Merge pull request #314 from draios/master

Improve docker-bench-security json output
2025-01-19 00:32:34 +01:00 · 2018-10-12 12:27:20 +02:00 · 2018-10-12 12:27:20 +02:00 · 9ca5b8b2e1
commit 9ca5b8b2e1
parent bbf43c88e1 ec7d8ce690
11 changed files with 1006 additions and 427 deletions
--- a/docker-bench-security.sh
+++ b/docker-bench-security.sh
@ -141,10 +141,8 @@ main () {
  printf "\n"
  info "Checks: $totalChecks"
  info "Score: $currentScore"
  integerjson "checks" "$totalChecks"
  integerjson "score" "$currentScore"
-  endjson "$(date +%s)"
+  endjson "$totalChecks" "$currentScore" "$(date +%s)"
 }
 main "$@"
--- a/functions_lib.sh
+++ b/functions_lib.sh
@ -15,6 +15,7 @@ host_configuration() {
  check_1_11
  check_1_12
  check_1_13
  check_1_end
 }
 docker_daemon_configuration() {
@ -37,6 +38,7 @@ docker_daemon_configuration() {
  check_2_16
  check_2_17
  check_2_18
  check_2_end
 }
 docker_daemon_files() {
@ -61,6 +63,7 @@ docker_daemon_files() {
  check_3_18
  check_3_19
  check_3_20
  check_3_end
 }
 container_images() {
@ -76,6 +79,7 @@ container_images() {
  check_4_9
  check_4_10
  check_4_11
  check_4_end
 }
 container_runtime() {
@ -112,12 +116,14 @@ container_runtime() {
  check_5_29
  check_5_30
  check_5_31
  check_5_end
 }
 docker_security_operations() {
  check_6
  check_6_1
  check_6_2
  check_6_end
 }
 docker_swarm_configuration() {
@ -131,11 +137,13 @@ docker_swarm_configuration() {
  check_7_8
  check_7_9
  check_7_10
  check_7_end
 }
 community_checks() {
  check_c
  check_c_1
  check_c_end
 }
 # CIS
--- a/output_lib.sh
+++ b/output_lib.sh
@ -30,17 +30,43 @@ yell () {
 }
 beginjson () {
-  printf "{\n  \"dockerbenchsecurity\": \"%s\",\n  \"start\": %s," "$1" "$2" | tee "$logger.json" 2>/dev/null 1>&2
+  printf "{\n  \"dockerbenchsecurity\": \"%s\",\n  \"start\": %s,\n  \"tests\": [" "$1" "$2" | tee "$logger.json" 2>/dev/null 1>&2
 }
 endjson (){
-  printf "\n  \"end\": %s \n}\n" "$1" | tee -a "$logger.json" 2>/dev/null 1>&2
+  printf "\n  ], \"checks\": %s, \"score\": %s, \"end\": %s \n}\n" "$1" "$2" "$3" | tee -a "$logger.json" 2>/dev/null 1>&2
 }
 logjson (){
  printf "\n  \"%s\": \"%s\"," "$1" "$2" | tee -a "$logger.json" 2>/dev/null 1>&2
 }
-integerjson (){
+SSEP=
-  printf "\n  \"%s\": %s," "$1" "$2" | tee -a "$logger.json" 2>/dev/null 1>&2
+SEP=
 startsectionjson() {
  printf "%s\n    {\"id\": \"%s\", \"desc\": \"%s\",  \"results\": [" "$SSEP" "$1" "$2" | tee -a "$logger.json" 2>/dev/null 1>&2
  SEP=
  SSEP=","
 }
 endsectionjson() {
  printf "\n    ]}" | tee -a "$logger.json" 2>/dev/null 1>&2
 }
 starttestjson() {
  printf "%s\n      {\"id\": \"%s\", \"desc\": \"%s\", " "$SEP" "$1" "$2" | tee -a "$logger.json" 2>/dev/null 1>&2
  SEP=","
 }
 resulttestjson() {
  if [ $# -eq 1 ]; then
      printf "\"result\": \"%s\"}" "$1" | tee -a "$logger.json" 2>/dev/null 1>&2
  elif [ $# -eq 2 ]; then
      # Result also contains details
      printf "\"result\": \"%s\", \"details\": \"%s\"}" "$1" "$2" | tee -a "$logger.json" 2>/dev/null 1>&2
  else
      # Result also includes details and a list of items. Add that directly to details and to an array property "items"
      itemsJson=$(printf "["; ISEP=""; for item in $3; do printf "%s\"%s\"" "$ISEP" "$item"; ISEP=","; done; printf "]")
      printf "\"result\": \"%s\", \"details\": \"%s: %s\", \"items\": %s}" "$1" "$2" "$3" "$itemsJson" | tee -a "$logger.json" 2>/dev/null 1>&2
  fi
 }
--- a/tests/1_host_configuration.sh
+++ b/tests/1_host_configuration.sh
@ -2,41 +2,57 @@
 check_1() {
  logit ""
-  info "1 - Host Configuration"
+  id_1="1"
  desc_1="Host Configuration"
  check_1="$id_1 - $desc_1"
  info "$check_1"
  startsectionjson "$id_1" "$desc_1"
 }
 # 1.1
 check_1_1() {
-  check_1_1="1.1  - Ensure a separate partition for containers has been created"
+  id_1_1="1.1"
  desc_1_1="Ensure a separate partition for containers has been created"
  check_1_1="$id_1_1  - $desc_1_1"
  starttestjson "$id_1_1" "$desc_1_1"
  totalChecks=$((totalChecks + 1))
  if grep /var/lib/docker /etc/fstab >/dev/null 2>&1; then
    pass "$check_1_1"
-    logjson "1.1" "PASS"
+    resulttestjson "PASS"
    currentScore=$((currentScore + 1))
  elif mountpoint -q  -- /var/lib/docker >/dev/null 2>&1; then
    pass "$check_1_1"
-    logjson "1.1" "PASS"
+    resulttestjson "PASS"
    currentScore=$((currentScore + 1))
  else
    warn "$check_1_1"
-    logjson "1.1" "WARN"
+    resulttestjson "WARN"
    currentScore=$((currentScore - 1))
  fi
 }
 # 1.2
 check_1_2() {
-  check_1_2="1.2  - Ensure the container host has been Hardened"
+  id_1_2="1.2"
  desc_1_2="Ensure the container host has been Hardened"
  check_1_2="$id_1_2  - $desc_1_2"
  starttestjson "$id_1_2" "$desc_1_2"
  totalChecks=$((totalChecks + 1))
  note "$check_1_2"
-  logjson "1.2" "INFO"
+  resulttestjson "INFO"
  currentScore=$((currentScore + 0))
 }
 # 1.3
 check_1_3() {
-  check_1_3="1.3  - Ensure Docker is up to date"
+  id_1_3="1.3"
  desc_1_3="Ensure Docker is up to date"
  check_1_3="$id_1_3  - $desc_1_3"
  starttestjson "$id_1_3" "$desc_1_3"
  totalChecks=$((totalChecks + 1))
  docker_version=$(docker version | grep -i -A2 '^server' | grep ' Version:' \
    | awk '{print $NF; exit}' | tr -d '[:alpha:]-,')
@ -46,316 +62,361 @@ check_1_3() {
    info "$check_1_3"
    info "     * Using $docker_version, verify is it up to date as deemed necessary"
    info "     * Your operating system vendor may provide support and security maintenance for Docker"
-    logjson "1.3" "INFO"
+    resulttestjson "INFO" "Using $docker_version"
    currentScore=$((currentScore + 0))
  else
    pass "$check_1_3"
    info "     * Using $docker_version which is current"
    info "     * Check with your operating system vendor for support and security maintenance for Docker"
-    logjson "1.3" "PASS"
+    resulttestjson "PASS" "Using $docker_version"
    currentScore=$((currentScore + 0))
  fi
 }
 # 1.4
 check_1_4() {
-  check_1_4="1.4  - Ensure only trusted users are allowed to control Docker daemon"
+  id_1_4="1.4"
  desc_1_4="Ensure only trusted users are allowed to control Docker daemon"
  check_1_4="$id_1_4  - $desc_1_4"
  starttestjson "$id_1_4" "$desc_1_4"
  totalChecks=$((totalChecks + 1))
  docker_users=$(getent group docker)
  info "$check_1_4"
  for u in $docker_users; do
    info "     * $u"
    logjson "1.4" "INFO: $u"
  done
  resulttestjson "INFO" "users" "$docker_users"
  currentScore=$((currentScore + 0))
 }
 # 1.5
 check_1_5() {
-  check_1_5="1.5  - Ensure auditing is configured for the Docker daemon"
+  id_1_5="1.5"
  desc_1_5="Ensure auditing is configured for the Docker daemon"
  check_1_5="$id_1_5  - $desc_1_5"
  starttestjson "$id_1_5" "$desc_1_5"
  totalChecks=$((totalChecks + 1))
  file="/usr/bin/docker "
  if command -v auditctl >/dev/null 2>&1; then
    if auditctl -l | grep "$file" >/dev/null 2>&1; then
      pass "$check_1_5"
-      logjson "1.5" "PASS"
+      resulttestjson "PASS"
      currentScore=$((currentScore + 1))
    else
      warn "$check_1_5"
-      logjson "1.5" "WARN"
+      resulttestjson "WARN"
      currentScore=$((currentScore - 1))
    fi
  elif grep -s "$file" "$auditrules" | grep "^[^#;]" 2>/dev/null 1>&2; then
    pass "$check_1_5"
-    logjson "1.5" "PASS"
+    resulttestjson "PASS"
    currentScore=$((currentScore + 1))
  else
    warn "$check_1_5"
-    logjson "1.5" "WARN"
+    resulttestjson "WARN"
    currentScore=$((currentScore - 1))
  fi
 }
 # 1.6
 check_1_6() {
-  check_1_6="1.6  - Ensure auditing is configured for Docker files and directories - /var/lib/docker"
+  id_1_6="1.6"
  desc_1_6="Ensure auditing is configured for Docker files and directories - /var/lib/docker"
  check_1_6="$id_1_6  - $desc_1_6"
  starttestjson "$id_1_6" "$desc_1_6"
  totalChecks=$((totalChecks + 1))
  directory="/var/lib/docker"
  if [ -d "$directory" ]; then
    if command -v auditctl >/dev/null 2>&1; then
      if auditctl -l | grep $directory >/dev/null 2>&1; then
        pass "$check_1_6"
-        logjson "1.6" "PASS"
+        resulttestjson "PASS"
        currentScore=$((currentScore + 1))
      else
        warn "$check_1_6"
-        logjson "1.6" "WARN"
+        resulttestjson "WARN"
        currentScore=$((currentScore - 1))
      fi
    elif grep -s "$directory" "$auditrules" | grep "^[^#;]" 2>/dev/null 1>&2; then
      pass "$check_1_6"
-      logjson "1.6" "PASS"
+      resulttestjson "PASS"
      currentScore=$((currentScore + 1))
    else
      warn "$check_1_6"
-      logjson "1.6" "WARN"
+      resulttestjson "WARN"
      currentScore=$((currentScore - 1))
    fi
  else
    info "$check_1_6"
    info "     * Directory not found"
-    logjson "1.6" "INFO"
+    resulttestjson "INFO" "Directory not found"
    currentScore=$((currentScore + 0))
  fi
 }
 # 1.7
 check_1_7() {
-  check_1_7="1.7  - Ensure auditing is configured for Docker files and directories - /etc/docker"
+  id_1_7="1.7"
  desc_1_7="Ensure auditing is configured for Docker files and directories - /etc/docker"
  check_1_7="$id_1_7  - $desc_1_7"
  starttestjson "$id_1_7" "$desc_1_7"
  totalChecks=$((totalChecks + 1))
  directory="/etc/docker"
  if [ -d "$directory" ]; then
    if command -v auditctl >/dev/null 2>&1; then
      if auditctl -l | grep $directory >/dev/null 2>&1; then
        pass "$check_1_7"
-        logjson "1.7" "PASS"
+        resulttestjson "PASS"
        currentScore=$((currentScore + 1))
      else
        warn "$check_1_7"
-        logjson "1.7" "WARN"
+        resulttestjson "WARN"
        currentScore=$((currentScore - 1))
      fi
    elif grep -s "$directory" "$auditrules" | grep "^[^#;]" 2>/dev/null 1>&2; then
      pass "$check_1_7"
-      logjson "1.7" "PASS"
+      resulttestjson "PASS"
      currentScore=$((currentScore + 1))
    else
      warn "$check_1_7"
-      logjson "1.7" "WARN"
+      resulttestjson "WARN"
      currentScore=$((currentScore - 1))
    fi
  else
    info "$check_1_7"
    info "     * Directory not found"
-    logjson "1.7" "INFO"
+    resulttestjson "INFO" "Directory not found"
    currentScore=$((currentScore + 0))
