From 997ce7330e1e69a377f14eab7fcb0b94348f5790 Mon Sep 17 00:00:00 2001 From: Karol Babioch Date: Thu, 11 Jan 2018 16:43:53 +0100 Subject: [PATCH] Replace netstat by ss ss(8) is a modern replacement for netstat(8). The former is slowly replacing the latter in major Linux distributions, which makes it necessary to switch at some point. This addresses #278. Signed-off-by: Karol Babioch --- docker-bench-security.sh | 2 +- tests/7_docker_swarm_configuration.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-bench-security.sh b/docker-bench-security.sh index ce4de2c..280c552 100755 --- a/docker-bench-security.sh +++ b/docker-bench-security.sh @@ -19,7 +19,7 @@ myname=$(basename "${this_path}") ## file name of this script. export PATH=/bin:/sbin:/usr/bin:/usr/local/bin:/usr/sbin/ # Check for required program(s) -req_progs='awk docker grep netstat stat' +req_progs='awk docker grep ss stat' for p in $req_progs; do command -v "$p" >/dev/null 2>&1 || { printf "%s command not found.\n" "$p"; exit 1; } done diff --git a/tests/7_docker_swarm_configuration.sh b/tests/7_docker_swarm_configuration.sh index a3a80c7..df1f67d 100644 --- a/tests/7_docker_swarm_configuration.sh +++ b/tests/7_docker_swarm_configuration.sh @@ -32,7 +32,7 @@ fi # 7.3 check_7_3="7.3 - Ensure swarm services are binded to a specific host interface" if docker info 2>/dev/null | grep -e "Swarm:*\sactive\s*" >/dev/null 2>&1; then - netstat -lnt | grep -e '\[::]:2377 ' -e ':::2377' -e '*:2377 ' -e ' 0\.0\.0\.0:2377 ' >/dev/null 2>&1 + ss -lnt | grep -e '\[::]:2377 ' -e ':::2377' -e '*:2377 ' -e ' 0\.0\.0\.0:2377 ' >/dev/null 2>&1 if [ $? -eq 1 ]; then pass "$check_7_3" logjson "7.3" "PASS"