GuillaumeHemmen/docker-bench-security
1
0
Fork 0
mirror of https://github.com/docker/docker-bench-security.git synced 2025-01-18 16:22:33 +01:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #347 from telepresencebot2/master

Browse source 
fix test 7.4 using 5.25 as a model
This commit is contained in:
Thomas Sjögren 2018-11-15 08:56:45 +01:00 committed by GitHub
commit a7a24a8d7f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 20 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
tests/7_docker_swarm_configuration.sh
View file

@ -81,29 +81,35 @@ check_7_3() {
}
# 7.4
check_7_4(){
check_7_4() {
id_7_4="7.4"
desc_7_4="Ensure data exchanged between containers are encrypted on different nodes on the overlay network"
check_7_4="$id_7_4 - $desc_7_4"
starttestjson "$id_7_4" "$desc_7_4"
totalChecks=$((totalChecks + 1))
if docker network ls --filter driver=overlay --quiet | \
xargs docker network inspect --format '{{.Name}} {{ .Options }}' 2>/dev/null | \
fail=0
unencrypted_networks=""
for encnet in $(docker network ls --filter driver=overlay --quiet); do
if docker network inspect --format '{{.Name}} {{ .Options }}' "$encnet" | \
grep -v 'encrypted:' 2>/dev/null 1>&2; then
warn "$check_7_4"
currentScore=$((currentScore - 1))
for encnet in $(docker network ls --filter driver=overlay --quiet); do
if docker network inspect --format '{{.Name}} {{ .Options }}' "$encnet" | \
grep -v 'encrypted:' 2>/dev/null 1>&2; then
warn " * Unencrypted overlay network: $(docker network inspect --format '{{ .Name }} ({{ .Scope }})' "$encnet")"
resulttestjson "WARN" "Unencrypted overlay network: $(docker network inspect --format '{{ .Name }} ({{ .Scope }})' "$encnet")"
# If it's the first container, fail the test
if [ $fail -eq 0 ]; then
warn "$check_7_4"
fail=1
fi
done
warn " * Unencrypted overlay network: $(docker network inspect --format '{{ .Name }} ({{ .Scope }})' "$encnet")"
unencrypted_networks="$unencrypted_networks $(docker network inspect --format '{{ .Name }} ({{ .Scope }})' "$encnet")"
fi
done
# We went through all the networks and found none that are unencrypted
if [ $fail -eq 0 ]; then
pass "$check_7_4"
resulttestjson "PASS"
currentScore=$((currentScore + 1))
else
pass "$check_7_4"
resulttestjson "PASS"
currentScore=$((currentScore + 1))
resulttestjson "WARN" "Unencrypted overlay networks:" "$unencrypted_networks"
currentScore=$((currentScore - 1))
fi
}