mirror of
https://github.com/docker/docker-bench-security.git
synced 2025-01-18 16:22:33 +01:00
map desc_ to benchmark headings
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
This commit is contained in:
Thomas Sjögren
parent
735938a8f1
commit
98acc66436
8 changed files with 115 additions and 115 deletions
|
|
@ -20,7 +20,7 @@ check_1_1() {
|
||||||
# 1.1.1
|
# 1.1.1
|
||||||
check_1_1_1() {
|
check_1_1_1() {
|
||||||
id_1_1_1="1.1.1"
|
id_1_1_1="1.1.1"
|
||||||
desc_1_1_1="Ensure the container host has been Hardened"
|
desc_1_1_1="Ensure the container host has been Hardened (Not Scored)"
|
||||||
check_1_1_1="$id_1_1_1 - $desc_1_1_1"
|
check_1_1_1="$id_1_1_1 - $desc_1_1_1"
|
||||||
starttestjson "$id_1_1_1" "$desc_1_1_1"
|
starttestjson "$id_1_1_1" "$desc_1_1_1"
|
||||||
|
|
||||||
|
|
@ -33,7 +33,7 @@ check_1_1_1() {
|
||||||
# 1.1.2
|
# 1.1.2
|
||||||
check_1_1_2() {
|
check_1_1_2() {
|
||||||
id_1_1_2="1.1.2"
|
id_1_1_2="1.1.2"
|
||||||
desc_1_1_2="Ensure Docker is up to date"
|
desc_1_1_2="Ensure that the version of Docker is up to date (Not Scored)"
|
||||||
check_1_1_2="$id_1_1_2 - $desc_1_1_2"
|
check_1_1_2="$id_1_1_2 - $desc_1_1_2"
|
||||||
starttestjson "$id_1_1_2" "$desc_1_1_2"
|
starttestjson "$id_1_1_2" "$desc_1_1_2"
|
||||||
|
|
||||||
|
|
@ -68,7 +68,7 @@ check_1_2() {
|
||||||
# 1.2.1
|
# 1.2.1
|
||||||
check_1_2_1() {
|
check_1_2_1() {
|
||||||
id_1_2_1="1.2.1"
|
id_1_2_1="1.2.1"
|
||||||
desc_1_2_1="Ensure a separate partition for containers has been created"
|
desc_1_2_1="Ensure a separate partition for containers has been created (Scored)"
|
||||||
check_1_2_1="$id_1_2_1 - $desc_1_2_1"
|
check_1_2_1="$id_1_2_1 - $desc_1_2_1"
|
||||||
starttestjson "$id_1_2_1" "$desc_1_2_1"
|
starttestjson "$id_1_2_1" "$desc_1_2_1"
|
||||||
|
|
||||||
|
|
@ -88,7 +88,7 @@ check_1_2_1() {
|
||||||
# 1.2.2
|
# 1.2.2
|
||||||
check_1_2_2() {
|
check_1_2_2() {
|
||||||
id_1_2_2="1.2.2"
|
id_1_2_2="1.2.2"
|
||||||
desc_1_2_2="Ensure only trusted users are allowed to control Docker daemon"
|
desc_1_2_2="Ensure only trusted users are allowed to control Docker daemon (Scored)"
|
||||||
check_1_2_2="$id_1_2_2 - $desc_1_2_2"
|
check_1_2_2="$id_1_2_2 - $desc_1_2_2"
|
||||||
starttestjson "$id_1_2_2" "$desc_1_2_2"
|
starttestjson "$id_1_2_2" "$desc_1_2_2"
|
||||||
|
|
||||||
|
|
@ -105,7 +105,7 @@ check_1_2_2() {
|
||||||
# 1.2.3
|
# 1.2.3
|
||||||
check_1_2_3() {
|
check_1_2_3() {
|
||||||
id_1_2_3="1.2.3"
|
id_1_2_3="1.2.3"
|
||||||
desc_1_2_3="Ensure auditing is configured for the Docker daemon"
|
desc_1_2_3="Ensure auditing is configured for the Docker daemon (Scored)"
|
||||||
check_1_2_3="$id_1_2_3 - $desc_1_2_3"
|
check_1_2_3="$id_1_2_3 - $desc_1_2_3"
|
||||||
starttestjson "$id_1_2_3" "$desc_1_2_3"
|
starttestjson "$id_1_2_3" "$desc_1_2_3"
|
||||||
|
|
||||||
|
|
@ -135,7 +135,7 @@ check_1_2_3() {
|
||||||
# 1.2.4
|
# 1.2.4
|
||||||
check_1_2_4() {
|
check_1_2_4() {
|
||||||
id_1_2_4="1.2.4"
|
id_1_2_4="1.2.4"
|
||||||
desc_1_2_4="Ensure auditing is configured for Docker files and directories - /var/lib/docker"
|
desc_1_2_4="Ensure auditing is configured for Docker files and directories - /var/lib/docker (Scored)"
|
||||||
check_1_2_4="$id_1_2_4 - $desc_1_2_4"
|
check_1_2_4="$id_1_2_4 - $desc_1_2_4"
|
||||||
starttestjson "$id_1_2_4" "$desc_1_2_4"
|
starttestjson "$id_1_2_4" "$desc_1_2_4"
|
||||||
|
|
||||||
|
|
@ -172,7 +172,7 @@ check_1_2_4() {
|
||||||
# 1.2.5
|
# 1.2.5
|
||||||
check_1_2_5() {
|
check_1_2_5() {
|
||||||
id_1_2_5="1.2.5"
|
id_1_2_5="1.2.5"
|
||||||
desc_1_2_5="Ensure auditing is configured for Docker files and directories - /etc/docker"
|
desc_1_2_5="Ensure auditing is configured for Docker files and directories - /etc/docker (Scored)"
|
||||||
check_1_2_5="$id_1_2_5 - $desc_1_2_5"
|
check_1_2_5="$id_1_2_5 - $desc_1_2_5"
|
||||||
starttestjson "$id_1_2_5" "$desc_1_2_5"
|
starttestjson "$id_1_2_5" "$desc_1_2_5"
|
||||||
|
|
||||||
|
|
@ -209,7 +209,7 @@ fi
|
||||||
# 1.2.6
|
# 1.2.6
|
||||||
check_1_2_6() {
|
check_1_2_6() {
|
||||||
id_1_2_6="1.2.6"
|
id_1_2_6="1.2.6"
|
||||||
desc_1_2_6="Ensure auditing is configured for Docker files and directories - docker.service"
|
desc_1_2_6="Ensure auditing is configured for Docker files and directories - docker.service (Scored)"
|
||||||
check_1_2_6="$id_1_2_6 - $desc_1_2_6"
|
check_1_2_6="$id_1_2_6 - $desc_1_2_6"
|
||||||
starttestjson "$id_1_2_6" "$desc_1_2_6"
|
starttestjson "$id_1_2_6" "$desc_1_2_6"
|
||||||
|
|
||||||
|
|
@ -246,7 +246,7 @@ check_1_2_6() {
|
||||||
# 1.2.7
|
# 1.2.7
|
||||||
check_1_2_7() {
|
check_1_2_7() {
|
||||||
id_1_2_7="1.2.7"
|
id_1_2_7="1.2.7"
|
||||||
desc_1_2_7="Ensure auditing is configured for Docker files and directories - docker.socket"
|
desc_1_2_7="Ensure auditing is configured for Docker files and directories - docker.socket (Scored)"
|
||||||
check_1_2_7="$id_1_2_7 - $desc_1_2_7"
|
check_1_2_7="$id_1_2_7 - $desc_1_2_7"
|
||||||
starttestjson "$id_1_2_7" "$desc_1_2_7"
|
starttestjson "$id_1_2_7" "$desc_1_2_7"
|
||||||
|
|
||||||
|
|
@ -283,7 +283,7 @@ check_1_2_7() {
|
||||||
# 1.2.8
|
# 1.2.8
|
||||||
check_1_2_8() {
|
check_1_2_8() {
|
||||||
id_1_2_8="1.2.8"
|
id_1_2_8="1.2.8"
|
||||||
desc_1_2_8="Ensure auditing is configured for Docker files and directories - /etc/default/docker"
|
desc_1_2_8="Ensure auditing is configured for Docker files and directories - /etc/default/docker (Scored)"
|
||||||
check_1_2_8="$id_1_2_8 - $desc_1_2_8"
|
check_1_2_8="$id_1_2_8 - $desc_1_2_8"
|
||||||
starttestjson "$id_1_2_8" "$desc_1_2_8"
|
starttestjson "$id_1_2_8" "$desc_1_2_8"
|
||||||
|
|
||||||
|
|
@ -320,7 +320,7 @@ check_1_2_8() {
|
||||||
# 1.2.9
|
# 1.2.9
|
||||||
check_1_2_9() {
|
check_1_2_9() {
|
||||||
id_1_2_9="1.2.9"
|
id_1_2_9="1.2.9"
|
||||||
desc_1_2_9="Ensure auditing is configured for Docker files and directories - /etc/sysconfig/docker"
|
desc_1_2_9="Ensure auditing is configured for Docker files and directories - /etc/sysconfig/docker (Scored)"
|
||||||
check_1_2_9="$id_1_2_9 - $desc_1_2_9"
|
check_1_2_9="$id_1_2_9 - $desc_1_2_9"
|
||||||
starttestjson "$id_1_2_9" "$desc_1_2_9"
|
starttestjson "$id_1_2_9" "$desc_1_2_9"
|
||||||
|
|
||||||
|
|
@ -357,7 +357,7 @@ check_1_2_9() {
|
||||||
# 1.2.10
|
# 1.2.10
|
||||||
check_1_2_10() {
|
check_1_2_10() {
|
||||||
id_1_2_10="1.2.10"
|
id_1_2_10="1.2.10"
|
||||||
desc_1_2_10="Ensure auditing is configured for Docker files and directories - /etc/docker/daemon.json"
|
desc_1_2_10="Ensure auditing is configured for Docker files and directories - /etc/docker/daemon.json (Scored)"
|
||||||
check_1_2_10="$id_1_2_10 - $desc_1_2_10"
|
check_1_2_10="$id_1_2_10 - $desc_1_2_10"
|
||||||
starttestjson "$id_1_2_10" "$desc_1_2_10"
|
starttestjson "$id_1_2_10" "$desc_1_2_10"
|
||||||
|
|
||||||
|
|
@ -394,7 +394,7 @@ check_1_2_10() {
|
||||||
# 1.2.11
|
# 1.2.11
|
||||||
check_1_2_11() {
|
check_1_2_11() {
|
||||||
id_1_2_11="1.2.11"
|
id_1_2_11="1.2.11"
|
||||||
desc_1_2_11="Ensure auditing is configured for Docker files and directories - /usr/bin/containerd"
|
desc_1_2_11="Ensure auditing is configured for Docker files and directories - /usr/bin/containerd (Scored)"
