1_host_configuration.sh @@ -129,7 +129,7 @@ check_1_2_2() { check_1_2_3() { local id="1.2.3" local desc="Ensure auditing is configured for the Docker daemon (Scored)" - local remediation="Install and configure auditd using command sudo apt-get install auditd. Add -w /usr/bin/dockerd -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart." + local remediation="Install auditd. Add -w /usr/bin/dockerd -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart." local remediationImpact="Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." local check="$id - $desc" starttestjson "$id" "$desc" @@ -155,7 +155,7 @@ check_1_2_3() { check_1_2_4() { local id="1.2.4" local desc="Ensure auditing is configured for Docker files and directories - /var/lib/docker (Scored)" - local remediation="Install and configure auditd using command sudo apt-get install auditd. Add -w /var/lib/docker -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart." + local remediation="Install auditd. Add -w /var/lib/docker -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart." local remediationImpact="Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." local check="$id - $desc" starttestjson "$id" "$desc" @@ -187,7 +187,7 @@ check_1_2_4() { check_1_2_5() { local id="1.2.5" local desc="Ensure auditing is configured for Docker files and directories - /etc/docker (Scored)" - local remediation="Install and configure auditd using command sudo apt-get install auditd. Add -w /etc/docker -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart." + local remediation="Install auditd. Add -w /etc/docker -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart." local remediationImpact="Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." local check="$id - $desc" starttestjson "$id" "$desc" @@ -220,7 +220,7 @@ check_1_2_6() { local id="1.2.6" local desc="Ensure auditing is configured for Docker files and directories - docker.service (Scored)" local remediation - remediation="Install and configure auditd using command sudo apt-get install auditd. Add -w $(systemctl show -p FragmentPath docker.service | sed 's/.*=//') -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart." + remediation="Install auditd. Add -w $(systemctl show -p FragmentPath docker.service | sed 's/.*=//') -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart." local remediationImpact="Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." local check="$id - $desc" starttestjson "$id" "$desc" @@ -253,7 +253,7 @@ check_1_2_7() { local id="1.2.7" local desc="Ensure auditing is configured for Docker files and directories - docker.socket (Scored)" local remediation - remediation="Install and configure auditd using command sudo apt-get install auditd. Add -w $(systemctl show -p FragmentPath docker.socket | sed 's/.*=//') -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart." + remediation="Install auditd. Add -w $(systemctl show -p FragmentPath docker.socket | sed 's/.*=//') -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart." local remediationImpact="Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." local check="$id - $desc" starttestjson "$id" "$desc" @@ -285,7 +285,7 @@ check_1_2_7() { check_1_2_8() { local id="1.2.8" local desc="Ensure auditing is configured for Docker files and directories - /etc/default/docker (Scored)" - local remediation="Install and configure auditd using command sudo apt-get install auditd. Add -w /etc/default/docker -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart." + local remediation="Install auditd. Add -w /etc/default/docker -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart." local remediationImpact="Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." local check="$id - $desc" starttestjson "$id" "$desc" @@ -317,7 +317,7 @@ check_1_2_8() { check_1_2_9() { local id="1.2.9" local desc="Ensure auditing is configured for Docker files and directories - /etc/sysconfig/docker (Scored)" - local remediation="Install and configure auditd using command sudo apt-get install auditd. Add -w /etc/sysconfig/docker -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart." + local remediation="Install auditd. Add -w /etc/sysconfig/docker -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart." local remediationImpact="Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." local check="$id - $desc" starttestjson "$id" "$desc" @@ -349,7 +349,7 @@ check_1_2_9() { check_1_2_10() { local id="1.2.10" local desc="Ensure auditing is configured for Docker files and directories - /etc/docker/daemon.json (Scored)" - local remediation="Install and configure auditd using command sudo apt-get install auditd. Add -w /etc/docker/daemon.json -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart." + local remediation="Install auditd. Add -w /etc/docker/daemon.json -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart." local remediationImpact="Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." local check="$id - $desc" starttestjson "$id" "$desc" @@ -381,7 +381,7 @@ check_1_2_10() { check_1_2_11() { local id="1.2.11" local desc="Ensure auditing is configured for Docker files and directories - /usr/bin/containerd (Scored)" - local remediation="Install and configure auditd using command sudo apt-get install auditd. Add -w /usr/bin/containerd -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart." + local remediation="Install auditd. Add -w /usr/bin/containerd -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart." local remediationImpact="Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." local check="$id - $desc" starttestjson "$id" "$desc" @@ -413,7 +413,7 @@ check_1_2_11() { check_1_2_12() { local id="1.2.12" local desc="Ensure auditing is configured for Docker files and directories - /usr/sbin/runc (Scored)" - local remediation="Install and configure auditd using command sudo apt-get install auditd. Add -w /usr/sbin/runc -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart." + local remediation="Install auditd. Add -w /usr/sbin/runc -k docker to the /etc/audit/rules.d/audit.rules file. Then restart the audit daemon using command service auditd restart." local remediationImpact="Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions." local check="$id - $desc" starttestjson "$id" "$desc"