 fi
 }
 # 1.8
 check_1_8() {
-  check_1_8="1.8  - Ensure auditing is configured for Docker files and directories - docker.service"
+  id_1_8="1.8"
  desc_1_8="Ensure auditing is configured for Docker files and directories - docker.service"
  check_1_8="$id_1_8  - $desc_1_8"
  starttestjson "$id_1_8" "$desc_1_8"
  totalChecks=$((totalChecks + 1))
  file="$(get_systemd_service_file docker.service)"
  if [ -f "$file" ]; then
    if command -v auditctl >/dev/null 2>&1; then
      if auditctl -l | grep "$file" >/dev/null 2>&1; then
        pass "$check_1_8"
-        logjson "1.8" "PASS"
+        resulttestjson "PASS"
        currentScore=$((currentScore + 1))
      else
        warn "$check_1_8"
-        logjson "1.8" "WARN"
+        resulttestjson "WARN"
        currentScore=$((currentScore - 1))
      fi
    elif grep -s "$file" "$auditrules" | grep "^[^#;]" 2>/dev/null 1>&2; then
      pass "$check_1_8"
-      logjson "1.8" "PASS"
+      resulttestjson "PASS"
      currentScore=$((currentScore + 1))
    else
      warn "$check_1_8"
-      logjson "1.8" "WARN"
+      resulttestjson "WARN"
      currentScore=$((currentScore - 1))
    fi
  else
    info "$check_1_8"
    info "     * File not found"
-    logjson "1.8" "INFO"
+    resulttestjson "INFO" "File not found"
    currentScore=$((currentScore + 0))
  fi
 }
 # 1.9
 check_1_9() {
-  check_1_9="1.9  - Ensure auditing is configured for Docker files and directories - docker.socket"
+  id_1_9="1.9"
  desc_1_9="Ensure auditing is configured for Docker files and directories - docker.socket"
  check_1_9="$id_1_9  - $desc_1_9"
  starttestjson "$id_1_9" "$desc_1_9"
  totalChecks=$((totalChecks + 1))
  file="$(get_systemd_service_file docker.socket)"
  if [ -e "$file" ]; then
    if command -v auditctl >/dev/null 2>&1; then
      if auditctl -l | grep "$file" >/dev/null 2>&1; then
        pass "$check_1_9"
-        logjson "1.9" "PASS"
+        resulttestjson "PASS"
        currentScore=$((currentScore + 1))
      else
        warn "$check_1_9"
-        logjson "1.9" "WARN"
+        resulttestjson "WARN"
        currentScore=$((currentScore - 1))
      fi
    elif grep -s "$file" "$auditrules" | grep "^[^#;]" 2>/dev/null 1>&2; then
      pass "$check_1_9"
-      logjson "1.9" "PASS"
+      resulttestjson "PASS"
      currentScore=$((currentScore + 1))
    else
      warn "$check_1_9"
-      logjson "1.9" "WARN"
+      resulttestjson "WARN"
      currentScore=$((currentScore - 1))
    fi
  else
    info "$check_1_9"
    info "     * File not found"
-    logjson "1.9" "INFO"
+    resulttestjson "INFO" "File not found"
    currentScore=$((currentScore + 0))
  fi
 }
 # 1.10
 check_1_10() {
-  check_1_10="1.10 - Ensure auditing is configured for Docker files and directories - /etc/default/docker"
+  id_1_10="1.10"
  desc_1_10="Ensure auditing is configured for Docker files and directories - /etc/default/docker"
  check_1_10="$id_1_10  - $desc_1_10"
  starttestjson "$id_1_10" "$desc_1_10"
  totalChecks=$((totalChecks + 1))
  file="/etc/default/docker"
  if [ -f "$file" ]; then
    if command -v auditctl >/dev/null 2>&1; then
      if auditctl -l | grep $file >/dev/null 2>&1; then
        pass "$check_1_10"
-        logjson "1.10" "PASS"
+        resulttestjson "PASS"
        currentScore=$((currentScore + 1))
      else
        warn "$check_1_10"
-        logjson "1.10" "WARN"
+        resulttestjson "WARN"
        currentScore=$((currentScore - 1))
      fi
    elif grep -s "$file" "$auditrules" | grep "^[^#;]" 2>/dev/null 1>&2; then
      pass "$check_1_10"
-      logjson "1.10" "PASS"
+      resulttestjson "PASS"
      currentScore=$((currentScore + 1))
    else
      warn "$check_1_10"
-      logjson "1.10" "WARN"
+      resulttestjson "WARN"
      currentScore=$((currentScore - 1))
    fi
  else
    info "$check_1_10"
    info "     * File not found"
-    logjson "1.10" "INFO"
+    resulttestjson "INFO" "File not found"
    currentScore=$((currentScore + 0))
  fi
 }
 # 1.11
 check_1_11() {
-  check_1_11="1.11 - Ensure auditing is configured for Docker files and directories - /etc/docker/daemon.json"
+  id_1_11="1.11"
  desc_1_11="Ensure auditing is configured for Docker files and directories - /etc/docker/daemon.json"
  check_1_11="$id_1_11  - $desc_1_11"
  starttestjson "$id_1_11" "$desc_1_11"
  totalChecks=$((totalChecks + 1))
  file="/etc/docker/daemon.json"
  if [ -f "$file" ]; then
    if command -v auditctl >/dev/null 2>&1; then
      if auditctl -l | grep $file >/dev/null 2>&1; then
        pass "$check_1_11"
-        logjson "1.11" "PASS"
+        resulttestjson "PASS"
        currentScore=$((currentScore + 1))
      else
        warn "$check_1_11"
-        logjson "1.11" "WARN"
+        resulttestjson "WARN"
        currentScore=$((currentScore - 1))
      fi
    elif grep -s "$file" "$auditrules" | grep "^[^#;]" 2>/dev/null 1>&2; then
      pass "$check_1_11"
-      logjson "1.11" "PASS"
+      resulttestjson "PASS"
      currentScore=$((currentScore + 1))
    else
      warn "$check_1_11"
-      logjson "1.11" "WARN"
+      resulttestjson "WARN"
      currentScore=$((currentScore - 1))
    fi
  else
    info "$check_1_11"
    info "     * File not found"
-    logjson "1.11" "INFO"
+    resulttestjson "INFO" "File not found"
    currentScore=$((currentScore + 0))
  fi
 }
 # 1.12
 check_1_12() {
-  check_1_12="1.12 - Ensure auditing is configured for Docker files and directories - /usr/bin/docker-containerd"
+  id_1_12="1.12"
  desc_1_12="Ensure auditing is configured for Docker files and directories - /usr/bin/docker-containerd"
  check_1_12="$id_1_12  - $desc_1_12"
  starttestjson "$id_1_12" "$desc_1_12"
  totalChecks=$((totalChecks + 1))
  file="/usr/bin/docker-containerd"
  if [ -f "$file" ]; then
    if command -v auditctl >/dev/null 2>&1; then
      if auditctl -l | grep $file >/dev/null 2>&1; then
        pass "$check_1_12"
-        logjson "1.12" "PASS"
+        resulttestjson "PASS"
        currentScore=$((currentScore + 1))
      else
        warn "$check_1_12"
-        logjson "1.12" "WARN"
+        resulttestjson "WARN"
        currentScore=$((currentScore - 1))
      fi
    elif grep -s "$file" "$auditrules" | grep "^[^#;]" 2>/dev/null 1>&2; then
      pass "$check_1_12"
-      logjson "1.12" "PASS"
+      resulttestjson "PASS"
      currentScore=$((currentScore + 1))
    else
      warn "$check_1_12"
-      logjson "1.12" "WARN"
+      resulttestjson "WARN"
      currentScore=$((currentScore - 1))
    fi
  else
    info "$check_1_12"
    info "     * File not found"
-    logjson "1.12" "INFO"
+    resulttestjson "INFO" "File not found"
    currentScore=$((currentScore + 0))
  fi
 }
 # 1.13
 check_1_13() {
-  check_1_13="1.13 - Ensure auditing is configured for Docker files and directories - /usr/bin/docker-runc"
+  id_1_13="1.13"
  desc_1_13="Ensure auditing is configured for Docker files and directories - /usr/bin/docker-runc"
  check_1_13="$id_1_13  - $desc_1_13"
  starttestjson "$id_1_13" "$desc_1_13"
  totalChecks=$((totalChecks + 1))
  file="/usr/bin/docker-runc"
  if [ -f "$file" ]; then
    if command -v auditctl >/dev/null 2>&1; then
      if auditctl -l | grep $file >/dev/null 2>&1; then
        pass "$check_1_13"
-        logjson "1.13" "PASS"
+        resulttestjson "PASS"
        currentScore=$((currentScore + 1))
      else
        warn "$check_1_13"
-        logjson "1.13" "WARN"
+        resulttestjson "WARN"
        currentScore=$((currentScore - 1))
      fi
    elif grep -s "$file" "$auditrules" | grep "^[^#;]" 2>/dev/null 1>&2; then
      pass "$check_1_13"
-      logjson "1.13" "PASS"
+      resulttestjson "PASS"
      currentScore=$((currentScore + 1))
    else
      warn "$check_1_13"
-      logjson "1.13" "WARN"
+      resulttestjson "WARN"
      currentScore=$((currentScore - 1))
    fi
  else
    info "$check_1_13"
    info "     * File not found"
-    logjson "1.13" "INFO"
+    resulttestjson "INFO" "File not found"
    currentScore=$((currentScore + 0))
  fi
 }
 check_1_end() {
  endsectionjson
 }
--- a/tests/2_docker_daemon_configuration.sh
+++ b/tests/2_docker_daemon_configuration.sh
@ -2,262 +2,314 @@
 check_2() {
  logit "\n"
-  info "2 - Docker daemon configuration"
+  id_2="2"
  desc_2="Docker daemon configuration"
  check_2="id_2 - $desc_2"
  info "$check_2"
  startsectionjson "$id_2" "$desc_2"
 }
 # 2.1
 check_2_1() {
-  check_2_1="2.1  - Ensure network traffic is restricted between containers on the default bridge"
+  id_2_1="2.1"
  desc_2_1="Ensure network traffic is restricted between containers on the default bridge"
  check_2_1="$id_2_1  - $desc_2_1"
  starttestjson "$id_2_1" "$desc_2_1"
  totalChecks=$((totalChecks + 1))
  if get_docker_effective_command_line_args '--icc' | grep false >/dev/null 2>&1; then
    pass "$check_2_1"
-    logjson "2.1" "PASS"
+    resulttestjson "PASS"
    currentScore=$((currentScore + 1))
  elif get_docker_configuration_file_args 'icc' | grep "false" >/dev/null 2>&1; then
    pass "$check_2_1"
-    logjson "2.1" "PASS"
+    resulttestjson "PASS"
    currentScore=$((currentScore + 1))
  else
    warn "$check_2_1"
-    logjson "2.1" "WARN"
+    resulttestjson "WARN"
    currentScore=$((currentScore - 1))
  fi
 }
 # 2.2
 check_2_2() {
-  check_2_2="2.2  - Ensure the logging level is set to 'info'"
+  id_2_2="2.2"
  desc_2_2="Ensure the logging level is set to 'info'"
  check_2_2="$id_2_2  - $desc_2_2"
  starttestjson "$id_2_2" "$desc_2_2"
  totalChecks=$((totalChecks + 1))
  if get_docker_configuration_file_args 'log-level' >/dev/null 2>&1; then
    if get_docker_configuration_file_args 'log-level' | grep info >/dev/null 2>&1; then
      pass "$check_2_2"
-      logjson "2.2" "PASS"
+      resulttestjson "PASS"
      currentScore=$((currentScore + 1))
    elif [ -z "$(get_docker_configuration_file_args 'log-level')" ]; then
      pass "$check_2_2"
-      logjson "2.2" "PASS"
+      resulttestjson "PASS"
      currentScore=$((currentScore + 1))
    else
      warn "$check_2_2"
-      logjson "2.2" "WARN"