|
||||||
check_1_2_11="$id_1_2_11 - $desc_1_2_11"
|
check_1_2_11="$id_1_2_11 - $desc_1_2_11"
|
||||||
starttestjson "$id_1_2_11" "$desc_1_2_11"
|
starttestjson "$id_1_2_11" "$desc_1_2_11"
|
||||||
|
|
||||||
|
|
@ -431,7 +431,7 @@ check_1_2_11() {
|
||||||
# 1.2.12
|
# 1.2.12
|
||||||
check_1_2_12() {
|
check_1_2_12() {
|
||||||
id_1_2_12="1.2.12"
|
id_1_2_12="1.2.12"
|
||||||
desc_1_2_12="Ensure auditing is configured for Docker files and directories - /usr/sbin/runc"
|
desc_1_2_12="Ensure auditing is configured for Docker files and directories - /usr/sbin/runc (Scored)"
|
||||||
check_1_2_12="$id_1_2_12 - $desc_1_2_12"
|
check_1_2_12="$id_1_2_12 - $desc_1_2_12"
|
||||||
starttestjson "$id_1_2_12" "$desc_1_2_12"
|
starttestjson "$id_1_2_12" "$desc_1_2_12"
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -12,7 +12,7 @@ check_2() {
|
||||||
# 2.1
|
# 2.1
|
||||||
check_2_1() {
|
check_2_1() {
|
||||||
id_2_1="2.1"
|
id_2_1="2.1"
|
||||||
desc_2_1="Ensure network traffic is restricted between containers on the default bridge"
|
desc_2_1="Ensure network traffic is restricted between containers on the default bridge (Scored)"
|
||||||
check_2_1="$id_2_1 - $desc_2_1"
|
check_2_1="$id_2_1 - $desc_2_1"
|
||||||
starttestjson "$id_2_1" "$desc_2_1"
|
starttestjson "$id_2_1" "$desc_2_1"
|
||||||
|
|
||||||
|
|
@ -35,7 +35,7 @@ check_2_1() {
|
||||||
# 2.2
|
# 2.2
|
||||||
check_2_2() {
|
check_2_2() {
|
||||||
id_2_2="2.2"
|
id_2_2="2.2"
|
||||||
desc_2_2="Ensure the logging level is set to 'info'"
|
desc_2_2="Ensure the logging level is set to 'info' (Scored)"
|
||||||
check_2_2="$id_2_2 - $desc_2_2"
|
check_2_2="$id_2_2 - $desc_2_2"
|
||||||
starttestjson "$id_2_2" "$desc_2_2"
|
starttestjson "$id_2_2" "$desc_2_2"
|
||||||
|
|
||||||
|
|
@ -74,7 +74,7 @@ check_2_2() {
|
||||||
# 2.3
|
# 2.3
|
||||||
check_2_3() {
|
check_2_3() {
|
||||||
id_2_3="2.3"
|
id_2_3="2.3"
|
||||||
desc_2_3="Ensure Docker is allowed to make changes to iptables"
|
desc_2_3="Ensure Docker is allowed to make changes to iptables (Scored)"
|
||||||
check_2_3="$id_2_3 - $desc_2_3"
|
check_2_3="$id_2_3 - $desc_2_3"
|
||||||
starttestjson "$id_2_3" "$desc_2_3"
|
starttestjson "$id_2_3" "$desc_2_3"
|
||||||
|
|
||||||
|
|
@ -97,7 +97,7 @@ check_2_3() {
|
||||||
# 2.4
|
# 2.4
|
||||||
check_2_4() {
|
check_2_4() {
|
||||||
id_2_4="2.4"
|
id_2_4="2.4"
|
||||||
desc_2_4="Ensure insecure registries are not used"
|
desc_2_4="Ensure insecure registries are not used (Scored)"
|
||||||
check_2_4="$id_2_4 - $desc_2_4"
|
check_2_4="$id_2_4 - $desc_2_4"
|
||||||
starttestjson "$id_2_4" "$desc_2_4"
|
starttestjson "$id_2_4" "$desc_2_4"
|
||||||
|
|
||||||
|
|
@ -126,7 +126,7 @@ check_2_4() {
|
||||||
# 2.5
|
# 2.5
|
||||||
check_2_5() {
|
check_2_5() {
|
||||||
id_2_5="2.5"
|
id_2_5="2.5"
|
||||||
desc_2_5="Ensure aufs storage driver is not used"
|
desc_2_5="Ensure aufs storage driver is not used (Scored)"
|
||||||
check_2_5="$id_2_5 - $desc_2_5"
|
check_2_5="$id_2_5 - $desc_2_5"
|
||||||
starttestjson "$id_2_5" "$desc_2_5"
|
starttestjson "$id_2_5" "$desc_2_5"
|
||||||
|
|
||||||
|
|
@ -145,7 +145,7 @@ check_2_5() {
|
||||||
# 2.6
|
# 2.6
|
||||||
check_2_6() {
|
check_2_6() {
|
||||||
id_2_6="2.6"
|
id_2_6="2.6"
|
||||||
desc_2_6="Ensure TLS authentication for Docker daemon is configured"
|
desc_2_6="Ensure TLS authentication for Docker daemon is configured (Scored)"
|
||||||
check_2_6="$id_2_6 - $desc_2_6"
|
check_2_6="$id_2_6 - $desc_2_6"
|
||||||
starttestjson "$id_2_6" "$desc_2_6"
|
starttestjson "$id_2_6" "$desc_2_6"
|
||||||
|
|
||||||
|
|
@ -180,7 +180,7 @@ check_2_6() {
|
||||||
# 2.7
|
# 2.7
|
||||||
check_2_7() {
|
check_2_7() {
|
||||||
id_2_7="2.7"
|
id_2_7="2.7"
|
||||||
desc_2_7="Ensure the default ulimit is configured appropriately"
|
desc_2_7="Ensure the default ulimit is configured appropriately (Not Scored)"
|
||||||
check_2_7="$id_2_7 - $desc_2_7"
|
check_2_7="$id_2_7 - $desc_2_7"
|
||||||
starttestjson "$id_2_7" "$desc_2_7"
|
starttestjson "$id_2_7" "$desc_2_7"
|
||||||
|
|
||||||
|
|
@ -204,7 +204,7 @@ check_2_7() {
|
||||||
# 2.8
|
# 2.8
|
||||||
check_2_8() {
|
check_2_8() {
|
||||||
id_2_8="2.8"
|
id_2_8="2.8"
|
||||||
desc_2_8="Enable user namespace support"
|
desc_2_8="Enable user namespace support (Scored)"
|
||||||
check_2_8="$id_2_8 - $desc_2_8"
|
check_2_8="$id_2_8 - $desc_2_8"
|
||||||
starttestjson "$id_2_8" "$desc_2_8"
|
starttestjson "$id_2_8" "$desc_2_8"
|
||||||
|
|
||||||
|
|
@ -227,7 +227,7 @@ check_2_8() {
|
||||||
# 2.9
|
# 2.9
|
||||||
check_2_9() {
|
check_2_9() {
|
||||||
id_2_9="2.9"
|
id_2_9="2.9"
|
||||||
desc_2_9="Ensure the default cgroup usage has been confirmed"
|
desc_2_9="Ensure the default cgroup usage has been confirmed (Scored)"
|
||||||
check_2_9="$id_2_9 - $desc_2_9"
|
check_2_9="$id_2_9 - $desc_2_9"
|
||||||
starttestjson "$id_2_9" "$desc_2_9"
|
starttestjson "$id_2_9" "$desc_2_9"
|
||||||
|
|
||||||
|
|
@ -252,7 +252,7 @@ check_2_9() {
|
||||||
# 2.10
|
# 2.10
|
||||||
check_2_10() {
|
check_2_10() {
|
||||||
id_2_10="2.10"
|
id_2_10="2.10"
|
||||||
desc_2_10="Ensure base device size is not changed until needed"
|
desc_2_10="Ensure base device size is not changed until needed (Scored)"
|
||||||
check_2_10="$id_2_10 - $desc_2_10"
|
check_2_10="$id_2_10 - $desc_2_10"
|
||||||
starttestjson "$id_2_10" "$desc_2_10"
|
starttestjson "$id_2_10" "$desc_2_10"
|
||||||
|
|
||||||
|
|
@ -275,7 +275,7 @@ check_2_10() {
|
||||||
# 2.11
|
# 2.11
|
||||||
check_2_11() {
|
check_2_11() {
|
||||||
id_2_11="2.11"
|
id_2_11="2.11"
|
||||||
desc_2_11="Ensure that authorization for Docker client commands is enabled"
|
desc_2_11="Ensure that authorization for Docker client commands is enabled (Scored)"
|
||||||
check_2_11="$id_2_11 - $desc_2_11"
|
check_2_11="$id_2_11 - $desc_2_11"
|
||||||
starttestjson "$id_2_11" "$desc_2_11"
|
starttestjson "$id_2_11" "$desc_2_11"
|
||||||
|
|
||||||
|
|
@ -298,7 +298,7 @@ check_2_11() {
|
||||||
# 2.12
|
# 2.12
|
||||||
check_2_12() {
|
check_2_12() {
|
||||||
id_2_12="2.12"
|
id_2_12="2.12"
|
||||||
desc_2_12="Ensure centralized and remote logging is configured"
|
desc_2_12="2.12 Ensure centralized and remote logging is configured (Scored)"
|
||||||
check_2_12="$id_2_12 - $desc_2_12"
|
check_2_12="$id_2_12 - $desc_2_12"
|
||||||
starttestjson "$id_2_12" "$desc_2_12"
|
starttestjson "$id_2_12" "$desc_2_12"
|
||||||
|
|
||||||
|
|
@ -317,7 +317,7 @@ check_2_12() {
|
||||||
# 2.13
|
# 2.13
|
||||||
check_2_13() {
|
check_2_13() {
|
||||||
id_2_13="2.13"
|
id_2_13="2.13"
|
||||||
desc_2_13="Ensure live restore is Enabled"
|
desc_2_13="Ensure live restore is enabled (Scored)"
|
||||||
check_2_13="$id_2_13 - $desc_2_13"
|
check_2_13="$id_2_13 - $desc_2_13"
|
||||||
starttestjson "$id_2_13" "$desc_2_13"
|
starttestjson "$id_2_13" "$desc_2_13"
|
||||||
|
|
||||||
|
|
@ -346,7 +346,7 @@ check_2_13() {
|
||||||
# 2.14
|
# 2.14
|
||||||
check_2_14() {
|
check_2_14() {
|
||||||
id_2_14="2.14"
|
id_2_14="2.14"
|
||||||
desc_2_14="Ensure Userland Proxy is Disabled"
|
desc_2_14="Ensure Userland Proxy is Disabled (Scored)"
