From 8aec461d46a794c2b6022502841dcc57f5d7ec92 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Sj=C3=B6gren?= Date: Fri, 8 May 2020 13:09:52 +0200 Subject: [PATCH] more flexible binary usage, better support for mac os MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Thomas Sjögren --- docker-bench-security.sh | 11 ++++++++++- tests/1_host_configuration.sh | 6 +++++- tests/7_docker_swarm_configuration.sh | 2 +- 3 files changed, 16 insertions(+), 3 deletions(-) diff --git a/docker-bench-security.sh b/docker-bench-security.sh index 68c8c30..c5d9b40 100755 --- a/docker-bench-security.sh +++ b/docker-bench-security.sh @@ -24,11 +24,20 @@ readonly myname export PATH="$PATH:/bin:/sbin:/usr/bin:/usr/local/bin:/usr/sbin/" # Check for required program(s) -req_progs='awk docker grep ss stat' +req_progs='awk docker grep stat' for p in $req_progs; do command -v "$p" >/dev/null 2>&1 || { printf "%s command not found.\n" "$p"; exit 1; } done +if command -v ss >/dev/null 2>&1; then + netbin=ss +elif command -v netstat >/dev/null 2>&1; then + netbin=netstat +else + echo "ss or netstat command not found." + exit 1 +fi + # Ensure we can connect to docker daemon if ! docker ps -q >/dev/null 2>&1; then printf "Error connecting to docker daemon (does docker ps work?)\n" diff --git a/tests/1_host_configuration.sh b/tests/1_host_configuration.sh index f8a1b87..30dfaac 100644 --- a/tests/1_host_configuration.sh +++ b/tests/1_host_configuration.sh @@ -93,7 +93,11 @@ check_1_2_2() { starttestjson "$id_1_2_2" "$desc_1_2_2" totalChecks=$((totalChecks + 1)) - docker_users=$(getent group docker) + if command -v getent >/dev/null 2>&1; then + docker_users=$(getent group docker) + else + docker_users=$(grep 'docker' /etc/group) + fi info "$check_1_2_2" for u in $docker_users; do info " * $u" diff --git a/tests/7_docker_swarm_configuration.sh b/tests/7_docker_swarm_configuration.sh index f7bc7ab..c3b9187 100644 --- a/tests/7_docker_swarm_configuration.sh +++ b/tests/7_docker_swarm_configuration.sh @@ -63,7 +63,7 @@ check_7_3() { totalChecks=$((totalChecks + 1)) if docker info 2>/dev/null | grep -e "Swarm:*\sactive\s*" >/dev/null 2>&1; then - ss -lnt | grep -e '\[::]:2377 ' -e ':::2377' -e '*:2377 ' -e ' 0\.0\.0\.0:2377 ' >/dev/null 2>&1 + $netbin -lnt | grep -e '\[::]:2377 ' -e ':::2377' -e '*:2377 ' -e ' 0\.0\.0\.0:2377 ' >/dev/null 2>&1 if [ $? -eq 1 ]; then pass "$check_7_3" resulttestjson "PASS"