+      resulttestjson "WARN"
      currentScore=$((currentScore - 1))
    fi
  elif get_docker_effective_command_line_args '-l'; then
    if get_docker_effective_command_line_args '-l' | grep "info" >/dev/null 2>&1; then
      pass "$check_2_2"
-      logjson "2.2" "PASS"
+      resulttestjson "PASS"
      currentScore=$((currentScore + 1))
    else
      warn "$check_2_2"
-      logjson "2.2" "WARN"
+      resulttestjson "WARN"
      currentScore=$((currentScore - 1))
    fi
  else
    pass "$check_2_2"
-    logjson "2.2" "PASS"
+    resulttestjson "PASS"
    currentScore=$((currentScore + 1))
  fi
 }
 # 2.3
 check_2_3() {
-  check_2_3="2.3  - Ensure Docker is allowed to make changes to iptables"
+  id_2_3="2.3"
  desc_2_3="Ensure Docker is allowed to make changes to iptables"
  check_2_3="$id_2_3  - $desc_2_3"
  starttestjson "$id_2_3" "$desc_2_3"
  totalChecks=$((totalChecks + 1))
  if get_docker_effective_command_line_args '--iptables' | grep "false" >/dev/null 2>&1; then
    warn "$check_2_3"
-    logjson "2.3" "WARN"
+    resulttestjson "WARN"
    currentScore=$((currentScore - 1))
  elif get_docker_configuration_file_args 'iptables' | grep "false" >/dev/null 2>&1; then
    warn "$check_2_3"
-    logjson "2.3" "WARN"
+    resulttestjson "WARN"
    currentScore=$((currentScore - 1))
  else
    pass "$check_2_3"
-    logjson "2.3" "PASS"
+    resulttestjson "PASS"
    currentScore=$((currentScore + 1))
  fi
 }
 # 2.4
 check_2_4() {
-  check_2_4="2.4  - Ensure insecure registries are not used"
+  id_2_4="2.4"
  desc_2_4="Ensure insecure registries are not used"
  check_2_4="$id_2_4  - $desc_2_4"
  starttestjson "$id_2_4" "$desc_2_4"
  totalChecks=$((totalChecks + 1))
  if get_docker_effective_command_line_args '--insecure-registry' | grep "insecure-registry" >/dev/null 2>&1; then
    warn "$check_2_4"
-    logjson "2.4" "WARN"
+    resulttestjson "WARN"
    currentScore=$((currentScore - 1))
  elif ! [ -z "$(get_docker_configuration_file_args 'insecure-registries')" ]; then
    if get_docker_configuration_file_args 'insecure-registries' | grep '\[]' >/dev/null 2>&1; then
      pass "$check_2_4"
-      logjson "2.4" "PASS"
+      resulttestjson "PASS"
      currentScore=$((currentScore + 1))
    else
      warn "$check_2_4"
-      logjson "2.4" "WARN"
+      resulttestjson "WARN"
      currentScore=$((currentScore - 1))
    fi
  else
    pass "$check_2_4"
-    logjson "2.4" "PASS"
+    resulttestjson "PASS"
    currentScore=$((currentScore + 1))
  fi
 }
 # 2.5
 check_2_5() {
-  check_2_5="2.5  - Ensure aufs storage driver is not used"
+  id_2_5="2.5"
  desc_2_5="Ensure aufs storage driver is not used"
  check_2_5="$id_2_5  - $desc_2_5"
  starttestjson "$id_2_5" "$desc_2_5"
  totalChecks=$((totalChecks + 1))
  if docker info 2>/dev/null | grep -e "^Storage Driver:\s*aufs\s*$" >/dev/null 2>&1; then
    warn "$check_2_5"
-    logjson "2.5" "WARN"
+    resulttestjson "WARN"
    currentScore=$((currentScore - 1))
  else
    pass "$check_2_5"
-    logjson "2.5" "PASS"
+    resulttestjson "PASS"
    currentScore=$((currentScore + 1))
  fi
 }
 # 2.6
 check_2_6() {
-  check_2_6="2.6  - Ensure TLS authentication for Docker daemon is configured"
+  id_2_6="2.6"
  desc_2_6="Ensure TLS authentication for Docker daemon is configured"
  check_2_6="$id_2_6  - $desc_2_6"
  starttestjson "$id_2_6" "$desc_2_6"
  totalChecks=$((totalChecks + 1))
  if [ grep -i 'tcp://' "$CONFIG_FILE" 2>/dev/null 1>&2 ] || \
    [ $(get_docker_cumulative_command_line_args '-H' | grep -vE '(unix|fd)://') >/dev/null 2>&1 ]; then
    if [ $(get_docker_configuration_file_args '"tlsverify":' | grep 'true') ] || \
        [ $(get_docker_cumulative_command_line_args '--tlsverify' | grep 'tlsverify') >/dev/null 2>&1 ]; then
      pass "$check_2_6"
-      logjson "2.6" "PASS"
+      resulttestjson "PASS"
      currentScore=$((currentScore + 1))
    elif [ $(get_docker_configuration_file_args '"tls":' | grep 'true') ] || \
        [ $(get_docker_cumulative_command_line_args '--tls' | grep 'tls$') >/dev/null 2>&1 ]; then
      warn "$check_2_6"
      warn "     * Docker daemon currently listening on TCP with TLS, but no verification"
-      logjson "2.6" "WARN"
+      resulttestjson "WARN" "Docker daemon currently listening on TCP with TLS, but no verification"
      currentScore=$((currentScore - 1))
    else
      warn "$check_2_6"
      warn "     * Docker daemon currently listening on TCP without TLS"
-      logjson "2.6" "WARN"
+      resulttestjson "WARN" "Docker daemon currently listening on TCP without TLS"
      currentScore=$((currentScore - 1))
    fi
  else
    info "$check_2_6"
    info "     * Docker daemon not listening on TCP"
-    logjson "2.6" "INFO"
+    resulttestjson "INFO" "Docker daemon not listening on TCP"
    currentScore=$((currentScore + 0))
  fi
 }
 # 2.7
 check_2_7() {
-  check_2_7="2.7  - Ensure the default ulimit is configured appropriately"
+  id_2_7="2.7"
  desc_2_7="Ensure the default ulimit is configured appropriately"
  check_2_7="$id_2_7  - $desc_2_7"
  starttestjson "$id_2_7" "$desc_2_7"
  totalChecks=$((totalChecks + 1))
  if get_docker_configuration_file_args 'default-ulimit' | grep -v '{}' >/dev/null 2>&1; then
    pass "$check_2_7"
-    logjson "2.7" "PASS"
+    resulttestjson "PASS"
    currentScore=$((currentScore + 1))
  elif get_docker_effective_command_line_args '--default-ulimit' | grep "default-ulimit" >/dev/null 2>&1; then
    pass "$check_2_7"
-    logjson "2.7" "PASS"
+    resulttestjson "PASS"
    currentScore=$((currentScore + 1))
  else
    info "$check_2_7"
    info "     * Default ulimit doesn't appear to be set"
-    logjson "2.7" "INFO"
+    resulttestjson "INFO" "Default ulimit doesn't appear to be set"
    currentScore=$((currentScore + 0))
  fi
 }
 # 2.8
 check_2_8() {
-  check_2_8="2.8  - Enable user namespace support"
+  id_2_8="2.8"
  desc_2_8="Enable user namespace support"
  check_2_8="$id_2_8  - $desc_2_8"
  starttestjson "$id_2_8" "$desc_2_8"
  totalChecks=$((totalChecks + 1))
  if get_docker_configuration_file_args 'userns-remap' | grep -v '""'; then
    pass "$check_2_8"
-    logjson "2.8" "PASS"
+    resulttestjson "PASS"
    currentScore=$((currentScore + 1))
  elif get_docker_effective_command_line_args '--userns-remap' | grep "userns-remap" >/dev/null 2>&1; then
    pass "$check_2_8"
-    logjson "2.8" "PASS"
+    resulttestjson "PASS"
    currentScore=$((currentScore + 1))
  else
    warn "$check_2_8"
-    logjson "2.8" "WARN"
+    resulttestjson "WARN"
    currentScore=$((currentScore - 1))
  fi
 }
 # 2.9
 check_2_9() {
-  check_2_9="2.9  - Ensure the default cgroup usage has been confirmed"
+  id_2_9="2.9"
  desc_2_9="Ensure the default cgroup usage has been confirmed"
  check_2_9="$id_2_9  - $desc_2_9"
  starttestjson "$id_2_9" "$desc_2_9"
  totalChecks=$((totalChecks + 1))
  if get_docker_configuration_file_args 'cgroup-parent' | grep -v '""'; then
    warn "$check_2_9"
    info "     * Confirm cgroup usage"
-    logjson "2.9" "INFO"
+    resulttestjson "WARN" "Confirm cgroup usage"
    currentScore=$((currentScore + 0))
  elif get_docker_effective_command_line_args '--cgroup-parent' | grep "cgroup-parent" >/dev/null 2>&1; then
    warn "$check_2_9"
    info "     * Confirm cgroup usage"
-    logjson "2.9" "INFO"
+    resulttestjson "WARN" "Confirm cgroup usage"
    currentScore=$((currentScore + 0))
  else
    pass "$check_2_9"
-    logjson "2.9" "PASS"
+    resulttestjson "PASS"
    currentScore=$((currentScore + 1))
  fi
 }
 # 2.10
 check_2_10() {
-  check_2_10="2.10 - Ensure base device size is not changed until needed"
+  id_2_10="2.10"
  desc_2_10="Ensure base device size is not changed until needed"
  check_2_10="$id_2_10  - $desc_2_10"
  starttestjson "$id_2_10" "$desc_2_10"
  totalChecks=$((totalChecks + 1))
  if get_docker_configuration_file_args 'storage-opts' | grep "dm.basesize" >/dev/null 2>&1; then
    warn "$check_2_10"
-    logjson "2.10" "WARN"
+    resulttestjson "WARN"
    currentScore=$((currentScore - 1))
  elif get_docker_effective_command_line_args '--storage-opt' | grep "dm.basesize" >/dev/null 2>&1; then
    warn "$check_2_10"
-    logjson "2.10" "WARN"
+    resulttestjson "WARN"
    currentScore=$((currentScore - 1))
  else
    pass "$check_2_10"
-    logjson "2.10" "PASS"
+    resulttestjson "PASS"
    currentScore=$((currentScore + 1))
  fi
 }
 # 2.11
 check_2_11() {
-  check_2_11="2.11 - Ensure that authorization for Docker client commands is enabled"
+  id_2_11="2.11"
  desc_2_11="Ensure that authorization for Docker client commands is enabled"
  check_2_11="$id_2_11  - $desc_2_11"
  starttestjson "$id_2_11" "$desc_2_11"
  totalChecks=$((totalChecks + 1))
  if get_docker_configuration_file_args 'authorization-plugins' | grep -v '\[]'; then
    pass "$check_2_11"
-    logjson "2.11" "PASS"
+    resulttestjson "PASS"
    currentScore=$((currentScore + 1))
  elif get_docker_effective_command_line_args '--authorization-plugin' | grep "authorization-plugin" >/dev/null 2>&1; then
    pass "$check_2_11"
-    logjson "2.11" "PASS"
+    resulttestjson "PASS"
    currentScore=$((currentScore + 1))
  else
    warn "$check_2_11"
-    logjson "2.11" "WARN"
+    resulttestjson "WARN"
    currentScore=$((currentScore - 1))
  fi
 }
 # 2.12
 check_2_12() {
-  check_2_12="2.12 - Ensure centralized and remote logging is configured"
+  id_2_12="2.12"
  desc_2_12="Ensure centralized and remote logging is configured"
  check_2_12="$id_2_12  - $desc_2_12"
  starttestjson "$id_2_12" "$desc_2_12"
  totalChecks=$((totalChecks + 1))
  if docker info --format '{{ .LoggingDriver }}' | grep 'json-file' >/dev/null 2>&1; then
    warn "$check_2_12"
-    logjson "2.12" "WARN"
+    resulttestjson "WARN"
    currentScore=$((currentScore - 1))
  else
    pass "$check_2_12"
-    logjson "2.12" "PASS"
+    resulttestjson "PASS"
    currentScore=$((currentScore + 1))
  fi
 }
@ -267,48 +319,58 @@ check_2_13() {
  docker_version=$(docker version | grep -i -A2 '^server' | grep ' Version:' \
    | awk '{print $NF; exit}' | tr -d '[:alpha:]-,.')