|
||||||
check_2_14="$id_2_14 - $desc_2_14"
|
check_2_14="$id_2_14 - $desc_2_14"
|
||||||
starttestjson "$id_2_14" "$desc_2_14"
|
starttestjson "$id_2_14" "$desc_2_14"
|
||||||
|
|
||||||
|
|
@ -369,7 +369,7 @@ check_2_14() {
|
||||||
# 2.15
|
# 2.15
|
||||||
check_2_15() {
|
check_2_15() {
|
||||||
id_2_15="2.15"
|
id_2_15="2.15"
|
||||||
desc_2_15="Ensure that a daemon-wide custom seccomp profile is applied if appropriate"
|
desc_2_15="Ensure that a daemon-wide custom seccomp profile is applied if appropriate (Not Scored)"
|
||||||
check_2_15="$id_2_15 - $desc_2_15"
|
check_2_15="$id_2_15 - $desc_2_15"
|
||||||
starttestjson "$id_2_15" "$desc_2_15"
|
starttestjson "$id_2_15" "$desc_2_15"
|
||||||
|
|
||||||
|
|
@ -388,7 +388,7 @@ check_2_15() {
|
||||||
# 2.16
|
# 2.16
|
||||||
check_2_16() {
|
check_2_16() {
|
||||||
id_2_16="2.16"
|
id_2_16="2.16"
|
||||||
desc_2_16="Ensure that experimental features are not implemented in production"
|
desc_2_16="Ensure that experimental features are not implemented in production (Scored)"
|
||||||
check_2_16="$id_2_16 - $desc_2_16"
|
check_2_16="$id_2_16 - $desc_2_16"
|
||||||
starttestjson "$id_2_16" "$desc_2_16"
|
starttestjson "$id_2_16" "$desc_2_16"
|
||||||
|
|
||||||
|
|
@ -407,7 +407,7 @@ check_2_16() {
|
||||||
# 2.17
|
# 2.17
|
||||||
check_2_17() {
|
check_2_17() {
|
||||||
id_2_17="2.17"
|
id_2_17="2.17"
|
||||||
desc_2_17="Ensure containers are restricted from acquiring new privileges"
|
desc_2_17="Ensure containers are restricted from acquiring new privileges (Scored)"
|
||||||
check_2_17="$id_2_17 - $desc_2_17"
|
check_2_17="$id_2_17 - $desc_2_17"
|
||||||
starttestjson "$id_2_17" "$desc_2_17"
|
starttestjson "$id_2_17" "$desc_2_17"
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -12,7 +12,7 @@ check_3() {
|
||||||
# 3.1
|
# 3.1
|
||||||
check_3_1() {
|
check_3_1() {
|
||||||
id_3_1="3.1"
|
id_3_1="3.1"
|
||||||
desc_3_1="Ensure that docker.service file ownership is set to root:root"
|
desc_3_1="Ensure that the docker.service file ownership is set to root:root (Scored)"
|
||||||
check_3_1="$id_3_1 - $desc_3_1"
|
check_3_1="$id_3_1 - $desc_3_1"
|
||||||
starttestjson "$id_3_1" "$desc_3_1"
|
starttestjson "$id_3_1" "$desc_3_1"
|
||||||
|
|
||||||
|
|
@ -40,7 +40,7 @@ check_3_1() {
|
||||||
# 3.2
|
# 3.2
|
||||||
check_3_2() {
|
check_3_2() {
|
||||||
id_3_2="3.2"
|
id_3_2="3.2"
|
||||||
desc_3_2="Ensure that docker.service file permissions are appropriately set"
|
desc_3_2="Ensure that docker.service file permissions are appropriately set (Scored)"
|
||||||
check_3_2="$id_3_2 - $desc_3_2"
|
check_3_2="$id_3_2 - $desc_3_2"
|
||||||
starttestjson "$id_3_2" "$desc_3_2"
|
starttestjson "$id_3_2" "$desc_3_2"
|
||||||
|
|
||||||
|
|
@ -68,7 +68,7 @@ check_3_2() {
|
||||||
# 3.3
|
# 3.3
|
||||||
check_3_3() {
|
check_3_3() {
|
||||||
id_3_3="3.3"
|
id_3_3="3.3"
|
||||||
desc_3_3="Ensure that docker.socket file ownership is set to root:root"
|
desc_3_3="Ensure that docker.socket file ownership is set to root:root (Scored)"
|
||||||
check_3_3="$id_3_3 - $desc_3_3"
|
check_3_3="$id_3_3 - $desc_3_3"
|
||||||
starttestjson "$id_3_3" "$desc_3_3"
|
starttestjson "$id_3_3" "$desc_3_3"
|
||||||
|
|
||||||
|
|
@ -96,7 +96,7 @@ check_3_3() {
|
||||||
# 3.4
|
# 3.4
|
||||||
check_3_4() {
|
check_3_4() {
|
||||||
id_3_4="3.4"
|
id_3_4="3.4"
|
||||||
desc_3_4="Ensure that docker.socket file permissions are set to 644 or more restrictive"
|
desc_3_4="Ensure that docker.socket file permissions are set to 644 or more restrictive (Scored)"
|
||||||
check_3_4="$id_3_4 - $desc_3_4"
|
check_3_4="$id_3_4 - $desc_3_4"
|
||||||
starttestjson "$id_3_4" "$desc_3_4"
|
starttestjson "$id_3_4" "$desc_3_4"
|
||||||
|
|
||||||
|
|
@ -124,7 +124,7 @@ check_3_4() {
|
||||||
# 3.5
|
# 3.5
|
||||||
check_3_5() {
|
check_3_5() {
|
||||||
id_3_5="3.5"
|
id_3_5="3.5"
|
||||||
desc_3_5="Ensure that /etc/docker directory ownership is set to root:root"
|
desc_3_5="Ensure that the /etc/docker directory ownership is set to root:root (Scored)"
|
||||||
check_3_5="$id_3_5 - $desc_3_5"
|
check_3_5="$id_3_5 - $desc_3_5"
|
||||||
starttestjson "$id_3_5" "$desc_3_5"
|
starttestjson "$id_3_5" "$desc_3_5"
|
||||||
|
|
||||||
|
|
@ -152,7 +152,7 @@ check_3_5() {
|
||||||
# 3.6
|
# 3.6
|
||||||
check_3_6() {
|
check_3_6() {
|
||||||
id_3_6="3.6"
|
id_3_6="3.6"
|
||||||
desc_3_6="Ensure that /etc/docker directory permissions are set to 755 or more restrictive"
|
desc_3_6="Ensure that /etc/docker directory permissions are set to 755 or more restrictively (Scored)"
|
||||||
check_3_6="$id_3_6 - $desc_3_6"
|
check_3_6="$id_3_6 - $desc_3_6"
|
||||||
starttestjson "$id_3_6" "$desc_3_6"
|
starttestjson "$id_3_6" "$desc_3_6"
|
||||||
|
|
||||||
|
|
@ -180,7 +180,7 @@ check_3_6() {
|
||||||
# 3.7
|
# 3.7
|
||||||
check_3_7() {
|
check_3_7() {
|
||||||
id_3_7="3.7"
|
id_3_7="3.7"
|
||||||
desc_3_7="Ensure that registry certificate file ownership is set to root:root"
|
desc_3_7="Ensure that registry certificate file ownership is set to root:root (Scored)"
|
||||||
check_3_7="$id_3_7 - $desc_3_7"
|
check_3_7="$id_3_7 - $desc_3_7"
|
||||||
starttestjson "$id_3_7" "$desc_3_7"
|
starttestjson "$id_3_7" "$desc_3_7"
|
||||||
|
|
||||||
|
|
@ -215,7 +215,7 @@ check_3_7() {
|
||||||
# 3.8
|
# 3.8
|
||||||
check_3_8() {
|
check_3_8() {
|
||||||
id_3_8="3.8"
|
id_3_8="3.8"
|
||||||
desc_3_8="Ensure that registry certificate file permissions are set to 444 or more restrictive"
|
desc_3_8="Ensure that registry certificate file permissions are set to 444 or more restrictively (Scored)"
|
||||||
check_3_8="$id_3_8 - $desc_3_8"
|
check_3_8="$id_3_8 - $desc_3_8"
|
||||||
starttestjson "$id_3_8" "$desc_3_8"
|
starttestjson "$id_3_8" "$desc_3_8"
|
||||||
|
|
||||||
|
|
@ -250,7 +250,7 @@ check_3_8() {
|
||||||
# 3.9
|
# 3.9
|
||||||
check_3_9() {
|
check_3_9() {
|
||||||
id_3_9="3.9"
|
id_3_9="3.9"
|
||||||
desc_3_9="Ensure that TLS CA certificate file ownership is set to root:root"
|
desc_3_9="Ensure that TLS CA certificate file ownership is set to root:root (Scored)"
|
||||||
check_3_9="$id_3_9 - $desc_3_9"
|
check_3_9="$id_3_9 - $desc_3_9"
|
||||||
starttestjson "$id_3_9" "$desc_3_9"
|
starttestjson "$id_3_9" "$desc_3_9"
|
||||||
|
|
||||||
|
|
@ -282,7 +282,7 @@ check_3_9() {
|
||||||
# 3.10
|
# 3.10
|
||||||
check_3_10() {
|
check_3_10() {
|
||||||
id_3_10="3.10"
|
id_3_10="3.10"
|
||||||
desc_3_10="Ensure that TLS CA certificate file permissions are set to 444 or more restrictive"
|
desc_3_10="Ensure that TLS CA certificate file permissions are set to 444 or more restrictively (Scored)"
|
||||||
check_3_10="$id_3_10 - $desc_3_10"
|
check_3_10="$id_3_10 - $desc_3_10"
|
||||||
starttestjson "$id_3_10" "$desc_3_10"
|
starttestjson "$id_3_10" "$desc_3_10"
|
||||||
|
|
||||||
|
|
@ -314,7 +314,7 @@ check_3_10() {
|
||||||
# 3.11
|
# 3.11
|
||||||
check_3_11() {
|
check_3_11() {
|
||||||
id_3_11="3.11"
|
id_3_11="3.11"
|
||||||
desc_3_11="Ensure that Docker server certificate file ownership is set to root:root"
|
desc_3_11="Ensure that Docker server certificate file ownership is set to root:root (Scored)"
