diff --git a/tests/8_docker_enterprise_configuration.sh b/tests/8_docker_enterprise_configuration.sh index 56228fc..0384b87 100644 --- a/tests/8_docker_enterprise_configuration.sh +++ b/tests/8_docker_enterprise_configuration.sh @@ -1,5 +1,14 @@ #!/bin/sh +check_product_license() { + if docker info -f '{{ .ProductLicense }}' | grep -qi 'Community Engine'; then + info " * Community Engine license, skipping section 8." + enterprise_license=0 + else + enterprise_license=1 + fi +} + check_8() { logit "\n" id_8="8" @@ -18,6 +27,125 @@ check_8_1() { startsectionjson "$id_8_1" "$desc_8_1" } +# 8.1.1 +check_8_1_1() { + if [ "$enterprise_license" -ne 1 ]; then + return + fi + + id_8_1_1="8.1.1" + desc_8_1_1="Configure the LDAP authentication service" + check_8_1_1="$id_8_1_1 - $desc_8_1_1" + starttestjson "$id_8_1_1" "$desc_8_1_1" + + totalChecks=$((totalChecks + 1)) + note "$check_8_1_1" + resulttestjson "INFO" + currentScore=$((currentScore + 0)) +} + +# 8.1.2 +check_8_1_2() { + if [ "$enterprise_license" -ne 1 ]; then + return + fi + + id_8_1_2="8.1.2" + desc_8_1_2="Use external certificates" + check_8_1_2="$id_8_1_2 - $desc_8_1_2" + starttestjson "$id_8_1_2" "$desc_8_1_2" + + totalChecks=$((totalChecks + 1)) + note "$check_8_1_2" + resulttestjson "INFO" + currentScore=$((currentScore + 0)) +} + +# 8.1.3 +check_8_1_3() { + if [ "$enterprise_license" -ne 1 ]; then + return + fi + + id_8_1_3="8.1.3" + desc_8_1_3="Enforce the use of client certificate bundles for unprivileged users" + check_8_1_3="$id_8_1_3 - $desc_8_1_3" + starttestjson "$id_8_1_3" "$desc_8_1_3" + + totalChecks=$((totalChecks + 1)) + note "$check_8_1_3" + resulttestjson "INFO" + currentScore=$((currentScore + 0)) +} + +# 8.1.4 +check_8_1_4() { + if [ "$enterprise_license" -ne 1 ]; then + return + fi + + id_8_1_4="8.1.4" + desc_8_1_4="Configure applicable cluster role-based access control policies" + check_8_1_4="$id_8_1_4 - $desc_8_1_4" + starttestjson "$id_8_1_4" "$desc_8_1_4" + + totalChecks=$((totalChecks + 1)) + note "$check_8_1_4" + resulttestjson "INFO" + currentScore=$((currentScore + 0)) +} + +# 8.1.5 +check_8_1_5() { + if [ "$enterprise_license" -ne 1 ]; then + return + fi + + id_8_1_5="8.1.5" + desc_8_1_5="Enable signed image enforcement" + check_8_1_5="$id_8_1_5 - $desc_8_1_5" + starttestjson "$id_8_1_5" "$desc_8_1_5" + + totalChecks=$((totalChecks + 1)) + note "$check_8_1_5" + resulttestjson "INFO" + currentScore=$((currentScore + 0)) +} + +# 8.1.6 +check_8_1_6() { + if [ "$enterprise_license" -ne 1 ]; then + return + fi + + id_8_1_6="8.1.6" + desc_8_1_6="Set the Per-User Session Limit to a value of '3' or lower" + check_8_1_6="$id_8_1_6 - $desc_8_1_6" + starttestjson "$id_8_1_6" "$desc_8_1_6" + + totalChecks=$((totalChecks + 1)) + note "$check_8_1_6" + resulttestjson "INFO" + currentScore=$((currentScore + 0)) +} + +# 8.1.7 +check_8_1_7() { + if [ "$enterprise_license" -ne 1 ]; then + return + fi + + id_8_1_7="8.1.7" + desc_8_1_7="Set the 'Lifetime Minutes' and 'Renewal Threshold Minutes' values to '15' or lower and '0' respectively" + check_8_1_7="$id_8_1_7 - $desc_8_1_7" + starttestjson "$id_8_1_7" "$desc_8_1_7" + + totalChecks=$((totalChecks + 1)) + note "$check_8_1_7" + resulttestjson "INFO" + currentScore=$((currentScore + 0)) +} + check_8_1_end() { endsectionjson } @@ -31,6 +159,22 @@ check_8_2() { startsectionjson "$id_8_2" "$desc_8_2" } +check_8_2_1() { + if [ "$enterprise_license" -ne 1 ]; then + return + fi + + id_8_2_1="8.2.1" + desc_8_2_1="Enable image vulnerability scanning" + check_8_2_1="$id_8_2_1 - $desc_8_2_1" + starttestjson "$id_8_2_1" "$desc_8_2_1" + + totalChecks=$((totalChecks + 1)) + note "$check_8_2_1" + resulttestjson "INFO" + currentScore=$((currentScore + 0)) +} + check_8_2_end() { endsectionjson }