  totalChecks=$((totalChecks + 1))
  id_2_13="2.13"
  desc_2_13="Ensure operations on legacy registry (v1) are Disabled"
  check_2_13="$id_2_13  - $desc_2_13"
  starttestjson "$id_2_13" "$desc_2_13"
  if [ "$docker_version" -lt 1712 ]; then
    check_2_13="2.13 - Ensure operations on legacy registry (v1) are Disabled"
    if get_docker_configuration_file_args 'disable-legacy-registry' | grep 'true' >/dev/null 2>&1; then
      pass "$check_2_13"
-      logjson "2.13" "PASS"
+      resulttestjson "PASS"
      currentScore=$((currentScore + 1))
    elif get_docker_effective_command_line_args '--disable-legacy-registry' | grep "disable-legacy-registry" >/dev/null 2>&1; then
      pass "$check_2_13"
-      logjson "2.13" "PASS"
+      resulttestjson "PASS"
      currentScore=$((currentScore + 1))
    else
      warn "$check_2_13"
-      logjson "2.13" "WARN"
+      resulttestjson "WARN"
      currentScore=$((currentScore - 1))
    fi
  else
-    check_2_13="2.13 - Ensure operations on legacy registry (v1) are Disabled (Deprecated)"
+    desc_2_13="$desc_2_13 (Deprecated)"
    check_2_13="$id_2_13  - $desc_2_13"
    info "$check_2_13"
-    logjson "2.13" "info"
+    resulttestjson "INFO"
  fi
 }
 # 2.14
 check_2_14() {
-  check_2_14="2.14 - Ensure live restore is Enabled"
+  id_2_14="2.14"
  desc_2_14="Ensure live restore is Enabled"
  check_2_14="$id_2_14  - $desc_2_14"
  starttestjson "$id_2_14" "$desc_2_14"
  totalChecks=$((totalChecks + 1))
  if docker info 2>/dev/null | grep -e "Live Restore Enabled:\s*true\s*" >/dev/null 2>&1; then
    pass "$check_2_14"
-    logjson "2.14" "PASS"
+    resulttestjson "PASS"
    currentScore=$((currentScore + 1))
  else
    if docker info 2>/dev/null | grep -e "Swarm:*\sactive\s*" >/dev/null 2>&1; then
      pass "$check_2_14 (Incompatible with swarm mode)"
-      logjson "2.14" "PASS"
+      resulttestjson "PASS"
      currentScore=$((currentScore + 1))
    elif get_docker_effective_command_line_args '--live-restore' | grep "live-restore" >/dev/null 2>&1; then
      pass "$check_2_14"
-      logjson "2.14" "PASS"
+      resulttestjson "PASS"
      currentScore=$((currentScore + 1))
    else
      warn "$check_2_14"
-      logjson "2.14" "WARN"
+      resulttestjson "WARN"
      currentScore=$((currentScore - 1))
    fi
  fi
@ -316,68 +378,88 @@ check_2_14() {
 # 2.15
 check_2_15() {
-  check_2_15="2.15 - Ensure Userland Proxy is Disabled"
+  id_2_15="2.15"
  desc_2_15="Ensure Userland Proxy is Disabled"
  check_2_15="$id_2_15  - $desc_2_15"
  starttestjson "$id_2_15" "$desc_2_15"
  totalChecks=$((totalChecks + 1))
  if get_docker_configuration_file_args 'userland-proxy' | grep false >/dev/null 2>&1; then
    pass "$check_2_15"
-    logjson "2.15" "PASS"
+    resulttestjson "PASS"
    currentScore=$((currentScore + 1))
  elif get_docker_effective_command_line_args '--userland-proxy=false' 2>/dev/null | grep "userland-proxy=false" >/dev/null 2>&1; then
    pass "$check_2_15"
-    logjson "2.15" "PASS"
+    resulttestjson "PASS"
    currentScore=$((currentScore + 1))
  else
    warn "$check_2_15"
-    logjson "2.15" "WARN"
+    resulttestjson "WARN"
    currentScore=$((currentScore - 1))
  fi
 }
 # 2.16
 check_2_16() {
-  check_2_16="2.16 - Ensure daemon-wide custom seccomp profile is applied, if needed"
+  id_2_16="2.16"
  desc_2_16="Ensure daemon-wide custom seccomp profile is applied, if needed"
  check_2_16="$id_2_16  - $desc_2_16"
  starttestjson "$id_2_16" "$desc_2_16"
  totalChecks=$((totalChecks + 1))
  if docker info --format '{{ .SecurityOptions }}' | grep 'name=seccomp,profile=default' 2>/dev/null 1>&2; then
    pass "$check_2_16"
-    logjson "2.16" "PASS"
+    resulttestjson "PASS"
    currentScore=$((currentScore + 1))
  else
    info "$check_2_16"
-    logjson "2.16" "INFO"
+    resulttestjson "INFO"
    currentScore=$((currentScore + 0))
  fi
 }
 # 2.17
 check_2_17() {
-  check_2_17="2.17 - Ensure experimental features are avoided in production"
+  id_2_17="2.17"
  desc_2_17="Ensure experimental features are avoided in production"
  check_2_17="$id_2_17  - $desc_2_17"
  starttestjson "$id_2_17" "$desc_2_17"
  totalChecks=$((totalChecks + 1))
  if docker version -f '{{.Server.Experimental}}' | grep false 2>/dev/null 1>&2; then
    pass "$check_2_17"
-    logjson "2.17" "PASS"
+    resulttestjson "PASS"
    currentScore=$((currentScore + 1))
  else
    warn "$check_2_17"
-    logjson "2.17" "WARN"
+    resulttestjson "WARN"
    currentScore=$((currentScore - 1))
  fi
 }
 # 2.18
 check_2_18() {
-  check_2_18="2.18 - Ensure containers are restricted from acquiring new privileges"
+  id_2_18="2.18"
  desc_2_18="Ensure containers are restricted from acquiring new privileges"
  check_2_18="$id_2_18  - $desc_2_18"
  starttestjson "$id_2_18" "$desc_2_18"
  totalChecks=$((totalChecks + 1))
  if get_docker_effective_command_line_args '--no-new-privileges' | grep "no-new-privileges" >/dev/null 2>&1; then
    pass "$check_2_18"
-    logjson "2.18" "PASS"
+    resulttestjson "PASS"
    currentScore=$((currentScore + 1))
  elif get_docker_configuration_file_args 'no-new-privileges' | grep true >/dev/null 2>&1; then
    pass "$check_2_18"
-    logjson "2.18" "PASS"
+    resulttestjson "PASS"
    currentScore=$((currentScore + 1))
  else
    warn "$check_2_18"
-    logjson "2.18" "WARN"
+    resulttestjson "WARN"
    currentScore=$((currentScore - 1))
  fi
 }
 check_2_end() {
  endsectionjson
 }
--- a/tests/3_docker_daemon_configuration_files.sh
+++ b/tests/3_docker_daemon_configuration_files.sh
@ -2,156 +2,188 @@
 check_3() {
  logit "\n"
-  info "3 - Docker daemon configuration files"
+  id_3="3"
  desc_3="Docker daemon configuration files"
  check_3="$id_3 - $desc_3"
  info "$check_3"
  startsectionjson "$id_3" "$desc_3"
 }
 # 3.1
 check_3_1() {
-  check_3_1="3.1  - Ensure that docker.service file ownership is set to root:root"
+  id_3_1="3.1"
  desc_3_1="Ensure that docker.service file ownership is set to root:root"
  check_3_1="$id_3_1  - $desc_3_1"
  starttestjson "$id_3_1" "$desc_3_1"
  totalChecks=$((totalChecks + 1))
  file="$(get_systemd_service_file docker.service)"
  if [ -f "$file" ]; then
    if [ "$(stat -c %u%g $file)" -eq 00 ]; then
      pass "$check_3_1"
-      logjson "3.1" "PASS"
+      resulttestjson "PASS"
      currentScore=$((currentScore + 1))
    else
      warn "$check_3_1"
      warn "     * Wrong ownership for $file"
-      logjson "3.1" "WARN"
+      resulttestjson "WARN" "Wrong ownership for $file"
      currentScore=$((currentScore - 1))
    fi
  else
    info "$check_3_1"
    info "     * File not found"
-    logjson "3.1" "INFO"
+    resulttestjson "INFO" "File not found"
    currentScore=$((currentScore + 0))
  fi
 }
 # 3.2
 check_3_2() {
-  check_3_2="3.2  - Ensure that docker.service file permissions are set to 644 or more restrictive"
+  id_3_2="3.2"
  desc_3_2="Ensure that docker.service file permissions are set to 644 or more restrictive"
  check_3_2="$id_3_2  - $desc_3_2"
  starttestjson "$id_3_2" "$desc_3_2"
  totalChecks=$((totalChecks + 1))
  file="$(get_systemd_service_file docker.service)"
  if [ -f "$file" ]; then
    if [ "$(stat -c %a $file)" -eq 644 -o "$(stat -c %a $file)" -eq 600 ]; then
      pass "$check_3_2"
-      logjson "3.2" "PASS"
+      resulttestjson "PASS"
      currentScore=$((currentScore + 1))
    else
      warn "$check_3_2"
      warn "     * Wrong permissions for $file"
-      logjson "3.2" "WARN"
+      resulttestjson "WARN" "Wrong permissions for $file"
      currentScore=$((currentScore - 1))
    fi
  else
    info "$check_3_2"
    info "     * File not found"
-    logjson "3.2" "INFO"
+    resulttestjson "INFO" "File not found"
    currentScore=$((currentScore + 0))
  fi
 }
 # 3.3
 check_3_3() {
-  check_3_3="3.3  - Ensure that docker.socket file ownership is set to root:root"
+  id_3_3="3.3"
  desc_3_3="Ensure that docker.socket file ownership is set to root:root"
  check_3_3="$id_3_3  - $desc_3_3"
  starttestjson "$id_3_3" "$desc_3_3"
  totalChecks=$((totalChecks + 1))
  file="$(get_systemd_service_file docker.socket)"
  if [ -f "$file" ]; then
    if [ "$(stat -c %u%g $file)" -eq 00 ]; then
      pass "$check_3_3"
-      logjson "3.3" "PASS"
+      resulttestjson "PASS"
      currentScore=$((currentScore + 1))
    else
      warn "$check_3_3"
      warn "     * Wrong ownership for $file"
-      logjson "3.3" "WARN"
+      resulttestjson "WARN" "Wrong ownership for $file"
      currentScore=$((currentScore - 1))
    fi
  else
    info "$check_3_3"
    info "     * File not found"
-    logjson "3.3" "INFO"
+    resulttestjson "INFO" "File not found"
    currentScore=$((currentScore + 0))
  fi
 }
 # 3.4
 check_3_4() {
-  check_3_4="3.4  - Ensure that docker.socket file permissions are set to 644 or more restrictive"
+  id_3_4="3.4"
  desc_3_4="Ensure that docker.socket file permissions are set to 644 or more restrictive"
  check_3_4="$id_3_4  - $desc_3_4"
  starttestjson "$id_3_4" "$desc_3_4"
  totalChecks=$((totalChecks + 1))
  file="$(get_systemd_service_file docker.socket)"
  if [ -f "$file" ]; then
    if [ "$(stat -c %a $file)" -eq 644 -o "$(stat -c %a $file)" -eq 600 ]; then