|
||||||
check_3_11="$id_3_11 - $desc_3_11"
|
check_3_11="$id_3_11 - $desc_3_11"
|
||||||
starttestjson "$id_3_11" "$desc_3_11"
|
starttestjson "$id_3_11" "$desc_3_11"
|
||||||
|
|
||||||
|
|
@ -346,7 +346,7 @@ check_3_11() {
|
||||||
# 3.12
|
# 3.12
|
||||||
check_3_12() {
|
check_3_12() {
|
||||||
id_3_12="3.12"
|
id_3_12="3.12"
|
||||||
desc_3_12="Ensure that Docker server certificate file permissions are set to 444 or more restrictive"
|
desc_3_12="Ensure that the Docker server certificate file permissions are set to 444 or more restrictively (Scored)"
|
||||||
check_3_12="$id_3_12 - $desc_3_12"
|
check_3_12="$id_3_12 - $desc_3_12"
|
||||||
starttestjson "$id_3_12" "$desc_3_12"
|
starttestjson "$id_3_12" "$desc_3_12"
|
||||||
|
|
||||||
|
|
@ -378,7 +378,7 @@ check_3_12() {
|
||||||
# 3.13
|
# 3.13
|
||||||
check_3_13() {
|
check_3_13() {
|
||||||
id_3_13="3.13"
|
id_3_13="3.13"
|
||||||
desc_3_13="Ensure that Docker server certificate key file ownership is set to root:root"
|
desc_3_13="Ensure that the Docker server certificate key file ownership is set to root:root (Scored)"
|
||||||
check_3_13="$id_3_13 - $desc_3_13"
|
check_3_13="$id_3_13 - $desc_3_13"
|
||||||
starttestjson "$id_3_13" "$desc_3_13"
|
starttestjson "$id_3_13" "$desc_3_13"
|
||||||
|
|
||||||
|
|
@ -410,7 +410,7 @@ check_3_13() {
|
||||||
# 3.14
|
# 3.14
|
||||||
check_3_14() {
|
check_3_14() {
|
||||||
id_3_14="3.14"
|
id_3_14="3.14"
|
||||||
desc_3_14="Ensure that Docker server certificate key file permissions are set to 400"
|
desc_3_14="Ensure that the Docker server certificate key file permissions are set to 400 (Scored)"
|
||||||
check_3_14="$id_3_14 - $desc_3_14"
|
check_3_14="$id_3_14 - $desc_3_14"
|
||||||
starttestjson "$id_3_14" "$desc_3_14"
|
starttestjson "$id_3_14" "$desc_3_14"
|
||||||
|
|
||||||
|
|
@ -442,7 +442,7 @@ check_3_14() {
|
||||||
# 3.15
|
# 3.15
|
||||||
check_3_15() {
|
check_3_15() {
|
||||||
id_3_15="3.15"
|
id_3_15="3.15"
|
||||||
desc_3_15="Ensure that Docker socket file ownership is set to root:docker"
|
desc_3_15="Ensure that the Docker socket file ownership is set to root:docker (Scored)"
|
||||||
check_3_15="$id_3_15 - $desc_3_15"
|
check_3_15="$id_3_15 - $desc_3_15"
|
||||||
starttestjson "$id_3_15" "$desc_3_15"
|
starttestjson "$id_3_15" "$desc_3_15"
|
||||||
|
|
||||||
|
|
@ -470,7 +470,7 @@ check_3_15() {
|
||||||
# 3.16
|
# 3.16
|
||||||
check_3_16() {
|
check_3_16() {
|
||||||
id_3_16="3.16"
|
id_3_16="3.16"
|
||||||
desc_3_16="Ensure that Docker socket file permissions are set to 660 or more restrictive"
|
desc_3_16="Ensure that the Docker socket file permissions are set to 660 or more restrictively (Scored)"
|
||||||
check_3_16="$id_3_16 - $desc_3_16"
|
check_3_16="$id_3_16 - $desc_3_16"
|
||||||
starttestjson "$id_3_16" "$desc_3_16"
|
starttestjson "$id_3_16" "$desc_3_16"
|
||||||
|
|
||||||
|
|
@ -498,7 +498,7 @@ check_3_16() {
|
||||||
# 3.17
|
# 3.17
|
||||||
check_3_17() {
|
check_3_17() {
|
||||||
id_3_17="3.17"
|
id_3_17="3.17"
|
||||||
desc_3_17="Ensure that daemon.json file ownership is set to root:root"
|
desc_3_17="Ensure that the daemon.json file ownership is set to root:root (Scored)"
|
||||||
check_3_17="$id_3_17 - $desc_3_17"
|
check_3_17="$id_3_17 - $desc_3_17"
|
||||||
starttestjson "$id_3_17" "$desc_3_17"
|
starttestjson "$id_3_17" "$desc_3_17"
|
||||||
|
|
||||||
|
|
@ -526,7 +526,7 @@ check_3_17() {
|
||||||
# 3.18
|
# 3.18
|
||||||
check_3_18() {
|
check_3_18() {
|
||||||
id_3_18="3.18"
|
id_3_18="3.18"
|
||||||
desc_3_18="Ensure that daemon.json file permissions are set to 644 or more restrictive"
|
desc_3_18="Ensure that daemon.json file permissions are set to 644 or more restrictive (Scored)"
|
||||||
check_3_18="$id_3_18 - $desc_3_18"
|
check_3_18="$id_3_18 - $desc_3_18"
|
||||||
starttestjson "$id_3_18" "$desc_3_18"
|
starttestjson "$id_3_18" "$desc_3_18"
|
||||||
|
|
||||||
|
|
@ -554,7 +554,7 @@ check_3_18() {
|
||||||
# 3.19
|
# 3.19
|
||||||
check_3_19() {
|
check_3_19() {
|
||||||
id_3_19="3.19"
|
id_3_19="3.19"
|
||||||
desc_3_19="Ensure that /etc/default/docker file ownership is set to root:root"
|
desc_3_19="Ensure that the /etc/default/docker file ownership is set to root:root (Scored)"
|
||||||
check_3_19="$id_3_19 - $desc_3_19"
|
check_3_19="$id_3_19 - $desc_3_19"
|
||||||
starttestjson "$id_3_19" "$desc_3_19"
|
starttestjson "$id_3_19" "$desc_3_19"
|
||||||
|
|
||||||
|
|
@ -582,7 +582,7 @@ check_3_19() {
|
||||||
# 3.20
|
# 3.20
|
||||||
check_3_20() {
|
check_3_20() {
|
||||||
id_3_20="3.20"
|
id_3_20="3.20"
|
||||||
desc_3_20="Ensure that the /etc/sysconfig/docker file ownership is set to root:root"
|
desc_3_20="Ensure that the /etc/sysconfig/docker file ownership is set to root:root (Scored)"
|
||||||
check_3_20="$id_3_20 - $desc_3_20"
|
check_3_20="$id_3_20 - $desc_3_20"
|
||||||
starttestjson "$id_3_20" "$desc_3_20"
|
starttestjson "$id_3_20" "$desc_3_20"
|
||||||
|
|
||||||
|
|
@ -610,7 +610,7 @@ check_3_20() {
|
||||||
# 3.21
|
# 3.21
|
||||||
check_3_21() {
|
check_3_21() {
|
||||||
id_3_21="3.21"
|
id_3_21="3.21"
|
||||||
desc_3_21="Ensure that /etc/sysconfig/docker file permissions are set to 644 or more restrictive"
|
desc_3_21="Ensure that the /etc/sysconfig/docker file permissions are set to 644 or more restrictively (Scored)"
|
||||||
check_3_21="$id_3_21 - $desc_3_21"
|
check_3_21="$id_3_21 - $desc_3_21"
|
||||||
starttestjson "$id_3_21" "$desc_3_21"
|
starttestjson "$id_3_21" "$desc_3_21"
|
||||||
|
|
||||||
|
|
@ -638,7 +638,7 @@ check_3_21() {
|
||||||
# 3.22
|
# 3.22
|
||||||
check_3_22() {
|
check_3_22() {
|
||||||
id_3_22="3.22"
|
id_3_22="3.22"
|
||||||
desc_3_22="Ensure that /etc/default/docker file permissions are set to 644 or more restrictive"
|
desc_3_22="Ensure that the /etc/default/docker file permissions are set to 644 or more restrictively (Scored)"
|
||||||
check_3_22="$id_3_22 - $desc_3_22"
|
check_3_22="$id_3_22 - $desc_3_22"
|
||||||
starttestjson "$id_3_22" "$desc_3_22"
|
starttestjson "$id_3_22" "$desc_3_22"
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -12,7 +12,7 @@ check_4() {
|
||||||
# 4.1
|
# 4.1
|
||||||
check_4_1() {
|
check_4_1() {
|
||||||
id_4_1="4.1"
|
id_4_1="4.1"
|
||||||
desc_4_1="Ensure a user for the container has been created"
|
desc_4_1="Ensure that a user for the container has been created (Scored)"
|
||||||
check_4_1="$id_4_1 - $desc_4_1"
|
check_4_1="$id_4_1 - $desc_4_1"
|
||||||
starttestjson "$id_4_1" "$desc_4_1"
|
starttestjson "$id_4_1" "$desc_4_1"
|
||||||
|
|
||||||
|
|
@ -64,7 +64,7 @@ check_4_1() {
|
||||||
# 4.2
|
# 4.2
|
||||||
check_4_2() {
|
check_4_2() {
|
||||||
id_4_2="4.2"
|
id_4_2="4.2"
|
||||||
desc_4_2="Ensure that containers use only trusted base images"
|
desc_4_2="Ensure that containers use only trusted base images (Not Scored)"
|
||||||
check_4_2="$id_4_2 - $desc_4_2"
|
check_4_2="$id_4_2 - $desc_4_2"
|
||||||
starttestjson "$id_4_2" "$desc_4_2"
|
starttestjson "$id_4_2" "$desc_4_2"
|
||||||
|
|
||||||
|
|
@ -77,7 +77,7 @@ check_4_2() {
|
||||||
# 4.3
|
# 4.3
|
||||||
check_4_3() {
|
check_4_3() {
|
