GuillaumeHemmen/docker-bench-security
1
0
Fork 0
mirror of https://github.com/docker/docker-bench-security.git synced 2025-01-18 16:22:33 +01:00
Code Issues Projects Releases Packages Wiki Activity

Fix CIS 5.8 - Reverse container port and reduce privileged port to 1024

Browse source 
-- According to CIS, 5.8 apply to priviliged port on the host not on the
container:
`processes are not allowed to use them for various security reasons.
Docker allows a
container port to be mapped to a privileged port.`
-- Also privileged port should be less than 1024 inclusive

Signed-off-by: liron-l <levinlir@gmail.com>
Signed-off-by: Liron Levin <liron@twistlock.com>
This commit is contained in:
Liron Levin 2015-06-18 13:21:57 +03:00
parent 23a74b5bd0
commit b2093036df
1 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
tests/5_container_runtime.sh
View file

@ -201,11 +201,12 @@ else
fail=0
for c in $containers; do
ports=$(docker port "$c" | awk '{print $1}' | cut -d '/' -f1)
# Port format is private port -> ip: public port
ports=$(docker port "$c" | awk '{print $0}' | cut -d ':' -f2)
# iterate through port range (line delimited)
for port in $ports; do
if [ ! -z "$port" ] && [ "0$port" -lt 1025 ]; then
if [ ! -z "$port" ] && [ "0$port" -lt 1024 ]; then
# If it's the first container, fail the test
if [ $fail -eq 0 ]; then
warn "$check_5_8"