Replace netstat by ss

ss(8) is a modern replacement for netstat(8). The former is slowly replacing the latter in major Linux distributions, which makes it necessary to switch at some point. This addresses #278. Signed-off-by: Karol Babioch <kbabioch@suse.de>
2025-01-18 16:22:33 +01:00 · 2018-01-11 16:43:53 +01:00 · 2018-01-11 16:43:53 +01:00 · 997ce7330e
commit 997ce7330e
parent aae04fb75e
2 changed files with 2 additions and 2 deletions
--- a/docker-bench-security.sh
+++ b/docker-bench-security.sh
@ -19,7 +19,7 @@ myname=$(basename "${this_path}")     ## file name of this script.
 export PATH=/bin:/sbin:/usr/bin:/usr/local/bin:/usr/sbin/

 # Check for required program(s)
-req_progs='awk docker grep netstat stat'
+req_progs='awk docker grep ss stat'
 for p in $req_progs; do
  command -v "$p" >/dev/null 2>&1 || { printf "%s command not found.\n" "$p"; exit 1; }
 done
--- a/tests/7_docker_swarm_configuration.sh
+++ b/tests/7_docker_swarm_configuration.sh
@ -32,7 +32,7 @@ fi
 # 7.3
 check_7_3="7.3  - Ensure swarm services are binded to a specific host interface"
 if docker info 2>/dev/null | grep -e "Swarm:*\sactive\s*" >/dev/null 2>&1; then
-  netstat -lnt | grep -e '\[::]:2377 ' -e ':::2377' -e '*:2377 ' -e ' 0\.0\.0\.0:2377 ' >/dev/null 2>&1
+  ss -lnt | grep -e '\[::]:2377 ' -e ':::2377' -e '*:2377 ' -e ' 0\.0\.0\.0:2377 ' >/dev/null 2>&1
  if [ $? -eq 1 ]; then
    pass "$check_7_3"
    logjson "7.3" "PASS"