||||||
id_4_3="4.3"
|
id_4_3="4.3"
|
||||||
desc_4_3="Ensure that unnecessary packages are not installed in the container"
|
desc_4_3="Ensure that unnecessary packages are not installed in the container (Not Scored)"
|
||||||
check_4_3="$id_4_3 - $desc_4_3"
|
check_4_3="$id_4_3 - $desc_4_3"
|
||||||
starttestjson "$id_4_3" "$desc_4_3"
|
starttestjson "$id_4_3" "$desc_4_3"
|
||||||
|
|
||||||
|
|
@ -90,7 +90,7 @@ check_4_3() {
|
||||||
# 4.4
|
# 4.4
|
||||||
check_4_4() {
|
check_4_4() {
|
||||||
id_4_4="4.4"
|
id_4_4="4.4"
|
||||||
desc_4_4="Ensure images are scanned and rebuilt to include security patches"
|
desc_4_4="Ensure images are scanned and rebuilt to include security patches (Not Scored)"
|
||||||
check_4_4="$id_4_4 - $desc_4_4"
|
check_4_4="$id_4_4 - $desc_4_4"
|
||||||
starttestjson "$id_4_4" "$desc_4_4"
|
starttestjson "$id_4_4" "$desc_4_4"
|
||||||
|
|
||||||
|
|
@ -103,7 +103,7 @@ check_4_4() {
|
||||||
# 4.5
|
# 4.5
|
||||||
check_4_5() {
|
check_4_5() {
|
||||||
id_4_5="4.5"
|
id_4_5="4.5"
|
||||||
desc_4_5="Ensure Content trust for Docker is Enabled"
|
desc_4_5="Ensure Content trust for Docker is Enabled (Scored)"
|
||||||
check_4_5="$id_4_5 - $desc_4_5"
|
check_4_5="$id_4_5 - $desc_4_5"
|
||||||
starttestjson "$id_4_5" "$desc_4_5"
|
starttestjson "$id_4_5" "$desc_4_5"
|
||||||
|
|
||||||
|
|
@ -122,7 +122,7 @@ check_4_5() {
|
||||||
# 4.6
|
# 4.6
|
||||||
check_4_6() {
|
check_4_6() {
|
||||||
id_4_6="4.6"
|
id_4_6="4.6"
|
||||||
desc_4_6="Ensure that HEALTHCHECK instructions have been added to container images"
|
desc_4_6="Ensure that HEALTHCHECK instructions have been added to container images (Scored)"
|
||||||
check_4_6="$id_4_6 - $desc_4_6"
|
check_4_6="$id_4_6 - $desc_4_6"
|
||||||
starttestjson "$id_4_6" "$desc_4_6"
|
starttestjson "$id_4_6" "$desc_4_6"
|
||||||
|
|
||||||
|
|
@ -155,7 +155,7 @@ check_4_6() {
|
||||||
# 4.7
|
# 4.7
|
||||||
check_4_7() {
|
check_4_7() {
|
||||||
id_4_7="4.7"
|
id_4_7="4.7"
|
||||||
desc_4_7="Ensure update instructions are not use alone in the Dockerfile"
|
desc_4_7="Ensure update instructions are not use alone in the Dockerfile (Not Scored)"
|
||||||
check_4_7="$id_4_7 - $desc_4_7"
|
check_4_7="$id_4_7 - $desc_4_7"
|
||||||
starttestjson "$id_4_7" "$desc_4_7"
|
starttestjson "$id_4_7" "$desc_4_7"
|
||||||
|
|
||||||
|
|
@ -188,7 +188,7 @@ check_4_7() {
|
||||||
# 4.8
|
# 4.8
|
||||||
check_4_8() {
|
check_4_8() {
|
||||||
id_4_8="4.8"
|
id_4_8="4.8"
|
||||||
desc_4_8="Ensure setuid and setgid permissions are removed"
|
desc_4_8="Ensure setuid and setgid permissions are removed (Not Scored)"
|
||||||
check_4_8="$id_4_8 - $desc_4_8"
|
check_4_8="$id_4_8 - $desc_4_8"
|
||||||
starttestjson "$id_4_8" "$desc_4_8"
|
starttestjson "$id_4_8" "$desc_4_8"
|
||||||
|
|
||||||
|
|
@ -201,7 +201,7 @@ check_4_8() {
|
||||||
# 4.9
|
# 4.9
|
||||||
check_4_9() {
|
check_4_9() {
|
||||||
id_4_9="4.9"
|
id_4_9="4.9"
|
||||||
desc_4_9="Ensure that COPY is used instead of ADD in Dockerfiles"
|
desc_4_9="Ensure that COPY is used instead of ADD in Dockerfiles (Not Scored)"
|
||||||
check_4_9="$id_4_9 - $desc_4_9"
|
check_4_9="$id_4_9 - $desc_4_9"
|
||||||
starttestjson "$id_4_9" "$desc_4_9"
|
starttestjson "$id_4_9" "$desc_4_9"
|
||||||
|
|
||||||
|
|
@ -235,7 +235,7 @@ check_4_9() {
|
||||||
# 4.10
|
# 4.10
|
||||||
check_4_10() {
|
check_4_10() {
|
||||||
id_4_10="4.10"
|
id_4_10="4.10"
|
||||||
desc_4_10="Ensure secrets are not stored in Dockerfiles"
|
desc_4_10="Ensure secrets are not stored in Dockerfiles (Not Scored)"
|
||||||
check_4_10="$id_4_10 - $desc_4_10"
|
check_4_10="$id_4_10 - $desc_4_10"
|
||||||
starttestjson "$id_4_10" "$desc_4_10"
|
starttestjson "$id_4_10" "$desc_4_10"
|
||||||
|
|
||||||
|
|
@ -248,7 +248,7 @@ check_4_10() {
|
||||||
# 4.11
|
# 4.11
|
||||||
check_4_11() {
|
check_4_11() {
|
||||||
id_4_11="4.11"
|
id_4_11="4.11"
|
||||||
desc_4_11="Ensure only verified packages are installed"
|
desc_4_11="Ensure only verified packages are are installed (Not Scored)"
|
||||||
check_4_11="$id_4_11 - $desc_4_11"
|
check_4_11="$id_4_11 - $desc_4_11"
|
||||||
starttestjson "$id_4_11" "$desc_4_11"
|
starttestjson "$id_4_11" "$desc_4_11"
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -29,7 +29,7 @@ check_5_1() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
id_5_1="5.1"
|
id_5_1="5.1"
|
||||||
desc_5_1="Ensure that, if applicable, an AppArmor Profile is enabled "
|
desc_5_1="Ensure that, if applicable, an AppArmor Profile is enabled (Scored)"
|
||||||
check_5_1="$id_5_1 - $desc_5_1"
|
check_5_1="$id_5_1 - $desc_5_1"
|
||||||
starttestjson "$id_5_1" "$desc_5_1"
|
starttestjson "$id_5_1" "$desc_5_1"
|
||||||
|
|
||||||
|
|
@ -71,7 +71,7 @@ check_5_2() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
id_5_2="5.2"
|
id_5_2="5.2"
|
||||||
desc_5_2="Ensure that, if applicable, SELinux security options are set"
|
desc_5_2="Ensure that, if applicable, SELinux security options are set (Scored)"
|
||||||
check_5_2="$id_5_2 - $desc_5_2"
|
check_5_2="$id_5_2 - $desc_5_2"
|
||||||
starttestjson "$id_5_2" "$desc_5_2"
|
starttestjson "$id_5_2" "$desc_5_2"
|
||||||
|
|
||||||
|
|
@ -113,7 +113,7 @@ check_5_3() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
id_5_3="5.3"
|
id_5_3="5.3"
|
||||||
desc_5_3="Ensure Linux Kernel Capabilities are restricted within containers"
|
desc_5_3="Ensure that Linux kernel capabilities are restricted within containers (Scored)"
|
||||||
check_5_3="$id_5_3 - $desc_5_3"
|
check_5_3="$id_5_3 - $desc_5_3"
|
||||||
starttestjson "$id_5_3" "$desc_5_3"
|
starttestjson "$id_5_3" "$desc_5_3"
|
||||||
|
|
||||||
|
|
@ -158,7 +158,7 @@ check_5_4() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
id_5_4="5.4"
|
id_5_4="5.4"
|
||||||
desc_5_4="Ensure that privileged containers are not used"
|
desc_5_4="Ensure that privileged containers are not used (Scored)"
|
||||||
check_5_4="$id_5_4 - $desc_5_4"
|
check_5_4="$id_5_4 - $desc_5_4"
|
||||||
starttestjson "$id_5_4" "$desc_5_4"
|
starttestjson "$id_5_4" "$desc_5_4"
|
||||||
|
|
||||||
|
|
@ -200,7 +200,7 @@ check_5_5() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
id_5_5="5.5"
|
id_5_5="5.5"
|
||||||
desc_5_5="Ensure sensitive host system directories are not mounted on containers"
|
desc_5_5="Ensure sensitive host system directories are not mounted on containers (Scored)"
|
||||||
check_5_5="$id_5_5 - $desc_5_5"
|
check_5_5="$id_5_5 - $desc_5_5"
|
||||||
starttestjson "$id_5_5" "$desc_5_5"
|
starttestjson "$id_5_5" "$desc_5_5"
|
||||||
|
|
||||||
|
|
@ -262,7 +262,7 @@ check_5_6() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
id_5_6="5.6"
|
id_5_6="5.6"
|
||||||
desc_5_6="Ensure sshd is not run within containers"
|
desc_5_6="Ensure sshd is not run within containers (Scored)"
|
||||||
check_5_6="$id_5_6 - $desc_5_6"
|
check_5_6="$id_5_6 - $desc_5_6"
|
||||||
starttestjson "$id_5_6" "$desc_5_6"
|
starttestjson "$id_5_6" "$desc_5_6"
|
||||||
|
|
||||||
|
|
@ -318,7 +318,7 @@ check_5_7() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
id_5_7="5.7"
|
id_5_7="5.7"
|
||||||
desc_5_7="Ensure privileged ports are not mapped within containers"
