add INFO for section 8

Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
2025-01-18 16:22:33 +01:00 · 2019-08-28 10:26:44 +02:00 · 2019-08-28 10:26:44 +02:00 · a785c02c59
commit a785c02c59
parent adb6a42c4a
1 changed files with 144 additions and 0 deletions
--- a/tests/8_docker_enterprise_configuration.sh
+++ b/tests/8_docker_enterprise_configuration.sh
@ -1,5 +1,14 @@
 #!/bin/sh

+check_product_license() {
+  if docker info -f '{{ .ProductLicense }}' | grep -qi 'Community Engine'; then
+    info "     * Community Engine license, skipping section 8."
+    enterprise_license=0
+  else
+    enterprise_license=1
+  fi
+}
+
 check_8() {
  logit "\n"
  id_8="8"
@ -18,6 +27,125 @@ check_8_1() {
  startsectionjson "$id_8_1" "$desc_8_1"
 }

+# 8.1.1
+check_8_1_1() {
+  if [ "$enterprise_license" -ne 1 ]; then
+    return
+  fi
+
+  id_8_1_1="8.1.1"
+  desc_8_1_1="Configure the LDAP authentication service"
+  check_8_1_1="$id_8_1_1  - $desc_8_1_1"
+  starttestjson "$id_8_1_1" "$desc_8_1_1"
+
+  totalChecks=$((totalChecks + 1))
+  note "$check_8_1_1"
+  resulttestjson "INFO"
+  currentScore=$((currentScore + 0))
+}
+
+# 8.1.2
+check_8_1_2() {
+  if [ "$enterprise_license" -ne 1 ]; then
+    return
+  fi
+
+  id_8_1_2="8.1.2"
+  desc_8_1_2="Use external certificates"
+  check_8_1_2="$id_8_1_2  - $desc_8_1_2"
+  starttestjson "$id_8_1_2" "$desc_8_1_2"
+
+  totalChecks=$((totalChecks + 1))
+  note "$check_8_1_2"
+  resulttestjson "INFO"
+  currentScore=$((currentScore + 0))
+}
+
+# 8.1.3
+check_8_1_3() {
+  if [ "$enterprise_license" -ne 1 ]; then
+    return
+  fi
+
+  id_8_1_3="8.1.3"
+  desc_8_1_3="Enforce the use of client certificate bundles for unprivileged users"
+  check_8_1_3="$id_8_1_3  - $desc_8_1_3"
+  starttestjson "$id_8_1_3" "$desc_8_1_3"
+
+  totalChecks=$((totalChecks + 1))
+  note "$check_8_1_3"
+  resulttestjson "INFO"
+  currentScore=$((currentScore + 0))
+}
+
+# 8.1.4
+check_8_1_4() {
+  if [ "$enterprise_license" -ne 1 ]; then
+    return
+  fi
+
+  id_8_1_4="8.1.4"
+  desc_8_1_4="Configure applicable cluster role-based access control policies"
+  check_8_1_4="$id_8_1_4  - $desc_8_1_4"
+  starttestjson "$id_8_1_4" "$desc_8_1_4"
+
+  totalChecks=$((totalChecks + 1))
+  note "$check_8_1_4"
+  resulttestjson "INFO"
+  currentScore=$((currentScore + 0))
+}
+
+# 8.1.5
+check_8_1_5() {
+  if [ "$enterprise_license" -ne 1 ]; then
+    return
+  fi
+
+  id_8_1_5="8.1.5"
+  desc_8_1_5="Enable signed image enforcement"
+  check_8_1_5="$id_8_1_5  - $desc_8_1_5"
+  starttestjson "$id_8_1_5" "$desc_8_1_5"
+
+  totalChecks=$((totalChecks + 1))
+  note "$check_8_1_5"
+  resulttestjson "INFO"
+  currentScore=$((currentScore + 0))
+}
+
+# 8.1.6
+check_8_1_6() {
+  if [ "$enterprise_license" -ne 1 ]; then
+    return
+  fi
+
+  id_8_1_6="8.1.6"
+  desc_8_1_6="Set the Per-User Session Limit to a value of '3' or lower"
+  check_8_1_6="$id_8_1_6  - $desc_8_1_6"
+  starttestjson "$id_8_1_6" "$desc_8_1_6"
+
+  totalChecks=$((totalChecks + 1))
+  note "$check_8_1_6"
+  resulttestjson "INFO"
+  currentScore=$((currentScore + 0))
+}
+
+# 8.1.7
+check_8_1_7() {
+  if [ "$enterprise_license" -ne 1 ]; then
+    return
+  fi
+
+  id_8_1_7="8.1.7"
+  desc_8_1_7="Set the 'Lifetime Minutes' and 'Renewal Threshold Minutes' values to '15' or lower and '0' respectively"
+  check_8_1_7="$id_8_1_7  - $desc_8_1_7"
+  starttestjson "$id_8_1_7" "$desc_8_1_7"
+
+  totalChecks=$((totalChecks + 1))
+  note "$check_8_1_7"
+  resulttestjson "INFO"
+  currentScore=$((currentScore + 0))
+}
+
 check_8_1_end() {
  endsectionjson
 }
@ -31,6 +159,22 @@ check_8_2() {
  startsectionjson "$id_8_2" "$desc_8_2"
 }

+check_8_2_1() {
+  if [ "$enterprise_license" -ne 1 ]; then
+    return
+  fi
+
+  id_8_2_1="8.2.1"
+  desc_8_2_1="Enable image vulnerability scanning"
+  check_8_2_1="$id_8_2_1  - $desc_8_2_1"
+  starttestjson "$id_8_2_1" "$desc_8_2_1"
+
+  totalChecks=$((totalChecks + 1))
+  note "$check_8_2_1"
+  resulttestjson "INFO"
+  currentScore=$((currentScore + 0))
+}
+
 check_8_2_end() {
  endsectionjson
 }