first pass on section 7

Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
This commit is contained in:
Thomas Sjögren 2019-08-27 16:03:29 +02:00
parent 3d6dd81956
commit ca3714bc16

View file

@ -31,14 +31,14 @@ check_7_1() {
# 7.2 # 7.2
check_7_2() { check_7_2() {
id_7_2="7.2" id_7_2="7.2"
desc_7_2="Ensure the minimum number of manager nodes have been created in a swarm" desc_7_2="Ensure that the minimum number of manager nodes have been created in a swarm"
check_7_2="$id_7_2 - $desc_7_2" check_7_2="$id_7_2 - $desc_7_2"
starttestjson "$id_7_2" "$desc_7_2" starttestjson "$id_7_2" "$desc_7_2"
totalChecks=$((totalChecks + 1)) totalChecks=$((totalChecks + 1))
if docker info 2>/dev/null | grep -e "Swarm:*\sactive\s*" >/dev/null 2>&1; then if docker info 2>/dev/null | grep -e "Swarm:*\sactive\s*" >/dev/null 2>&1; then
managernodes=$(docker node ls | grep -c "Leader") managernodes=$(docker node ls | grep -c "Leader")
if [ "$managernodes" -le 1 ]; then if [ "$managernodes" -eq 1 ]; then
pass "$check_7_2" pass "$check_7_2"
resulttestjson "PASS" resulttestjson "PASS"
currentScore=$((currentScore + 1)) currentScore=$((currentScore + 1))
@ -57,7 +57,7 @@ check_7_2() {
# 7.3 # 7.3
check_7_3() { check_7_3() {
id_7_3="7.3" id_7_3="7.3"
desc_7_3="Ensure swarm services are binded to a specific host interface" desc_7_3="Ensure that swarm services are bound to a specific host interface"
check_7_3="$id_7_3 - $desc_7_3" check_7_3="$id_7_3 - $desc_7_3"
starttestjson "$id_7_3" "$desc_7_3" starttestjson "$id_7_3" "$desc_7_3"
@ -83,7 +83,7 @@ check_7_3() {
# 7.4 # 7.4
check_7_4() { check_7_4() {
id_7_4="7.4" id_7_4="7.4"
desc_7_4="Ensure data exchanged between containers are encrypted on different nodes on the overlay network" desc_7_4="Ensure that all Docker swarm overlay networks are encrypted"
check_7_4="$id_7_4 - $desc_7_4" check_7_4="$id_7_4 - $desc_7_4"
starttestjson "$id_7_4" "$desc_7_4" starttestjson "$id_7_4" "$desc_7_4"
@ -116,7 +116,7 @@ check_7_4() {
# 7.5 # 7.5
check_7_5() { check_7_5() {
id_7_5="7.5" id_7_5="7.5"
desc_7_5="Ensure Docker's secret management commands are used for managing secrets in a Swarm cluster" desc_7_5="Ensure that Docker's secret management commands are used for managing secrets in a swarm cluster"
check_7_5="$id_7_5 - $desc_7_5" check_7_5="$id_7_5 - $desc_7_5"
starttestjson "$id_7_5" "$desc_7_5" starttestjson "$id_7_5" "$desc_7_5"
@ -141,7 +141,7 @@ check_7_5() {
# 7.6 # 7.6
check_7_6() { check_7_6() {
id_7_6="7.6" id_7_6="7.6"
desc_7_6="Ensure swarm manager is run in auto-lock mode" desc_7_6="Ensure that swarm manager is run in auto-lock mode"
check_7_6="$id_7_6 - $desc_7_6" check_7_6="$id_7_6 - $desc_7_6"
starttestjson "$id_7_6" "$desc_7_6" starttestjson "$id_7_6" "$desc_7_6"
@ -166,7 +166,7 @@ check_7_6() {
# 7.7 # 7.7
check_7_7() { check_7_7() {
id_7_7="7.7" id_7_7="7.7"
desc_7_7="Ensure swarm manager auto-lock key is rotated periodically" desc_7_7="Ensure that the swarm manager auto-lock key is rotated periodically"
check_7_7="$id_7_7 - $desc_7_7" check_7_7="$id_7_7 - $desc_7_7"
starttestjson "$id_7_7" "$desc_7_7" starttestjson "$id_7_7" "$desc_7_7"
@ -185,7 +185,7 @@ check_7_7() {
# 7.8 # 7.8
check_7_8() { check_7_8() {
id_7_8="7.8" id_7_8="7.8"
desc_7_8="Ensure node certificates are rotated as appropriate" desc_7_8="Ensure that node certificates are rotated as appropriate"
check_7_8="$id_7_8 - $desc_7_8" check_7_8="$id_7_8 - $desc_7_8"
starttestjson "$id_7_8" "$desc_7_8" starttestjson "$id_7_8" "$desc_7_8"
@ -210,7 +210,7 @@ check_7_8() {
# 7.9 # 7.9
check_7_9() { check_7_9() {
id_7_9="7.9" id_7_9="7.9"
desc_7_9="Ensure CA certificates are rotated as appropriate" desc_7_9="Ensure that CA certificates are rotated as appropriate"
check_7_9="$id_7_9 - $desc_7_9" check_7_9="$id_7_9 - $desc_7_9"
starttestjson "$id_7_9" "$desc_7_9" starttestjson "$id_7_9" "$desc_7_9"
@ -229,7 +229,7 @@ check_7_9() {
# 7.10 # 7.10
check_7_10() { check_7_10() {
id_7_10="7.10" id_7_10="7.10"
desc_7_10="Ensure management plane traffic has been separated from data plane traffic" desc_7_10="Ensure that management plane traffic is separated from data plane traffic"
check_7_10="$id_7_10 - $desc_7_10" check_7_10="$id_7_10 - $desc_7_10"
starttestjson "$id_7_10" "$desc_7_10" starttestjson "$id_7_10" "$desc_7_10"