|
desc_5_7="Ensure privileged ports are not mapped within containers (Scored)"
|
||||||
check_5_7="$id_5_7 - $desc_5_7"
|
check_5_7="$id_5_7 - $desc_5_7"
|
||||||
starttestjson "$id_5_7" "$desc_5_7"
|
starttestjson "$id_5_7" "$desc_5_7"
|
||||||
|
|
||||||
|
|
@ -364,7 +364,7 @@ check_5_8() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
id_5_8="5.8"
|
id_5_8="5.8"
|
||||||
desc_5_8="Ensure that only needed ports are open on the container"
|
desc_5_8="Ensure that only needed ports are open on the container (Not Scored)"
|
||||||
check_5_8="$id_5_8 - $desc_5_8"
|
check_5_8="$id_5_8 - $desc_5_8"
|
||||||
starttestjson "$id_5_8" "$desc_5_8"
|
starttestjson "$id_5_8" "$desc_5_8"
|
||||||
|
|
||||||
|
|
@ -381,7 +381,7 @@ check_5_9() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
id_5_9="5.9"
|
id_5_9="5.9"
|
||||||
desc_5_9="Ensure the host's network namespace is not shared"
|
desc_5_9="Ensure that the host's network namespace is not shared (Scored)"
|
||||||
check_5_9="$id_5_9 - $desc_5_9"
|
check_5_9="$id_5_9 - $desc_5_9"
|
||||||
starttestjson "$id_5_9" "$desc_5_9"
|
starttestjson "$id_5_9" "$desc_5_9"
|
||||||
|
|
||||||
|
|
@ -423,7 +423,7 @@ check_5_10() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
id_5_10="5.10"
|
id_5_10="5.10"
|
||||||
desc_5_10="Ensure that the memory usage for containers is limited"
|
desc_5_10="Ensure that the memory usage for containers is limited (Scored)"
|
||||||
check_5_10="$id_5_10 - $desc_5_10"
|
check_5_10="$id_5_10 - $desc_5_10"
|
||||||
starttestjson "$id_5_10" "$desc_5_10"
|
starttestjson "$id_5_10" "$desc_5_10"
|
||||||
|
|
||||||
|
|
@ -469,7 +469,7 @@ check_5_11() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
id_5_11="5.11"
|
id_5_11="5.11"
|
||||||
desc_5_11="Ensure CPU priority is set appropriately on the container"
|
desc_5_11="Ensure that CPU priority is set appropriately on containers (Scored)"
|
||||||
check_5_11="$id_5_11 - $desc_5_11"
|
check_5_11="$id_5_11 - $desc_5_11"
|
||||||
starttestjson "$id_5_11" "$desc_5_11"
|
starttestjson "$id_5_11" "$desc_5_11"
|
||||||
|
|
||||||
|
|
@ -515,7 +515,7 @@ check_5_12() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
id_5_12="5.12"
|
id_5_12="5.12"
|
||||||
desc_5_12="Ensure that the container's root filesystem is mounted as read only"
|
desc_5_12="Ensure that the container's root filesystem is mounted as read only (Scored)"
|
||||||
check_5_12="$id_5_12 - $desc_5_12"
|
check_5_12="$id_5_12 - $desc_5_12"
|
||||||
starttestjson "$id_5_12" "$desc_5_12"
|
starttestjson "$id_5_12" "$desc_5_12"
|
||||||
|
|
||||||
|
|
@ -557,7 +557,7 @@ check_5_13() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
id_5_13="5.13"
|
id_5_13="5.13"
|
||||||
desc_5_13="Ensure that incoming container traffic is bound to a specific host interface"
|
desc_5_13="Ensure that incoming container traffic is bound to a specific host interface (Scored)"
|
||||||
check_5_13="$id_5_13 - $desc_5_13"
|
check_5_13="$id_5_13 - $desc_5_13"
|
||||||
starttestjson "$id_5_13" "$desc_5_13"
|
starttestjson "$id_5_13" "$desc_5_13"
|
||||||
|
|
||||||
|
|
@ -599,7 +599,7 @@ check_5_14() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
id_5_14="5.14"
|
id_5_14="5.14"
|
||||||
desc_5_14="Ensure that the 'on-failure' container restart policy is set to '5'"
|
desc_5_14="Ensure that the 'on-failure' container restart policy is set to '5' (Scored)"
|
||||||
check_5_14="$id_5_14 - $desc_5_14"
|
check_5_14="$id_5_14 - $desc_5_14"
|
||||||
starttestjson "$id_5_14" "$desc_5_14"
|
starttestjson "$id_5_14" "$desc_5_14"
|
||||||
|
|
||||||
|
|
@ -641,7 +641,7 @@ check_5_15() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
id_5_15="5.15"
|
id_5_15="5.15"
|
||||||
desc_5_15="Ensure the host's process namespace is not shared"
|
desc_5_15="Ensure that the host's process namespace is not shared (Scored)"
|
||||||
check_5_15="$id_5_15 - $desc_5_15"
|
check_5_15="$id_5_15 - $desc_5_15"
|
||||||
starttestjson "$id_5_15" "$desc_5_15"
|
starttestjson "$id_5_15" "$desc_5_15"
|
||||||
|
|
||||||
|
|
@ -683,7 +683,7 @@ check_5_16() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
id_5_16="5.16"
|
id_5_16="5.16"
|
||||||
desc_5_16="Ensure the host's IPC namespace is not shared"
|
desc_5_16="Ensure that the host's IPC namespace is not shared (Scored)"
|
||||||
check_5_16="$id_5_16 - $desc_5_16"
|
check_5_16="$id_5_16 - $desc_5_16"
|
||||||
starttestjson "$id_5_16" "$desc_5_16"
|
starttestjson "$id_5_16" "$desc_5_16"
|
||||||
|
|
||||||
|
|
@ -725,7 +725,7 @@ check_5_17() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
id_5_17="5.17"
|
id_5_17="5.17"
|
||||||
desc_5_17="Ensure that host devices are not directly exposed to containers"
|
desc_5_17="Ensure that host devices are not directly exposed to containers (Not Scored)"
|
||||||
check_5_17="$id_5_17 - $desc_5_17"
|
check_5_17="$id_5_17 - $desc_5_17"
|
||||||
starttestjson "$id_5_17" "$desc_5_17"
|
starttestjson "$id_5_17" "$desc_5_17"
|
||||||
|
|
||||||
|
|
@ -767,7 +767,7 @@ check_5_18() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
id_5_18="5.18"
|
id_5_18="5.18"
|
||||||
desc_5_18="Ensure that the default ulimit is overwritten at runtime if needed"
|
desc_5_18="Ensure that the default ulimit is overwritten at runtime if needed (Not Scored)"
|
||||||
check_5_18="$id_5_18 - $desc_5_18"
|
check_5_18="$id_5_18 - $desc_5_18"
|
||||||
starttestjson "$id_5_18" "$desc_5_18"
|
starttestjson "$id_5_18" "$desc_5_18"
|
||||||
|
|
||||||
|
|
@ -809,7 +809,7 @@ check_5_19() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
id_5_19="5.19"
|
id_5_19="5.19"
|
||||||
desc_5_19="Ensure mount propagation mode is not set to shared"
|
desc_5_19="Ensure mount propagation mode is not set to shared (Scored)"
|
||||||
check_5_19="$id_5_19 - $desc_5_19"
|
check_5_19="$id_5_19 - $desc_5_19"
|
||||||
starttestjson "$id_5_19" "$desc_5_19"
|
starttestjson "$id_5_19" "$desc_5_19"
|
||||||
|
|
||||||
|
|
@ -850,7 +850,7 @@ check_5_20() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
id_5_20="5.20"
|
id_5_20="5.20"
|
||||||
desc_5_20="Ensure the host's UTS namespace is not shared"
|
desc_5_20="Ensure that the host's UTS namespace is not shared (Scored)"
|
||||||
check_5_20="$id_5_20 - $desc_5_20"
|
check_5_20="$id_5_20 - $desc_5_20"
|
||||||
starttestjson "$id_5_20" "$desc_5_20"
|
starttestjson "$id_5_20" "$desc_5_20"
|
||||||
|
|
||||||
|
|
@ -892,7 +892,7 @@ check_5_21() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
id_5_21="5.21"
|
id_5_21="5.21"
|
||||||
desc_5_21="Ensure the default seccomp profile is not Disabled"
|
desc_5_21="Ensurethe default seccomp profile is not Disabled (Scored)"
|
||||||
check_5_21="$id_5_21 - $desc_5_21"
|
check_5_21="$id_5_21 - $desc_5_21"
|
||||||
starttestjson "$id_5_21" "$desc_5_21"
|
starttestjson "$id_5_21" "$desc_5_21"
|
||||||
|
|
||||||
|
|
@ -933,7 +933,7 @@ check_5_22() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
id_5_22="5.22"
|
id_5_22="5.22"
|
||||||
desc_5_22="Ensure docker exec commands are not used with privileged option"
|
desc_5_22="Ensure that docker exec commands are not used with the privileged option (Scored)"