      pass "$check_3_4"
-      logjson "3.4" "PASS"
+      resulttestjson "PASS"
      currentScore=$((currentScore + 1))
    else
      warn "$check_3_4"
      warn "     * Wrong permissions for $file"
-      logjson "3.4" "WARN"
+      resulttestjson "WARN" "Wrong permissions for $file"
      currentScore=$((currentScore - 1))
    fi
  else
    info "$check_3_4"
    info "     * File not found"
-    logjson "3.4" "INFO"
+    resulttestjson "INFO" "File not found"
    currentScore=$((currentScore + 0))
  fi
 }
 # 3.5
 check_3_5() {
-  check_3_5="3.5  - Ensure that /etc/docker directory ownership is set to root:root"
+  id_3_5="3.5"
  desc_3_5="Ensure that /etc/docker directory ownership is set to root:root"
  check_3_5="$id_3_5  - $desc_3_5"
  starttestjson "$id_3_5" "$desc_3_5"
  totalChecks=$((totalChecks + 1))
  directory="/etc/docker"
  if [ -d "$directory" ]; then
    if [ "$(stat -c %u%g $directory)" -eq 00 ]; then
      pass "$check_3_5"
-      logjson "3.5" "PASS"
+      resulttestjson "PASS"
      currentScore=$((currentScore + 1))
    else
      warn "$check_3_5"
      warn "     * Wrong ownership for $directory"
-      logjson "3.5" "WARN"
+      resulttestjson "WARN" "Wrong ownership for $directory"
      currentScore=$((currentScore - 1))
    fi
  else
    info "$check_3_5"
    info "     * Directory not found"
-    logjson "3.5" "INFO"
+    resulttestjson "INFO" "Directory not found"
    currentScore=$((currentScore + 0))
  fi
 }
 # 3.6
 check_3_6() {
-  check_3_6="3.6  - Ensure that /etc/docker directory permissions are set to 755 or more restrictive"
+  id_3_6="3.6"
  desc_3_6="Ensure that /etc/docker directory permissions are set to 755 or more restrictive"
  check_3_6="$id_3_6  - $desc_3_6"
  starttestjson "$id_3_6" "$desc_3_6"
  totalChecks=$((totalChecks + 1))
  directory="/etc/docker"
  if [ -d "$directory" ]; then
    if [ "$(stat -c %a $directory)" -eq 755 -o "$(stat -c %a $directory)" -eq 700 ]; then
      pass "$check_3_6"
-      logjson "3.6" "PASS"
+      resulttestjson "PASS"
      currentScore=$((currentScore + 1))
    else
      warn "$check_3_6"
      warn "     * Wrong permissions for $directory"
-      logjson "3.6" "WARN"
+      resulttestjson "WARN" "Wrong permissions for $directory"
      currentScore=$((currentScore - 1))
    fi
  else
    info "$check_3_6"
    info "     * Directory not found"
-    logjson "3.6" "INFO"
+    resulttestjson "INFO" "Directory not found"
    currentScore=$((currentScore + 0))
  fi
 }
 # 3.7
 check_3_7() {
-  check_3_7="3.7  - Ensure that registry certificate file ownership is set to root:root"
+  id_3_7="3.7"
  desc_3_7="Ensure that registry certificate file ownership is set to root:root"
  check_3_7="$id_3_7  - $desc_3_7"
  starttestjson "$id_3_7" "$desc_3_7"
  totalChecks=$((totalChecks + 1))
  directory="/etc/docker/certs.d/"
  if [ -d "$directory" ]; then
@ -165,24 +197,28 @@ check_3_7() {
    if [ $fail -eq 1 ]; then
      warn "$check_3_7"
      warn "     * Wrong ownership for $directory"
-      logjson "3.7" "WARN"
+      resulttestjson "WARN" "Wrong ownership for $directory"
      currentScore=$((currentScore - 1))
    else
      pass "$check_3_7"
-      logjson "3.7" "PASS"
+      resulttestjson "PASS"
      currentScore=$((currentScore + 1))
    fi
  else
    info "$check_3_7"
    info "     * Directory not found"
-    logjson "3.7" "INFO"
+    resulttestjson "INFO" "Directory not found"
    currentScore=$((currentScore + 0))
  fi
 }
 # 3.8
 check_3_8() {
-  check_3_8="3.8  - Ensure that registry certificate file permissions are set to 444 or more restrictive"
+  id_3_8="3.8"
  desc_3_8="Ensure that registry certificate file permissions are set to 444 or more restrictive"
  check_3_8="$id_3_8  - $desc_3_8"
  starttestjson "$id_3_8" "$desc_3_8"
  totalChecks=$((totalChecks + 1))
  directory="/etc/docker/certs.d/"
  if [ -d "$directory" ]; then
@ -196,24 +232,28 @@ check_3_8() {
    if [ $fail -eq 1 ]; then
      warn "$check_3_8"
      warn "     * Wrong permissions for $directory"
-      logjson "3.8" "WARN"
+      resulttestjson "WARN" "Wrong permissions for $directory"
      currentScore=$((currentScore - 1))
    else
      pass "$check_3_8"
-      logjson "3.8" "PASS"
+      resulttestjson "PASS"
      currentScore=$((currentScore + 1))
    fi
  else
    info "$check_3_8"
    info "     * Directory not found"
-    logjson "3.8" "INFO"
+    resulttestjson "INFO" "Directory not found"
    currentScore=$((currentScore + 0))
  fi
 }
 # 3.9
 check_3_9() {
-  check_3_9="3.9  - Ensure that TLS CA certificate file ownership is set to root:root"
+  id_3_9="3.9"
  desc_3_9="Ensure that TLS CA certificate file ownership is set to root:root"
  check_3_9="$id_3_9  - $desc_3_9"
  starttestjson "$id_3_9" "$desc_3_9"
  totalChecks=$((totalChecks + 1))
  if ! [ -z $(get_docker_configuration_file_args 'tlscacert') ]; then
    tlscacert=$(get_docker_configuration_file_args 'tlscacert')
@ -223,25 +263,29 @@ check_3_9() {
  if [ -f "$tlscacert" ]; then
    if [ "$(stat -c %u%g "$tlscacert")" -eq 00 ]; then
      pass "$check_3_9"
-      logjson "3.9" "PASS"
+      resulttestjson "PASS"
      currentScore=$((currentScore + 1))
    else
      warn "$check_3_9"
      warn "     * Wrong ownership for $tlscacert"
-      logjson "3.9" "WARN"
+      resulttestjson "WARN" "Wrong ownership for $tlscacert"
      currentScore=$((currentScore - 1))
    fi
  else
    info "$check_3_9"
    info "     * No TLS CA certificate found"
-    logjson "3.9" "INFO"
+    resulttestjson "INFO" "No TLS CA certificate found"
    currentScore=$((currentScore + 0))
  fi
 }
 # 3.10
 check_3_10() {
-  check_3_10="3.10 - Ensure that TLS CA certificate file permissions are set to 444 or more restrictive"
+  id_3_10="3.10"
  desc_3_10="Ensure that TLS CA certificate file permissions are set to 444 or more restrictive"
  check_3_10="$id_3_10  - $desc_3_10"
  starttestjson "$id_3_10" "$desc_3_10"
  totalChecks=$((totalChecks + 1))
  if ! [ -z $(get_docker_configuration_file_args 'tlscacert') ]; then
    tlscacert=$(get_docker_configuration_file_args 'tlscacert')
@ -251,25 +295,29 @@ check_3_10() {
  if [ -f "$tlscacert" ]; then
    if [ "$(stat -c %a $tlscacert)" -eq 444 -o "$(stat -c %a $tlscacert)" -eq 400 ]; then
      pass "$check_3_10"
-      logjson "3.10" "PASS"
+      resulttestjson "PASS"
      currentScore=$((currentScore + 1))
    else
      warn "$check_3_10"
      warn "     * Wrong permissions for $tlscacert"
-      logjson "3.10" "WARN"
+      resulttestjson "WARN" "Wrong permissions for $tlscacert"
      currentScore=$((currentScore - 1))
    fi
  else
    info "$check_3_10"
    info "     * No TLS CA certificate found"
-    logjson "3.10" "INFO"
+    resulttestjson "INFO" "No TLS CA certificate found"
    currentScore=$((currentScore + 0))
  fi
 }
 # 3.11
 check_3_11() {
-  check_3_11="3.11 - Ensure that Docker server certificate file ownership is set to root:root"
+  id_3_11="3.11"
  desc_3_11="Ensure that Docker server certificate file ownership is set to root:root"
  check_3_11="$id_3_11  - $desc_3_11"
  starttestjson "$id_3_11" "$desc_3_11"
  totalChecks=$((totalChecks + 1))
  if ! [ -z $(get_docker_configuration_file_args 'tlscert') ]; then
    tlscert=$(get_docker_configuration_file_args 'tlscert')
@ -279,25 +327,29 @@ check_3_11() {
  if [ -f "$tlscert" ]; then
    if [ "$(stat -c %u%g "$tlscert")" -eq 00 ]; then
      pass "$check_3_11"
-      logjson "3.11" "PASS"
+      resulttestjson "PASS"
      currentScore=$((currentScore + 1))
    else
      warn "$check_3_11"
      warn "     * Wrong ownership for $tlscert"
-      logjson "3.11" "WARN"
+      resulttestjson "WARN" "Wrong ownership for $tlscert"
      currentScore=$((currentScore - 1))
    fi
  else
    info "$check_3_11"
    info "     * No TLS Server certificate found"
-    logjson "3.11" "INFO"
+    resulttestjson "INFO" "No TLS Server certificate found"
    currentScore=$((currentScore + 0))
  fi
 }
 # 3.12
 check_3_12() {
-  check_3_12="3.12 - Ensure that Docker server certificate file permissions are set to 444 or more restrictive"
+  id_3_12="3.12"
  desc_3_12="Ensure that Docker server certificate file permissions are set to 444 or more restrictive"
  check_3_12="$id_3_12  - $desc_3_12"
  starttestjson "$id_3_12" "$desc_3_12"
  totalChecks=$((totalChecks + 1))
  if ! [ -z $(get_docker_configuration_file_args 'tlscert') ]; then
    tlscert=$(get_docker_configuration_file_args 'tlscert')
@ -307,25 +359,29 @@ check_3_12() {
  if [ -f "$tlscert" ]; then
    if [ "$(stat -c %a $tlscert)" -eq 444 -o "$(stat -c %a $tlscert)" -eq 400 ]; then
      pass "$check_3_12"
-      logjson "3.12" "PASS"
+      resulttestjson "PASS"
      currentScore=$((currentScore + 1))
    else
      warn "$check_3_12"
      warn "     * Wrong permissions for $tlscert"
-      logjson "3.12" "WARN"
+      resulttestjson "WARN" "Wrong permissions for $tlscert"
      currentScore=$((currentScore - 1))
    fi
  else
    info "$check_3_12"
    info "     * No TLS Server certificate found"
-    logjson "3.12" "INFO"
+    resulttestjson "INFO" "No TLS Server certificate found"
    currentScore=$((currentScore + 0))
  fi
 }
 # 3.13
 check_3_13() {
-  check_3_13="3.13 - Ensure that Docker server certificate key file ownership is set to root:root"
+  id_3_13="3.13"
  desc_3_13="Ensure that Docker server certificate key file ownership is set to root:root"
  check_3_13="$id_3_13  - $desc_3_13"
  starttestjson "$id_3_13" "$desc_3_13"
  totalChecks=$((totalChecks + 1))
  if ! [ -z $(get_docker_configuration_file_args 'tlskey') ]; then
    tlskey=$(get_docker_configuration_file_args 'tlskey')
@ -335,25 +391,29 @@ check_3_13() {
  if [ -f "$tlskey" ]; then
    if [ "$(stat -c %u%g "$tlskey")" -eq 00 ]; then
      pass "$check_3_13"
-      logjson "3.13" "PASS"
+      resulttestjson "PASS"
      currentScore=$((currentScore + 1))
    else
      warn "$check_3_13"
      warn "     * Wrong ownership for $tlskey"
-      logjson "3.13" "WARN"
+      resulttestjson "WARN" "Wrong ownership for $tlskey"
      currentScore=$((currentScore - 1))
    fi
  else
    info "$check_3_13"
    info "     * No TLS Key found"
-    logjson "3.13" "INFO"
+    resulttestjson "INFO" "No TLS Key found"
    currentScore=$((currentScore + 0))
  fi
 }
 # 3.14
 check_3_14() {
-  check_3_14="3.14 - Ensure that Docker server certificate key file permissions are set to 400"
+  id_3_14="3.14"
  desc_3_14="Ensure that Docker server certificate key file permissions are set to 400"
  check_3_14="$id_3_14  - $desc_3_14"
  starttestjson "$id_3_14" "$desc_3_14"
  totalChecks=$((totalChecks + 1))
  if ! [ -z $(get_docker_configuration_file_args 'tlskey') ]; then
    tlskey=$(get_docker_configuration_file_args 'tlskey')
@ -363,162 +423,190 @@ check_3_14() {
  if [ -f "$tlskey" ]; then
    if [ "$(stat -c %a $tlskey)" -eq 400 ]; then
      pass "$check_3_14"
-      logjson "3.14" "PASS"
+      resulttestjson "PASS"
      currentScore=$((currentScore + 1))
    else
      warn "$check_3_14"
      warn "     * Wrong permissions for $tlskey"
-      logjson "3.14" "WARN"
+      resulttestjson "WARN" "Wrong permissions for $tlskey"
      currentScore=$((currentScore - 1))
    fi
  else
    info "$check_3_14"
    info "     * No TLS Key found"
-    logjson "3.14" "INFO"
+    resulttestjson "INFO" "No TLS Key found"
    currentScore=$((currentScore + 0))
  fi
 }
 # 3.15
 check_3_15() {
-  check_3_15="3.15 - Ensure that Docker socket file ownership is set to root:docker"
+  id_3_15="3.15"
  desc_3_15="Ensure that Docker socket file ownership is set to root:docker"
  check_3_15="$id_3_15  - $desc_3_15"
  starttestjson "$id_3_15" "$desc_3_15"
  totalChecks=$((totalChecks + 1))
  file="/var/run/docker.sock"
  if [ -S "$file" ]; then
    if [ "$(stat -c %U:%G $file)" = 'root:docker' ]; then
      pass "$check_3_15"
-      logjson "3.15" "PASS"
+      resulttestjson "PASS"
      currentScore=$((currentScore + 1))
    else
      warn "$check_3_15"
      warn "     * Wrong ownership for $file"
-      logjson "3.15" "WARN"
+      resulttestjson "WARN" "Wrong ownership for $file"
      currentScore=$((currentScore - 1))
    fi
  else
    info "$check_3_15"
    info "     * File not found"
-    logjson "3.15" "INFO"
+    resulttestjson "INFO" "File not found"
    currentScore=$((currentScore + 0))
  fi
 }
 # 3.16
 check_3_16() {
-  check_3_16="3.16 - Ensure that Docker socket file permissions are set to 660 or more restrictive"
+  id_3_16="3.16"
  desc_3_16="Ensure that Docker socket file permissions are set to 660 or more restrictive"
  check_3_16="$id_3_16  - $desc_3_16"
  starttestjson "$id_3_16" "$desc_3_16"
  totalChecks=$((totalChecks + 1))
  file="/var/run/docker.sock"
  if [ -S "$file" ]; then
    if [ "$(stat -c %a $file)" -eq 660 -o "$(stat -c %a $file)" -eq 600 ]; then
      pass "$check_3_16"
-      logjson "3.16" "PASS"
+      resulttestjson "PASS"
      currentScore=$((currentScore + 1))
    else
      warn "$check_3_16"
      warn "     * Wrong permissions for $file"
-      logjson "3.16" "WARN"
+      resulttestjson "WARN" "Wrong permissions for $file"
      currentScore=$((currentScore - 1))
    fi
  else
    info "$check_3_16"
    info "     * File not found"
-    logjson "3.16" "INFO"
+    resulttestjson "INFO" "File not found"
    currentScore=$((currentScore + 0))
  fi
 }
 # 3.17
 check_3_17() {
-  check_3_17="3.17 - Ensure that daemon.json file ownership is set to root:root"
+  id_3_17="3.17"
  desc_3_17="Ensure that daemon.json file ownership is set to root:root"
  check_3_17="$id_3_17  - $desc_3_17"
  starttestjson "$id_3_17" "$desc_3_17"
  totalChecks=$((totalChecks + 1))
  file="/etc/docker/daemon.json"
  if [ -f "$file" ]; then
    if [ "$(stat -c %U:%G $file)" = 'root:root' ]; then
      pass "$check_3_17"
-      logjson "3.17" "PASS"
+      resulttestjson "PASS"
      currentScore=$((currentScore + 1))
    else
      warn "$check_3_17"
      warn "     * Wrong ownership for $file"
-      logjson "3.17" "WARN"
+      resulttestjson "WARN" "Wrong ownership for $file"
      currentScore=$((currentScore - 1))
    fi
  else
    info "$check_3_17"
    info "     * File not found"
-    logjson "3.17" "INFO"
+    resulttestjson "INFO" "File not found"
    currentScore=$((currentScore + 0))
  fi
 }
 # 3.18
 check_3_18() {
-  check_3_18="3.18 - Ensure that daemon.json file permissions are set to 644 or more restrictive"
+  id_3_18="3.18"
  desc_3_18="Ensure that daemon.json file permissions are set to 644 or more restrictive"
  check_3_18="$id_3_18  - $desc_3_18"
  starttestjson "$id_3_18" "$desc_3_18"
  totalChecks=$((totalChecks + 1))
  file="/etc/docker/daemon.json"
  if [ -f "$file" ]; then
    if [ "$(stat -c %a $file)" -eq 644 -o "$(stat -c %a $file)" -eq 640 -o "$(stat -c %a $file)" -eq 600 ]; then
      pass "$check_3_18"
-      logjson "3.18" "PASS"
+      resulttestjson "PASS"
      currentScore=$((currentScore + 1))
    else
      warn "$check_3_18"
      warn "     * Wrong permissions for $file"
-      logjson "3.18" "WARN"
+      resulttestjson "WARN" "Wrong permissions for $file"
      currentScore=$((currentScore - 1))
    fi
  else
    info "$check_3_18"
    info "     * File not found"
-    logjson "3.18" "INFO"
+    resulttestjson "INFO" "File not found"
    currentScore=$((currentScore + 0))
  fi
 }
 # 3.19
 check_3_19() {
-  check_3_19="3.19 - Ensure that /etc/default/docker file ownership is set to root:root"
+  id_3_19="3.19"
  desc_3_19="Ensure that /etc/default/docker file ownership is set to root:root"
  check_3_19="$id_3_19  - $desc_3_19"
  starttestjson "$id_3_19" "$desc_3_19"
  totalChecks=$((totalChecks + 1))
  file="/etc/default/docker"
  if [ -f "$file" ]; then
    if [ "$(stat -c %U:%G $file)" = 'root:root' ]; then
      pass "$check_3_19"
-      logjson "3.19" "PASS"
+      resulttestjson "PASS"
      currentScore=$((currentScore + 1))
    else
      warn "$check_3_19"
      warn "     * Wrong ownership for $file"
-      logjson "3.19" "WARN"
+      resulttestjson "WARN" "Wrong ownership for $file"
      currentScore=$((currentScore - 1))
    fi
  else
    info "$check_3_19"
    info "     * File not found"
-    logjson "3.19" "INFO"
+    resulttestjson "INFO" "File not found"
    currentScore=$((currentScore + 0))
  fi
 }
 # 3.20
 check_3_20() {
-  check_3_20="3.20 - Ensure that /etc/default/docker file permissions are set to 644 or more restrictive"
+  id_3_20="3.20"
  desc_3_20="Ensure that /etc/default/docker file permissions are set to 644 or more restrictive"
  check_3_20="$id_3_20  - $desc_3_20"
  starttestjson "$id_3_20" "$desc_3_20"
  totalChecks=$((totalChecks + 1))
  file="/etc/default/docker"
  if [ -f "$file" ]; then
    if [ "$(stat -c %a $file)" -eq 644 -o "$(stat -c %a $file)" -eq 600 ]; then
      pass "$check_3_20"
-      logjson "3.20" "PASS"
+      resulttestjson "PASS"
      currentScore=$((currentScore + 1))
    else
      warn "$check_3_20"
      warn "     * Wrong permissions for $file"
-      logjson "3.20" "WARN"
+      resulttestjson "WARN" "Wrong permissions for $file"
      currentScore=$((currentScore - 1))
    fi
  else
    info "$check_3_20"
    info "     * File not found"
-    logjson "3.20" "INFO"
+    resulttestjson "INFO" "File not found"
    currentScore=$((currentScore + 0))
  fi
 }
 check_3_end() {
  endsectionjson
 }
--- a/tests/4_container_images.sh
+++ b/tests/4_container_images.sh
@ -4,19 +4,27 @@ images=$(docker images -q)
 check_4() {
  logit "\n"
-  info "4 - Container Images and Build File"
+  id_4="4"
  desc_4="Container Images and Build File"
  check_4="$id_4 - $desc_4"
  info "$check_4"
  startsectionjson "$id_4" "$desc_4"
 }
 # 4.1
 check_4_1() {
-  check_4_1="4.1  - Ensure a user for the container has been created"
+  id_4_1="4.1"
  desc_4_1="Ensure a user for the container has been created"
  check_4_1="$id_4_1  - $desc_4_1"
  starttestjson "$id_4_1" "$desc_4_1"
  totalChecks=$((totalChecks + 1))
  # If container_users is empty, there are no running containers
  if [ -z "$containers" ]; then
    info "$check_4_1"
    info "     * No containers running"
-    logjson "4.1" "INFO"
+    resulttestjson "INFO" "No containers running"
    currentScore=$((currentScore + 0))
