mirror of
https://github.com/docker/docker-bench-security.git
synced 2024-11-01 00:21:45 +01:00
fix537
This commit is contained in:
halfluke
parent
7287a35a21
commit
b6e4380937
2 changed files with 9 additions and 14 deletions
|
|
@ -110,8 +110,8 @@ get_docker_configuration_file() {
|
|||
CONFIG_FILE="$FILE"
|
||||
return
|
||||
fi
|
||||
if [ -f '/etc/docker/daemon.json' ]; then
|
||||
CONFIG_FILE='/etc/docker/daemon.json'
|
||||
if [ -f '/home/kali/SUKA/daemon.json' ]; then
|
||||
CONFIG_FILE='/home/kali/SUKA/daemon.json'
|
||||
return
|
||||
fi
|
||||
CONFIG_FILE='/dev/null'
|
||||
|
|
@ -125,7 +125,7 @@ get_docker_configuration_file_args() {
|
|||
if "$HAVE_JQ"; then
|
||||
jq --monochrome-output --raw-output ".[\"${OPTION}\"]" "$CONFIG_FILE"
|
||||
else
|
||||
cat "$CONFIG_FILE" | tr { '\n' | tr , '\n' | tr } '\n' | grep "$OPTION" | sed 's/.*://g' | tr -d '" ',
|
||||
cat "$CONFIG_FILE" | tr , '\n' | grep "$OPTION" | sed 's/.*://g' | tr -d '" ',
|
||||
fi
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -34,7 +34,7 @@ check_2_2() {
|
|||
logcheckresult "PASS"
|
||||
return
|
||||
fi
|
||||
if get_docker_configuration_file_args 'icc' | grep "false" >/dev/null 2>&1; then
|
||||
if [[ $(get_docker_configuration_file_args 'icc' | grep "false") ]] && [[ $(get_docker_configuration_file_args 'icc' | grep "false") != "null" ]] ; then
|
||||
pass -s "$check"
|
||||
logcheckresult "PASS"
|
||||
return
|
||||
|
|
@ -93,7 +93,7 @@ check_2_4() {
|
|||
logcheckresult "WARN"
|
||||
return
|
||||
fi
|
||||
if get_docker_configuration_file_args 'iptables' | grep "false" >/dev/null 2>&1; then
|
||||
if [[ $(get_docker_configuration_file_args 'iptables' | grep "false") ]] && [[ $(get_docker_configuration_file_args 'iptables' | grep "false") != "null" ]] ; then
|
||||
warn -s "$check"
|
||||
logcheckresult "WARN"
|
||||
return
|
||||
|
|
@ -115,12 +115,7 @@ check_2_5() {
|
|||
logcheckresult "WARN"
|
||||
return
|
||||
fi
|
||||
if ! [ -z "$(get_docker_configuration_file_args 'insecure-registries')" ]; then
|
||||
if get_docker_configuration_file_args 'insecure-registries' | grep '\[]' >/dev/null 2>&1; then
|
||||
pass -s "$check"
|
||||
logcheckresult "PASS"
|
||||
return
|
||||
fi
|
||||
if [[ $(get_docker_configuration_file_args 'insecure-registries' | grep -v '\[]') ]] && [[ $(get_docker_configuration_file_args 'insecure-registries' | grep -v '\[]') != "null" ]] ; then
|
||||
warn -s "$check"
|
||||
logcheckresult "WARN"
|
||||
return
|
||||
|
|
@ -187,7 +182,7 @@ check_2_8() {
|
|||
local check="$id - $desc"
|
||||
starttestjson "$id" "$desc"
|
||||
|
||||
if get_docker_configuration_file_args 'default-ulimit' | grep -v '{}' >/dev/null 2>&1; then
|
||||
if [[ $(get_docker_configuration_file_args 'default-ulimits' | grep -v '{}') ]] && [[ $(get_docker_configuration_file_args 'default-ulimits' | grep -v '{}') != "null" ]] ; then
|
||||
pass -c "$check"
|
||||
logcheckresult "PASS"
|
||||
return
|
||||
|
|
@ -210,7 +205,7 @@ check_2_9() {
|
|||
local check="$id - $desc"
|
||||
starttestjson "$id" "$desc"
|
||||
|
||||
if get_docker_configuration_file_args 'userns-remap' | grep -v '""'; then
|
||||
if [[ $(get_docker_configuration_file_args 'userns-remap' | grep -v '""') ]] && [[ $(get_docker_configuration_file_args 'userns-remap' | grep -v '""') != "null" ]] ; then
|
||||
pass -s "$check"
|
||||
logcheckresult "PASS"
|
||||
return
|
||||
|
|
@ -278,7 +273,7 @@ check_2_12() {
|
|||
local check="$id - $desc"
|
||||
starttestjson "$id" "$desc"
|
||||
|
||||
if get_docker_configuration_file_args 'authorization-plugins' | grep -v '\[]'; then
|
||||
if [[ $(get_docker_configuration_file_args 'authorization-plugins' | grep -v '\[]') ]] && [[ $(get_docker_configuration_file_args 'authorization-plugins' | grep -v '\[]') != "null" ]] ; then
|
||||
pass -s "$check"
|
||||
logcheckresult "PASS"
|
||||
return
|
||||
|
|
|
|||
Loading…
Reference in a new issue