|
||||||
check_5_22="$id_5_22 - $desc_5_22"
|
check_5_22="$id_5_22 - $desc_5_22"
|
||||||
starttestjson "$id_5_22" "$desc_5_22"
|
starttestjson "$id_5_22" "$desc_5_22"
|
||||||
|
|
||||||
|
|
@ -950,7 +950,7 @@ check_5_23() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
id_5_23="5.23"
|
id_5_23="5.23"
|
||||||
desc_5_23="Ensure that docker exec commands are not used with the user=root option"
|
desc_5_23="Ensure that docker exec commands are not used with the user=root option (Not Scored)"
|
||||||
check_5_23="$id_5_23 - $desc_5_23"
|
check_5_23="$id_5_23 - $desc_5_23"
|
||||||
starttestjson "$id_5_23" "$desc_5_23"
|
starttestjson "$id_5_23" "$desc_5_23"
|
||||||
|
|
||||||
|
|
@ -967,7 +967,7 @@ check_5_24() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
id_5_24="5.24"
|
id_5_24="5.24"
|
||||||
desc_5_24="Ensure that cgroup usage is confirmed"
|
desc_5_24="Ensure that cgroup usage is confirmed (Scored)"
|
||||||
check_5_24="$id_5_24 - $desc_5_24"
|
check_5_24="$id_5_24 - $desc_5_24"
|
||||||
starttestjson "$id_5_24" "$desc_5_24"
|
starttestjson "$id_5_24" "$desc_5_24"
|
||||||
|
|
||||||
|
|
@ -1008,7 +1008,7 @@ check_5_25() {
|
||||||
return
|
return
|
||||||
fi
|
fi
|
||||||
id_5_25="5.25"
|
id_5_25="5.25"
|
||||||
desc_5_25="Ensure that the container is restricted from acquiring additional privileges"
|
desc_5_25="Ensure that the container is restricted from acquiring additional privileges (Scored)"
|
||||||
check_5_25="$id_5_25 - $desc_5_25"
|
check_5_25="$id_5_25 - $desc_5_25"
|
||||||
starttestjson "$id_5_25" "$desc_5_25"
|
starttestjson "$id_5_25" "$desc_5_25"
|
||||||
|
|
||||||
|
|
@ -1048,7 +1048,7 @@ check_5_26() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
id_5_26="5.26"
|
id_5_26="5.26"
|
||||||
desc_5_26="Ensure that container health is checked at runtime"
|
desc_5_26="Ensure that container health is checked at runtime (Scored)"
|
||||||
check_5_26="$id_5_26 - $desc_5_26"
|
check_5_26="$id_5_26 - $desc_5_26"
|
||||||
starttestjson "$id_5_26" "$desc_5_26"
|
starttestjson "$id_5_26" "$desc_5_26"
|
||||||
|
|
||||||
|
|
@ -1086,7 +1086,7 @@ check_5_27() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
id_5_27="5.27"
|
id_5_27="5.27"
|
||||||
desc_5_27="Ensure that Docker commands always make use of the latest version of their image"
|
desc_5_27="Ensure that Docker commands always make use of the latest version of their image (Not Scored)"
|
||||||
check_5_27="$id_5_27 - $desc_5_27"
|
check_5_27="$id_5_27 - $desc_5_27"
|
||||||
starttestjson "$id_5_27" "$desc_5_27"
|
starttestjson "$id_5_27" "$desc_5_27"
|
||||||
|
|
||||||
|
|
@ -1103,7 +1103,7 @@ check_5_28() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
id_5_28="5.28"
|
id_5_28="5.28"
|
||||||
desc_5_28="Ensure that the PIDs cgroup limit is used"
|
desc_5_28="Ensure that the PIDs cgroup limit is used (Scored)"
|
||||||
check_5_28="$id_5_28 - $desc_5_28"
|
check_5_28="$id_5_28 - $desc_5_28"
|
||||||
starttestjson "$id_5_28" "$desc_5_28"
|
starttestjson "$id_5_28" "$desc_5_28"
|
||||||
|
|
||||||
|
|
@ -1145,7 +1145,7 @@ check_5_29() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
id_5_29="5.29"
|
id_5_29="5.29"
|
||||||
desc_5_29="Ensure that Docker's default bridge 'docker0' is not used"
|
desc_5_29="Ensure that Docker's default bridge "docker0" is not used (Not Scored)"
|
||||||
check_5_29="$id_5_29 - $desc_5_29"
|
check_5_29="$id_5_29 - $desc_5_29"
|
||||||
starttestjson "$id_5_29" "$desc_5_29"
|
starttestjson "$id_5_29" "$desc_5_29"
|
||||||
|
|
||||||
|
|
@ -1198,7 +1198,7 @@ check_5_30() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
id_5_30="5.30"
|
id_5_30="5.30"
|
||||||
desc_5_30="Ensure that the host's user namespaces are not shared"
|
desc_5_30="Ensure that the host's user namespaces are not shared (Scored)"
|
||||||
check_5_30="$id_5_30 - $desc_5_30"
|
check_5_30="$id_5_30 - $desc_5_30"
|
||||||
starttestjson "$id_5_30" "$desc_5_30"
|
starttestjson "$id_5_30" "$desc_5_30"
|
||||||
|
|
||||||
|
|
@ -1238,7 +1238,7 @@ check_5_31() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
id_5_31="5.31"
|
id_5_31="5.31"
|
||||||
desc_5_31="Ensure that the Docker socket is not mounted inside any containers"
|
desc_5_31="Ensure that the Docker socket is not mounted inside any containers (Scored)"
|
||||||
check_5_31="$id_5_31 - $desc_5_31"
|
check_5_31="$id_5_31 - $desc_5_31"
|
||||||
starttestjson "$id_5_31" "$desc_5_31"
|
starttestjson "$id_5_31" "$desc_5_31"
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -12,7 +12,7 @@ check_6() {
|
||||||
# 6.1
|
# 6.1
|
||||||
check_6_1() {
|
check_6_1() {
|
||||||
id_6_1="6.1"
|
id_6_1="6.1"
|
||||||
desc_6_1="Ensure that image sprawl is avoided"
|
desc_6_1="Ensure that image sprawl is avoided (Not Scored)"
|
||||||
check_6_1="$id_6_1 - $desc_6_1"
|
check_6_1="$id_6_1 - $desc_6_1"
|
||||||
starttestjson "$id_6_1" "$desc_6_1"
|
starttestjson "$id_6_1" "$desc_6_1"
|
||||||
|
|
||||||
|
|
@ -39,7 +39,7 @@ check_6_1() {
|
||||||
# 6.2
|
# 6.2
|
||||||
check_6_2() {
|
check_6_2() {
|
||||||
id_6_2="6.2"
|
id_6_2="6.2"
|
||||||
desc_6_2="Ensure that container sprawl is avoided"
|
desc_6_2="Ensure that container sprawl is avoided (Not Scored)"
|
||||||
check_6_2="$id_6_2 - $desc_6_2"
|
check_6_2="$id_6_2 - $desc_6_2"
|
||||||
starttestjson "$id_6_2" "$desc_6_2"
|
starttestjson "$id_6_2" "$desc_6_2"
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -12,7 +12,7 @@ check_7() {
|
||||||
# 7.1
|
# 7.1
|
||||||
check_7_1() {
|
check_7_1() {
|
||||||
id_7_1="7.1"
|
id_7_1="7.1"
|
||||||
desc_7_1="Ensure swarm mode is not Enabled, if not needed"
|
desc_7_1="Ensure swarm mode is not Enabled, if not needed (Scored)"
|
||||||
check_7_1="$id_7_1 - $desc_7_1"
|
check_7_1="$id_7_1 - $desc_7_1"
|
||||||
starttestjson "$id_7_1" "$desc_7_1"
|
starttestjson "$id_7_1" "$desc_7_1"
|
||||||
|
|
||||||
|
|
@ -31,7 +31,7 @@ check_7_1() {
|
||||||
# 7.2
|
# 7.2
|
||||||
check_7_2() {
|
check_7_2() {
|
||||||
id_7_2="7.2"
|
id_7_2="7.2"
|
||||||
desc_7_2="Ensure that the minimum number of manager nodes have been created in a swarm"
|
desc_7_2="Ensure that the minimum number of manager nodes have been created in a swarm (Scored)"
|
||||||
check_7_2="$id_7_2 - $desc_7_2"
|
check_7_2="$id_7_2 - $desc_7_2"
|
||||||
starttestjson "$id_7_2" "$desc_7_2"
|
starttestjson "$id_7_2" "$desc_7_2"
|
||||||
|
|
||||||
|
|
@ -57,7 +57,7 @@ check_7_2() {
|
||||||
# 7.3
|
# 7.3
|
||||||
check_7_3() {
|
check_7_3() {
|
||||||
id_7_3="7.3"
|
id_7_3="7.3"
|
||||||
desc_7_3="Ensure that swarm services are bound to a specific host interface"
|
desc_7_3="Ensure that swarm services are bound to a specific host interface (Scored)"
|
||||||
check_7_3="$id_7_3 - $desc_7_3"
|
check_7_3="$id_7_3 - $desc_7_3"
|
||||||
starttestjson "$id_7_3" "$desc_7_3"
|
starttestjson "$id_7_3" "$desc_7_3"
|
||||||
|
|
||||||
|
|
@ -83,7 +83,7 @@ check_7_3() {
|
||||||
# 7.4
|
# 7.4
|
||||||
check_7_4() {
|
check_7_4() {
|
||||||
id_7_4="7.4"
|
id_7_4="7.4"
|
||||||
desc_7_4="Ensure that all Docker swarm overlay networks are encrypted"
|
