mirror of
https://github.com/docker/docker-bench-security.git
synced 2025-01-18 16:22:33 +01:00
Merge pull request #102 from konstruktoid/systemd_service
Systemd service
This commit is contained in:
Thomas Sjögren
commit
93439abcd3
3 changed files with 11 additions and 6 deletions
|
|
@ -85,3 +85,8 @@ get_docker_effective_command_line_args() {
|
|||
OPTION="$1"
|
||||
get_docker_cumulative_command_line_args $OPTION | tail -n1
|
||||
}
|
||||
|
||||
get_systemd_service_file(){
|
||||
SERVICE="$1"
|
||||
systemctl show -p FragmentPath "$SERVICE" | sed 's/.*=//'
|
||||
}
|
||||
|
|
|
|||
|
|
@ -114,7 +114,7 @@ fi
|
|||
|
||||
# 1.11
|
||||
check_1_11="1.11 - Audit Docker files and directories - docker-registry.service"
|
||||
file="/usr/lib/systemd/system/docker-registry.service"
|
||||
file="$(get_systemd_service_file docker-registry.service)"
|
||||
if [ -f "$file" ]; then
|
||||
command -v auditctl >/dev/null 2>&1
|
||||
if [ $? -eq 0 ]; then
|
||||
|
|
@ -134,7 +134,7 @@ fi
|
|||
|
||||
# 1.12
|
||||
check_1_12="1.12 - Audit Docker files and directories - docker.service"
|
||||
file="/usr/lib/systemd/system/docker.service"
|
||||
file="$(get_systemd_service_file docker.service)"
|
||||
if [ -f "$file" ]; then
|
||||
command -v auditctl >/dev/null 2>&1
|
||||
if [ $? -eq 0 ]; then
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@ info "3 - Docker Daemon Configuration Files"
|
|||
|
||||
# 3.1
|
||||
check_3_1="3.1 - Verify that docker.service file ownership is set to root:root"
|
||||
file="/usr/lib/systemd/system/docker.service"
|
||||
file="$(get_systemd_service_file docker-registry.service)"
|
||||
if [ -f "$file" ]; then
|
||||
if [ "$(stat -c %u%g $file)" -eq 00 ]; then
|
||||
pass "$check_3_1"
|
||||
|
|
@ -20,7 +20,7 @@ fi
|
|||
|
||||
# 3.2
|
||||
check_3_2="3.2 - Verify that docker.service file permissions are set to 644"
|
||||
file="/usr/lib/systemd/system/docker.service"
|
||||
file="$(get_systemd_service_file docker-registry.service)"
|
||||
if [ -f "$file" ]; then
|
||||
if [ "$(stat -c %a $file)" -eq 644 ]; then
|
||||
pass "$check_3_2"
|
||||
|
|
@ -35,7 +35,7 @@ fi
|
|||
|
||||
# 3.3
|
||||
check_3_3="3.3 - Verify that docker-registry.service file ownership is set to root:root"
|
||||
file="/usr/lib/systemd/system/docker-registry.service"
|
||||
file="$(get_systemd_service_file docker-registry.service)"
|
||||
if [ -f "$file" ]; then
|
||||
if [ "$(stat -c %u%g $file)" -eq 00 ]; then
|
||||
pass "$check_3_3"
|
||||
|
|
@ -50,7 +50,7 @@ fi
|
|||
|
||||
# 3.4
|
||||
check_3_4="3.4 - Verify that docker-registry.service file permissions are set to 644"
|
||||
file="/usr/lib/systemd/system/docker-registry.service"
|
||||
file="$(get_systemd_service_file docker-registry.service)"
|
||||
if [ -f "$file" ]; then
|
||||
if [ "$(stat -c %a $file)" -eq 644 ]; then
|
||||
pass "$check_3_4"
|
||||
|
|
|
|||
Loading…
Reference in a new issue