  else
    # We have some containers running, set failure flag to 0. Check for Users.
@ -24,6 +32,7 @@ check_4_1() {
    # Make the loop separator be a new-line in POSIX compliant fashion
    set -f; IFS=$'
  '
    root_containers=""
    for c in $containers; do
      user=$(docker inspect --format 'User={{.Config.User}}' "$c")
@ -32,20 +41,21 @@ check_4_1() {
        if [ $fail -eq 0 ]; then
          warn "$check_4_1"
          warn "     * Running as root: $c"
-          logjson "4.1" "WARN: $c"
+	  root_containers="$root_containers $c"
          fail=1
        else
          warn "     * Running as root: $c"
-          logjson "4.1" "WARN: $c"
+	  root_containers="$root_containers $c"
        fi
      fi
    done
    # We went through all the containers and found none running as root
    if [ $fail -eq 0 ]; then
        pass "$check_4_1"
-        logjson "4.1" "PASS"
+        resulttestjson "PASS"
        currentScore=$((currentScore + 1))
    else
        resulttestjson "WARN" "running as root" "$root_containers"
        currentScore=$((currentScore - 1))
    fi
  fi
@ -55,152 +65,201 @@ check_4_1() {
 # 4.2
 check_4_2() {
-  check_4_2="4.2  - Ensure that containers use trusted base images"
+  id_4_2="4.2"
  desc_4_2="Ensure that containers use trusted base images"
  check_4_2="$id_4_2  - $desc_4_2"
  starttestjson "$id_4_2" "$desc_4_2"
  totalChecks=$((totalChecks + 1))
  note "$check_4_2"
-  logjson "4.2" "NOTE"
+  resulttestjson "NOTE"
  currentScore=$((currentScore + 0))
 }
 # 4.3
 check_4_3() {
-  check_4_3="4.3  - Ensure unnecessary packages are not installed in the container"
+  id_4_3="4.3"
  desc_4_3="Ensure unnecessary packages are not installed in the container"
  check_4_3="$id_4_3  - $desc_4_3"
  starttestjson "$id_4_3" "$desc_4_3"
  totalChecks=$((totalChecks + 1))
  note "$check_4_3"
-  logjson "4.3" "NOTE"
+  resulttestjson "NOTE"
  currentScore=$((currentScore + 0))
 }
 # 4.4
 check_4_4() {
-  check_4_4="4.4  - Ensure images are scanned and rebuilt to include security patches"
+  id_4_4="4.4"
  desc_4_4="Ensure images are scanned and rebuilt to include security patches"
  check_4_4="$id_4_4  - $desc_4_4"
  starttestjson "$id_4_4" "$desc_4_4"
  totalChecks=$((totalChecks + 1))
  note "$check_4_4"
-  logjson "4.4" "NOTE"
+  resulttestjson "NOTE"
  currentScore=$((currentScore + 0))
 }
 # 4.5
 check_4_5() {
-  check_4_5="4.5  - Ensure Content trust for Docker is Enabled"
+  id_4_5="4.5"
  desc_4_5="Ensure Content trust for Docker is Enabled"
  check_4_5="$id_4_5  - $desc_4_5"
  starttestjson "$id_4_5" "$desc_4_5"
  totalChecks=$((totalChecks + 1))
  if [ "x$DOCKER_CONTENT_TRUST" = "x1" ]; then
    pass "$check_4_5"
-    logjson "4.5" "PASS"
+    resulttestjson "PASS"
    currentScore=$((currentScore + 1))
  else
    warn "$check_4_5"
-    logjson "4.5" "WARN"
+    resulttestjson "WARN"
    currentScore=$((currentScore - 1))
  fi
 }
 # 4.6
 check_4_6() {
-  check_4_6="4.6  - Ensure HEALTHCHECK instructions have been added to the container image"
+  id_4_6="4.6"
  desc_4_6="Ensure HEALTHCHECK instructions have been added to the container image"
  check_4_6="$id_4_6  - $desc_4_6"
  starttestjson "$id_4_6" "$desc_4_6"
  totalChecks=$((totalChecks + 1))
  fail=0
  no_health_images=""
  for img in $images; do
    if docker inspect --format='{{.Config.Healthcheck}}' "$img" 2>/dev/null | grep -e "<nil>" >/dev/null 2>&1; then
      if [ $fail -eq 0 ]; then
        fail=1
        warn "$check_4_6"
        logjson "4.6" "WARN"
      fi
      imgName=$(docker inspect --format='{{.RepoTags}}' "$img" 2>/dev/null)
      if ! [ "$imgName" = '[]' ]; then
        warn "     * No Healthcheck found: $imgName"
-        logjson "4.6" "WARN: $imgName"
+	no_health_images="$no_health_images $imgName"
      fi
    fi
  done
  if [ $fail -eq 0 ]; then
    pass "$check_4_6"
-    logjson "4.6" "PASS"
+    resulttestjson "PASS"
    currentScore=$((currentScore + 1))
  else
    resulttestjson "WARN" "Images w/o HEALTHCHECK" "$no_health_images"
    currentScore=$((currentScore - 1))
  fi
 }
 # 4.7
 check_4_7() {
-  check_4_7="4.7  - Ensure update instructions are not use alone in the Dockerfile"
+  id_4_7="4.7"
  desc_4_7="Ensure update instructions are not use alone in the Dockerfile"
  check_4_7="$id_4_7  - $desc_4_7"
  starttestjson "$id_4_7" "$desc_4_7"
  totalChecks=$((totalChecks + 1))
  fail=0
  update_images=""
  for img in $images; do
    if docker history "$img" 2>/dev/null | grep -e "update" >/dev/null 2>&1; then
      if [ $fail -eq 0 ]; then
        fail=1
        info "$check_4_7"
        logjson "4.7" "INFO"
      fi
      imgName=$(docker inspect --format='{{.RepoTags}}' "$img" 2>/dev/null)
      if ! [ "$imgName" = '[]' ]; then
        info "     * Update instruction found: $imgName"
 	update_images="$update_images $imgName"
      fi
    fi
  done
  if [ $fail -eq 0 ]; then
    pass "$check_4_7"
-    logjson "4.7" "PASS"
+    resulttestjson "PASS"
    currentScore=$((currentScore + 0))
  else
    resulttestjson "INFO" "Update instructions found" "$update_images"
    currentScore=$((currentScore + 0))
  fi
 }
 # 4.8
 check_4_8() {
-  check_4_8="4.8  - Ensure setuid and setgid permissions are removed in the images"
+  id_4_8="4.8"
  desc_4_8="Ensure setuid and setgid permissions are removed in the images"
  check_4_8="$id_4_8  - $desc_4_8"
  starttestjson "$id_4_8" "$desc_4_8"
  totalChecks=$((totalChecks + 1))
  note "$check_4_8"
-  logjson "4.8" "NOTE"
+  resulttestjson "NOTE"
  currentScore=$((currentScore + 0))
 }
 # 4.9
 check_4_9() {
-  check_4_9="4.9  - Ensure COPY is used instead of ADD in Dockerfile"
+  id_4_9="4.9"
  desc_4_9="Ensure COPY is used instead of ADD in Dockerfile"
  check_4_9="$id_4_9  - $desc_4_9"
  starttestjson "$id_4_9" "$desc_4_9"
  totalChecks=$((totalChecks + 1))
  fail=0
  add_images=""
  for img in $images; do
    docker history "$img" 2> /dev/null | grep 'ADD' >/dev/null 2>&1
    if [ $? -eq 0 ]; then
      if [ $fail -eq 0 ]; then
        fail=1
        info "$check_4_9"
        logjson "4.9" "INFO"
      fi
      imgName=$(docker inspect --format='{{.RepoTags}}' "$img" 2>/dev/null)
      if ! [ "$imgName" = '[]' ]; then
        info "     * ADD in image history: $imgName"
-        logjson "4.9" "INFO: $imgName"
+        add_images="$add_images $imgName"
      fi
      currentScore=$((currentScore + 0))
    fi
  done
  if [ $fail -eq 0 ]; then
    pass "$check_4_9"
-    logjson "4.9" "PASS"
+    resulttestjson "PASS"
    currentScore=$((currentScore + 1))
  else
    resulttestjson "WARN" "Images using ADD" "$add_images"
  fi
 }
 # 4.10
 check_4_10() {
-  check_4_10="4.10 - Ensure secrets are not stored in Dockerfiles"
+  id_4_10="4.10"
  desc_4_10="Ensure secrets are not stored in Dockerfiles"
  check_4_10="$id_4_10  - $desc_4_10"
  starttestjson "$id_4_10" "$desc_4_10"
  totalChecks=$((totalChecks + 1))
  note "$check_4_10"
-  logjson "4.10" "NOTE"
+  resulttestjson "NOTE"
  currentScore=$((currentScore + 0))
 }
 # 4.11
 check_4_11() {
-  check_4_11="4.11 - Ensure verified packages are only Installed"
+  id_4_11="4.11"
  desc_4_11="Ensure verified packages are only Installed"
  check_4_11="$id_4_11  - $desc_4_11"
  starttestjson "$id_4_11" "$desc_4_11"
  totalChecks=$((totalChecks + 1))
  note "$check_4_11"
-  logjson "4.11" "NOTE"
+  resulttestjson "NOTE"
  currentScore=$((currentScore + 0))
 }
 check_4_end() {
  endsectionjson
 }
--- a/tests/5_container_runtime.sh
+++ b/tests/5_container_runtime.sh
--- a/tests/6_docker_security_operations.sh
+++ b/tests/6_docker_security_operations.sh
@ -2,12 +2,20 @@
 check_6() {
  logit "\n"
-  info "6 - Docker Security Operations"
+  id_6="6"
  desc_6="Docker Security Operations"
  check_6="$id_6 - $desc_6"
  info "$check_6"
  startsectionjson "$id_6" "$desc_6"
 }
 # 6.1
 check_6_1() {
-  check_6_1="6.1  - Avoid image sprawl"
+  id_6_1="6.1"
  desc_6_1="Avoid image sprawl"
  check_6_1="$id_6_1  - $desc_6_1"
  starttestjson "$id_6_1" "$desc_6_1"
  totalChecks=$((totalChecks + 1))
  images=$(docker images -q | sort -u | wc -l | awk '{print $1}')
  active_images=0
@ -23,26 +31,34 @@ check_6_1() {
  if [ "$active_images" -lt "$((images / 2))" ]; then
    info "     * Only $active_images out of $images are in use"
    logjson "6.1" "INFO: $active_images"
  fi
  resulttestjson "INFO" "$active_images active/$images in use"
  currentScore=$((currentScore + 0))
 }
 # 6.2
 check_6_2() {
-  check_6_2="6.2  - Avoid container sprawl"
+  id_6_2="6.2"
  desc_6_2="Avoid container sprawl"
  check_6_2="$id_6_2  - $desc_6_2"
  starttestjson "$id_6_2" "$desc_6_2"
  totalChecks=$((totalChecks + 1))
-  total_containers=$(docker info 2>/dev/null | grep "^Containers" | awk '{print $2}')
+  total_containers=$(docker info 2>/dev/null | grep "Containers" | awk '{print $2}')
  running_containers=$(docker ps -q | wc -l | awk '{print $1}')
  diff="$((total_containers - running_containers))"
  if [ "$diff" -gt 25 ]; then
    info "$check_6_2"
    info "     * There are currently a total of $total_containers containers, with only $running_containers of them currently running"
-    logjson "6.2" "INFO: $running_containers"
+    resulttestjson "INFO" "$total_containers total/$running_containers running"
  else
    info "$check_6_2"
    info "     * There are currently a total of $total_containers containers, with $running_containers of them currently running"
-    logjson "6.2" "INFO: $running_containers"