desc_7_4="Ensure that all Docker swarm overlay networks are encrypted (Scored)"
|
||||||
check_7_4="$id_7_4 - $desc_7_4"
|
check_7_4="$id_7_4 - $desc_7_4"
|
||||||
starttestjson "$id_7_4" "$desc_7_4"
|
starttestjson "$id_7_4" "$desc_7_4"
|
||||||
|
|
||||||
|
|
@ -116,7 +116,7 @@ check_7_4() {
|
||||||
# 7.5
|
# 7.5
|
||||||
check_7_5() {
|
check_7_5() {
|
||||||
id_7_5="7.5"
|
id_7_5="7.5"
|
||||||
desc_7_5="Ensure that Docker's secret management commands are used for managing secrets in a swarm cluster"
|
desc_7_5="Ensure that Docker's secret management commands are used for managing secrets in a swarm cluster (Not Scored)"
|
||||||
check_7_5="$id_7_5 - $desc_7_5"
|
check_7_5="$id_7_5 - $desc_7_5"
|
||||||
starttestjson "$id_7_5" "$desc_7_5"
|
starttestjson "$id_7_5" "$desc_7_5"
|
||||||
|
|
||||||
|
|
@ -141,7 +141,7 @@ check_7_5() {
|
||||||
# 7.6
|
# 7.6
|
||||||
check_7_6() {
|
check_7_6() {
|
||||||
id_7_6="7.6"
|
id_7_6="7.6"
|
||||||
desc_7_6="Ensure that swarm manager is run in auto-lock mode"
|
desc_7_6="Ensure that swarm manager is run in auto-lock mode (Scored)"
|
||||||
check_7_6="$id_7_6 - $desc_7_6"
|
check_7_6="$id_7_6 - $desc_7_6"
|
||||||
starttestjson "$id_7_6" "$desc_7_6"
|
starttestjson "$id_7_6" "$desc_7_6"
|
||||||
|
|
||||||
|
|
@ -166,7 +166,7 @@ check_7_6() {
|
||||||
# 7.7
|
# 7.7
|
||||||
check_7_7() {
|
check_7_7() {
|
||||||
id_7_7="7.7"
|
id_7_7="7.7"
|
||||||
desc_7_7="Ensure that the swarm manager auto-lock key is rotated periodically"
|
desc_7_7="Ensure that the swarm manager auto-lock key is rotated periodically (Not Scored)"
|
||||||
check_7_7="$id_7_7 - $desc_7_7"
|
check_7_7="$id_7_7 - $desc_7_7"
|
||||||
starttestjson "$id_7_7" "$desc_7_7"
|
starttestjson "$id_7_7" "$desc_7_7"
|
||||||
|
|
||||||
|
|
@ -185,7 +185,7 @@ check_7_7() {
|
||||||
# 7.8
|
# 7.8
|
||||||
check_7_8() {
|
check_7_8() {
|
||||||
id_7_8="7.8"
|
id_7_8="7.8"
|
||||||
desc_7_8="Ensure that node certificates are rotated as appropriate"
|
desc_7_8="Ensure that node certificates are rotated as appropriate (Not Scored)"
|
||||||
check_7_8="$id_7_8 - $desc_7_8"
|
check_7_8="$id_7_8 - $desc_7_8"
|
||||||
starttestjson "$id_7_8" "$desc_7_8"
|
starttestjson "$id_7_8" "$desc_7_8"
|
||||||
|
|
||||||
|
|
@ -210,7 +210,7 @@ check_7_8() {
|
||||||
# 7.9
|
# 7.9
|
||||||
check_7_9() {
|
check_7_9() {
|
||||||
id_7_9="7.9"
|
id_7_9="7.9"
|
||||||
desc_7_9="Ensure that CA certificates are rotated as appropriate"
|
desc_7_9="Ensure that CA certificates are rotated as appropriate (Not Scored)"
|
||||||
check_7_9="$id_7_9 - $desc_7_9"
|
check_7_9="$id_7_9 - $desc_7_9"
|
||||||
starttestjson "$id_7_9" "$desc_7_9"
|
starttestjson "$id_7_9" "$desc_7_9"
|
||||||
|
|
||||||
|
|
@ -229,7 +229,7 @@ check_7_9() {
|
||||||
# 7.10
|
# 7.10
|
||||||
check_7_10() {
|
check_7_10() {
|
||||||
id_7_10="7.10"
|
id_7_10="7.10"
|
||||||
desc_7_10="Ensure that management plane traffic is separated from data plane traffic"
|
desc_7_10="Ensure that management plane traffic is separated from data plane traffic (Not Scored)"
|
||||||
check_7_10="$id_7_10 - $desc_7_10"
|
check_7_10="$id_7_10 - $desc_7_10"
|
||||||
starttestjson "$id_7_10" "$desc_7_10"
|
starttestjson "$id_7_10" "$desc_7_10"
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -36,7 +36,7 @@ check_8_1_1() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
id_8_1_1="8.1.1"
|
id_8_1_1="8.1.1"
|
||||||
desc_8_1_1="Configure the LDAP authentication service"
|
desc_8_1_1="Configure the LDAP authentication service (Scored)"
|
||||||
check_8_1_1="$id_8_1_1 - $desc_8_1_1"
|
check_8_1_1="$id_8_1_1 - $desc_8_1_1"
|
||||||
starttestjson "$id_8_1_1" "$desc_8_1_1"
|
starttestjson "$id_8_1_1" "$desc_8_1_1"
|
||||||
|
|
||||||
|
|
@ -53,7 +53,7 @@ check_8_1_2() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
id_8_1_2="8.1.2"
|
id_8_1_2="8.1.2"
|
||||||
desc_8_1_2="Use external certificates"
|
desc_8_1_2="Use external certificates (Scored)"
|
||||||
check_8_1_2="$id_8_1_2 - $desc_8_1_2"
|
check_8_1_2="$id_8_1_2 - $desc_8_1_2"
|
||||||
starttestjson "$id_8_1_2" "$desc_8_1_2"
|
starttestjson "$id_8_1_2" "$desc_8_1_2"
|
||||||
|
|
||||||
|
|
@ -70,7 +70,7 @@ check_8_1_3() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
id_8_1_3="8.1.3"
|
id_8_1_3="8.1.3"
|
||||||
desc_8_1_3="Enforce the use of client certificate bundles for unprivileged users"
|
desc_8_1_3="Enforce the use of client certificate bundles for unprivileged users (Not Scored)"
|
||||||
check_8_1_3="$id_8_1_3 - $desc_8_1_3"
|
check_8_1_3="$id_8_1_3 - $desc_8_1_3"
|
||||||
starttestjson "$id_8_1_3" "$desc_8_1_3"
|
starttestjson "$id_8_1_3" "$desc_8_1_3"
|
||||||
|
|
||||||
|
|
@ -87,7 +87,7 @@ check_8_1_4() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
id_8_1_4="8.1.4"
|
id_8_1_4="8.1.4"
|
||||||
desc_8_1_4="Configure applicable cluster role-based access control policies"
|
desc_8_1_4="Configure applicable cluster role-based access control policies (Not Scored)"
|
||||||
check_8_1_4="$id_8_1_4 - $desc_8_1_4"
|
check_8_1_4="$id_8_1_4 - $desc_8_1_4"
|
||||||
starttestjson "$id_8_1_4" "$desc_8_1_4"
|
starttestjson "$id_8_1_4" "$desc_8_1_4"
|
||||||
|
|
||||||
|
|
@ -104,7 +104,7 @@ check_8_1_5() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
id_8_1_5="8.1.5"
|
id_8_1_5="8.1.5"
|
||||||
desc_8_1_5="Enable signed image enforcement"
|
desc_8_1_5="Enable signed image enforcement (Scored)"
|
||||||
check_8_1_5="$id_8_1_5 - $desc_8_1_5"
|
check_8_1_5="$id_8_1_5 - $desc_8_1_5"
|
||||||
starttestjson "$id_8_1_5" "$desc_8_1_5"
|
starttestjson "$id_8_1_5" "$desc_8_1_5"
|
||||||
|
|
||||||
|
|
@ -121,7 +121,7 @@ check_8_1_6() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
id_8_1_6="8.1.6"
|
id_8_1_6="8.1.6"
|
||||||
desc_8_1_6="Set the Per-User Session Limit to a value of '3' or lower"
|
desc_8_1_6="Set the Per-User Session Limit to a value of '3' or lower (Scored)"
|
||||||
check_8_1_6="$id_8_1_6 - $desc_8_1_6"
|
check_8_1_6="$id_8_1_6 - $desc_8_1_6"
|
||||||
starttestjson "$id_8_1_6" "$desc_8_1_6"
|
starttestjson "$id_8_1_6" "$desc_8_1_6"
|
||||||
|
|
||||||
|
|
@ -138,7 +138,7 @@ check_8_1_7() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
id_8_1_7="8.1.7"
|
id_8_1_7="8.1.7"
|
||||||
desc_8_1_7="Set the 'Lifetime Minutes' and 'Renewal Threshold Minutes' values to '15' or lower and '0' respectively"
|
desc_8_1_7="Set the 'Lifetime Minutes' and 'Renewal Threshold Minutes' values to '15' or lower and '0' respectively (Scored)"
|
||||||
check_8_1_7="$id_8_1_7 - $desc_8_1_7"
|
check_8_1_7="$id_8_1_7 - $desc_8_1_7"
|
||||||
starttestjson "$id_8_1_7" "$desc_8_1_7"
|
starttestjson "$id_8_1_7" "$desc_8_1_7"
|
||||||
|
|
||||||
|
|
@ -166,7 +166,7 @@ check_8_2_1() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
id_8_2_1="8.2.1"
|
id_8_2_1="8.2.1"
|
||||||
desc_8_2_1="Enable image vulnerability scanning"
|
desc_8_2_1="Enable image vulnerability scanning (Scored)"
|
||||||
check_8_2_1="$id_8_2_1 - $desc_8_2_1"
|
check_8_2_1="$id_8_2_1 - $desc_8_2_1"
|
||||||
starttestjson "$id_8_2_1" "$desc_8_2_1"
|
starttestjson "$id_8_2_1" "$desc_8_2_1"
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue