mirror of
https://github.com/docker/docker-bench-security.git
synced 2025-07-26 12:37:51 +00:00
Rename to docker-bench-security
This commit is contained in:
parent
4194b1e65c
commit
a4cd4aa511
3 changed files with 13 additions and 13 deletions
91
docker-bench-security.sh
Normal file
91
docker-bench-security.sh
Normal file
|
@ -0,0 +1,91 @@
|
|||
#!/bin/sh
|
||||
# ------------------------------------------------------------------------------
|
||||
# CIS Docker 1.6 Benchmark v1.0.0 checker
|
||||
#
|
||||
# Docker, Inc. (c) 2015
|
||||
#
|
||||
# Provides automated tests for the CIS Docker 1.6 Benchmark:
|
||||
# https://benchmarks.cisecurity.org/tools2/docker/CIS_Docker_1.6_Benchmark_v1.0.0.pdf
|
||||
#
|
||||
# ------------------------------------------------------------------------------
|
||||
|
||||
# Load dependencies
|
||||
. ./output_lib.sh
|
||||
. ./helper_lib.sh
|
||||
|
||||
# Setup the paths
|
||||
this_path=$(abspath $0) ## Path of this file including filenamel
|
||||
dir_name=`dirname ${this_path}` ## Dir where this file is
|
||||
myname=`basename ${this_path}` ## file name of this script.
|
||||
logger="${myname}.log"
|
||||
|
||||
|
||||
# Check for required program(s)
|
||||
req_progs='docker netstat grep awk'
|
||||
for p in $req_progs; do
|
||||
command -v $p >/dev/null 2>&1 || { printf "$p command not found.\n"; exit 1; }
|
||||
done
|
||||
|
||||
# Ensure we can connect to docker daemon
|
||||
`docker ps -q >/dev/null 2>&1`
|
||||
if [ $? -ne 0 ]; then
|
||||
printf "Error connecting to docker daemon (does docker ps work?)\n"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
usage () {
|
||||
printf "
|
||||
usage: $myname [options]
|
||||
|
||||
-h optional Print this help message\n"
|
||||
exit 1
|
||||
}
|
||||
|
||||
yell "# ------------------------------------------------------------------------------
|
||||
# CIS Docker 1.6 Benchmark v1.0.0 checker
|
||||
#
|
||||
# Docker, Inc. (c) 2015
|
||||
#
|
||||
# Provides automated tests for the CIS Docker 1.6 Benchmark:
|
||||
# https://benchmarks.cisecurity.org/tools2/docker/CIS_Docker_1.6_Benchmark_v1.0.0.pdf
|
||||
# ------------------------------------------------------------------------------"
|
||||
|
||||
logit "Initializing `date`\n"
|
||||
|
||||
# Warn if not root
|
||||
ID=`id -u`
|
||||
if [ "x$ID" != "x0" ]; then
|
||||
warn "Some tests might require root to run"
|
||||
sleep 3
|
||||
fi
|
||||
|
||||
# Get the flags
|
||||
while getopts :hlfi: args
|
||||
do
|
||||
case $args in
|
||||
h) usage ;;
|
||||
l) logger="$OPTARG" ;;
|
||||
*) usage ;;
|
||||
esac
|
||||
done
|
||||
|
||||
# Load all the tests from tests/ and run them
|
||||
main () {
|
||||
# List all running containers
|
||||
containers=`docker ps -q`
|
||||
# If there is a container with label docker-bench, memorize it:
|
||||
benchcont="nil"
|
||||
for c in $containers; do
|
||||
labels=`docker inspect --format '{{ .Config.Labels }}' $c`
|
||||
contains "$labels" "docker-bench" && benchcont="$c"
|
||||
done
|
||||
# List all running containers except docker-bench
|
||||
containers=`docker ps -q | grep -v $benchcont`
|
||||
|
||||
for test in tests/*.sh
|
||||
do
|
||||
. ./$test
|
||||
done
|
||||
}
|
||||
|
||||
main "$@"
|
Loading…
Add table
Add a link
Reference in a new issue