+    resulttestjson "INFO" "$total_containers total/$running_containers running"
  fi
  currentScore=$((currentScore + 0))
 }
 check_6_end() {
  endsectionjson
 }
--- a/tests/7_docker_swarm_configuration.sh
+++ b/tests/7_docker_swarm_configuration.sh
@ -2,71 +2,91 @@
 check_7() {
  logit "\n"
-  info "7 - Docker Swarm Configuration"
+  id_7="7"
  desc_7="Docker Swarm Configuration"
  check_7="$id_7 - $desc_7"
  info "$check_7"
  startsectionjson "$id_7" "$desc_7"
 }
 # 7.1
 check_7_1() {
-  check_7_1="7.1  - Ensure swarm mode is not Enabled, if not needed"
+  id_7_1="7.1"
  desc_7_1="Ensure swarm mode is not Enabled, if not needed"
  check_7_1="$id_7_1  - $desc_7_1"
  starttestjson "$id_7_1" "$desc_7_1"
  totalChecks=$((totalChecks + 1))
  if docker info 2>/dev/null | grep -e "Swarm:*\sinactive\s*" >/dev/null 2>&1; then
    pass "$check_7_1"
-    logjson "7.1" "PASS"
+    resulttestjson "PASS"
    currentScore=$((currentScore + 1))
  else
    warn "$check_7_1"
-    logjson "7.1" "WARN"
+    resulttestjson "WARN"
    currentScore=$((currentScore - 1))
  fi
 }
 # 7.2
 check_7_2() {
-  check_7_2="7.2  - Ensure the minimum number of manager nodes have been created in a swarm"
+  id_7_2="7.2"
  desc_7_2="Ensure the minimum number of manager nodes have been created in a swarm"
  check_7_2="$id_7_2  - $desc_7_2"
  starttestjson "$id_7_2" "$desc_7_2"
  totalChecks=$((totalChecks + 1))
  if docker info 2>/dev/null | grep -e "Swarm:*\sactive\s*" >/dev/null 2>&1; then
    managernodes=$(docker node ls | grep -c "Leader")
    if [ "$managernodes" -le 1 ]; then
      pass "$check_7_2"
-      logjson "7.2" "PASS"
+      resulttestjson "PASS"
      currentScore=$((currentScore + 1))
    else
      warn "$check_7_2"
-      logjson "7.2" "WARN"
+      resulttestjson "WARN"
      currentScore=$((currentScore - 1))
    fi
  else
    pass "$check_7_2 (Swarm mode not enabled)"
-    logjson "7.2" "PASS"
+    resulttestjson "PASS"
    currentScore=$((currentScore + 1))
  fi
 }
 # 7.3
 check_7_3() {
-  check_7_3="7.3  - Ensure swarm services are binded to a specific host interface"
+  id_7_3="7.3"
  desc_7_3="Ensure swarm services are binded to a specific host interface"
  check_7_3="$id_7_3  - $desc_7_3"
  starttestjson "$id_7_3" "$desc_7_3"
  totalChecks=$((totalChecks + 1))
  if docker info 2>/dev/null | grep -e "Swarm:*\sactive\s*" >/dev/null 2>&1; then
    ss -lnt | grep -e '\[::]:2377 ' -e ':::2377' -e '*:2377 ' -e ' 0\.0\.0\.0:2377 ' >/dev/null 2>&1
    if [ $? -eq 1 ]; then
      pass "$check_7_3"
-      logjson "7.3" "PASS"
+      resulttestjson "PASS"
      currentScore=$((currentScore + 1))
    else
      warn "$check_7_3"
-      logjson "7.3" "WARN"
+      resulttestjson "WARN"
      currentScore=$((currentScore - 1))
    fi
  else
    pass "$check_7_3 (Swarm mode not enabled)"
-    logjson "7.3" "PASS"
+    resulttestjson "PASS"
    currentScore=$((currentScore + 1))
  fi
 }
 # 7.4
 check_7_4(){
-  check_7_4="7.4  - Ensure data exchanged between containers are encrypted on different nodes on the overlay network"
+  id_7_4="7.4"
  desc_7_4="Ensure data exchanged between containers are encrypted on different nodes on the overlay network"
  check_7_4="$id_7_4  - $desc_7_4"
  starttestjson "$id_7_4" "$desc_7_4"
  totalChecks=$((totalChecks + 1))
  if docker network ls --filter driver=overlay --quiet | \
    xargs docker network inspect --format '{{.Name}} {{ .Options }}' 2>/dev/null | \
@ -77,120 +97,148 @@ check_7_4(){
      if docker network inspect --format '{{.Name}} {{ .Options }}' "$encnet" | \
        grep -v 'encrypted:' 2>/dev/null 1>&2; then
        warn "     * Unencrypted overlay network: $(docker network inspect --format '{{ .Name }} ({{ .Scope }})' "$encnet")"
-        logjson "7.4" "WARN: $(docker network inspect --format '{{ .Name }} ({{ .Scope }})' "$encnet")"
+        resulttestjson "WARN" "Unencrypted overlay network: $(docker network inspect --format '{{ .Name }} ({{ .Scope }})' "$encnet")"
      fi
    done
  else
    pass "$check_7_4"
-    logjson "7.4" "PASS"
+    resulttestjson "PASS"
    currentScore=$((currentScore + 1))
  fi
 }
 # 7.5
 check_7_5() {
-  check_7_5="7.5  - Ensure Docker's secret management commands are used for managing secrets in a Swarm cluster"
+  id_7_5="7.5"
  desc_7_5="Ensure Docker's secret management commands are used for managing secrets in a Swarm cluster"
  check_7_5="$id_7_5  - $desc_7_5"
  starttestjson "$id_7_5" "$desc_7_5"
  totalChecks=$((totalChecks + 1))
  if docker info 2>/dev/null | grep -e "Swarm:\s*active\s*" >/dev/null 2>&1; then
    if [ "$(docker secret ls -q | wc -l)" -ge 1 ]; then
      pass "$check_7_5"
-      logjson "7.5" "PASS"
+      resulttestjson "PASS"
      currentScore=$((currentScore + 1))
    else
      info "$check_7_5"
-      logjson "7.5" "INFO"
+      resulttestjson "INFO"
      currentScore=$((currentScore + 0))
    fi
  else
    pass "$check_7_5 (Swarm mode not enabled)"
-    logjson "7.5" "PASS"
+    resulttestjson "PASS"
    currentScore=$((currentScore + 1))
  fi
 }
 # 7.6
 check_7_6() {
-  check_7_6="7.6  - Ensure swarm manager is run in auto-lock mode"
+  id_7_6="7.6"
  desc_7_6="Ensure swarm manager is run in auto-lock mode"
  check_7_6="$id_7_6  - $desc_7_6"
  starttestjson "$id_7_6" "$desc_7_6"
  totalChecks=$((totalChecks + 1))
  if docker info 2>/dev/null | grep -e "Swarm:\s*active\s*" >/dev/null 2>&1; then
    if ! docker swarm unlock-key 2>/dev/null | grep 'SWMKEY' 2>/dev/null 1>&2; then
      warn "$check_7_6"
-      logjson "7.6" "WARN"
+      resulttestjson "WARN"
      currentScore=$((currentScore - 1))
    else
      pass "$check_7_6"
-      logjson "7.6" "PASS"
+      resulttestjson "PASS"
      currentScore=$((currentScore + 1))
    fi
  else
    pass "$check_7_6 (Swarm mode not enabled)"
-    logjson "7.6" "PASS"
+    resulttestjson "PASS"
    currentScore=$((currentScore + 1))
  fi
 }
 # 7.7
 check_7_7() {
-  check_7_7="7.7  - Ensure swarm manager auto-lock key is rotated periodically"
+  id_7_7="7.7"
  desc_7_7="Ensure swarm manager auto-lock key is rotated periodically"
  check_7_7="$id_7_7  - $desc_7_7"
  starttestjson "$id_7_7" "$desc_7_7"
  totalChecks=$((totalChecks + 1))
  if docker info 2>/dev/null | grep -e "Swarm:\s*active\s*" >/dev/null 2>&1; then
    note "$check_7_7"
-    logjson "7.7" "NOTE"
+    resulttestjson "NOTE"
    currentScore=$((currentScore + 0))
  else
    pass "$check_7_7 (Swarm mode not enabled)"
-    logjson "7.7" "PASS"
+    resulttestjson "PASS"
    currentScore=$((currentScore + 1))
  fi
 }
 # 7.8
 check_7_8() {
-  check_7_8="7.8  - Ensure node certificates are rotated as appropriate"
+  id_7_8="7.8"
  desc_7_8="Ensure node certificates are rotated as appropriate"
  check_7_8="$id_7_8  - $desc_7_8"
  starttestjson "$id_7_8" "$desc_7_8"
  totalChecks=$((totalChecks + 1))
  if docker info 2>/dev/null | grep -e "Swarm:\s*active\s*" >/dev/null 2>&1; then
    if docker info 2>/dev/null | grep "Expiry Duration: 2 days"; then
      pass "$check_7_8"
-      logjson "7.8" "PASS"
+      resulttestjson "PASS"
      currentScore=$((currentScore + 1))
    else
      info "$check_7_8"
-      logjson "7.8" "INFO"
+      resulttestjson "INFO"
      currentScore=$((currentScore + 0))
    fi
  else
    pass "$check_7_8 (Swarm mode not enabled)"
-    logjson "7.8" "PASS"
+    resulttestjson "PASS"
    currentScore=$((currentScore + 1))
  fi
 }
 # 7.9
 check_7_9() {
-  check_7_9="7.9  - Ensure CA certificates are rotated as appropriate"
+  id_7_9="7.9"
  desc_7_9="Ensure CA certificates are rotated as appropriate"
  check_7_9="$id_7_9  - $desc_7_9"
  starttestjson "$id_7_9" "$desc_7_9"
  totalChecks=$((totalChecks + 1))
  if docker info 2>/dev/null | grep -e "Swarm:\s*active\s*" >/dev/null 2>&1; then
    info "$check_7_9"
-    logjson "7.9" "INFO"
+    resulttestjson "INFO"
    currentScore=$((currentScore + 0))
  else
    pass "$check_7_9 (Swarm mode not enabled)"
-    logjson "7.9" "PASS"
+    resulttestjson "PASS"
    currentScore=$((currentScore + 1))
  fi
 }
 # 7.10
 check_7_10() {
-  check_7_10="7.10 - Ensure management plane traffic has been separated from data plane traffic"
+  id_7_10="7.10"
  desc_7_10="Ensure management plane traffic has been separated from data plane traffic"
  check_7_10="$id_7_10  - $desc_7_10"
  starttestjson "$id_7_10" "$desc_7_10"
  totalChecks=$((totalChecks + 1))
  if docker info 2>/dev/null | grep -e "Swarm:\s*active\s*" >/dev/null 2>&1; then
    info "$check_7_10"
-    logjson "7.10" "INFO"
+    resulttestjson "INFO"
    currentScore=$((currentScore + 0))
  else
    pass "$check_7_10 (Swarm mode not enabled)"
-    logjson "7.10" "PASS"
+    resulttestjson "PASS"
    currentScore=$((currentScore + 1))
  fi
 }
 check_7_end() {
  endsectionjson
 }
--- a/tests/99_community_checks.sh
+++ b/tests/99_community_checks.sh
@ -1,7 +1,11 @@
 #!/bin/sh
 check_c() {
  logit "\n"
-  info "99 - Community contributed checks"
+  id_99="99"
  desc_99="Community contributed checks"
  check_99="$id_99 - $desc_99"
  info "$check_99"
  startsectionjson "$id_99" "$desc_99"
 }
 # check_c_1
@ -10,9 +14,13 @@ check_c_1() {
  totalChecks=$((totalChecks + 1))
  if docker info --format='{{ .Architecture }}' | grep 'x86_64' 2>/dev/null 1>&2; then
    pass "$check_c_1"
-    logjson "c.1" "PASS"
+    resulttestjson "PASS"
  else
    warn "$check_c_1"
-    logjson "c.1" "WARN"
+    resulttestjson "WARN"
  fi
 }
 check_c_end() {
  endsectionjson
 }