mirror of
https://github.com/docker/docker-bench-security.git
synced 2024-11-01 08:31:44 +01:00
first pass on section 7
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
This commit is contained in:
Thomas Sjögren
parent
3d6dd81956
commit
ca3714bc16
1 changed files with 10 additions and 10 deletions
|
|
@ -31,14 +31,14 @@ check_7_1() {
|
||||||
# 7.2
|
# 7.2
|
||||||
check_7_2() {
|
check_7_2() {
|
||||||
id_7_2="7.2"
|
id_7_2="7.2"
|
||||||
desc_7_2="Ensure the minimum number of manager nodes have been created in a swarm"
|
desc_7_2="Ensure that the minimum number of manager nodes have been created in a swarm"
|
||||||
check_7_2="$id_7_2 - $desc_7_2"
|
check_7_2="$id_7_2 - $desc_7_2"
|
||||||
starttestjson "$id_7_2" "$desc_7_2"
|
starttestjson "$id_7_2" "$desc_7_2"
|
||||||
|
|
||||||
totalChecks=$((totalChecks + 1))
|
totalChecks=$((totalChecks + 1))
|
||||||
if docker info 2>/dev/null | grep -e "Swarm:*\sactive\s*" >/dev/null 2>&1; then
|
if docker info 2>/dev/null | grep -e "Swarm:*\sactive\s*" >/dev/null 2>&1; then
|
||||||
managernodes=$(docker node ls | grep -c "Leader")
|
managernodes=$(docker node ls | grep -c "Leader")
|
||||||
if [ "$managernodes" -le 1 ]; then
|
if [ "$managernodes" -eq 1 ]; then
|
||||||
pass "$check_7_2"
|
pass "$check_7_2"
|
||||||
resulttestjson "PASS"
|
resulttestjson "PASS"
|
||||||
currentScore=$((currentScore + 1))
|
currentScore=$((currentScore + 1))
|
||||||
|
|
@ -57,7 +57,7 @@ check_7_2() {
|
||||||
# 7.3
|
# 7.3
|
||||||
check_7_3() {
|
check_7_3() {
|
||||||
id_7_3="7.3"
|
id_7_3="7.3"
|
||||||
desc_7_3="Ensure swarm services are binded to a specific host interface"
|
desc_7_3="Ensure that swarm services are bound to a specific host interface"
|
||||||
check_7_3="$id_7_3 - $desc_7_3"
|
check_7_3="$id_7_3 - $desc_7_3"
|
||||||
starttestjson "$id_7_3" "$desc_7_3"
|
starttestjson "$id_7_3" "$desc_7_3"
|
||||||
|
|
||||||
|
|
@ -83,7 +83,7 @@ check_7_3() {
|
||||||
# 7.4
|
# 7.4
|
||||||
check_7_4() {
|
check_7_4() {
|
||||||
id_7_4="7.4"
|
id_7_4="7.4"
|
||||||
desc_7_4="Ensure data exchanged between containers are encrypted on different nodes on the overlay network"
|
desc_7_4="Ensure that all Docker swarm overlay networks are encrypted"
|
||||||
check_7_4="$id_7_4 - $desc_7_4"
|
check_7_4="$id_7_4 - $desc_7_4"
|
||||||
starttestjson "$id_7_4" "$desc_7_4"
|
starttestjson "$id_7_4" "$desc_7_4"
|
||||||
|
|
||||||
|
|
@ -116,7 +116,7 @@ check_7_4() {
|
||||||
# 7.5
|
# 7.5
|
||||||
check_7_5() {
|
check_7_5() {
|
||||||
id_7_5="7.5"
|
id_7_5="7.5"
|
||||||
desc_7_5="Ensure Docker's secret management commands are used for managing secrets in a Swarm cluster"
|
desc_7_5="Ensure that Docker's secret management commands are used for managing secrets in a swarm cluster"
|
||||||
check_7_5="$id_7_5 - $desc_7_5"
|
check_7_5="$id_7_5 - $desc_7_5"
|
||||||
starttestjson "$id_7_5" "$desc_7_5"
|
starttestjson "$id_7_5" "$desc_7_5"
|
||||||
|
|
||||||
|
|
@ -141,7 +141,7 @@ check_7_5() {
|
||||||
# 7.6
|
# 7.6
|
||||||
check_7_6() {
|
check_7_6() {
|
||||||
id_7_6="7.6"
|
id_7_6="7.6"
|
||||||
desc_7_6="Ensure swarm manager is run in auto-lock mode"
|
desc_7_6="Ensure that swarm manager is run in auto-lock mode"
|
||||||
check_7_6="$id_7_6 - $desc_7_6"
|
check_7_6="$id_7_6 - $desc_7_6"
|
||||||
starttestjson "$id_7_6" "$desc_7_6"
|
starttestjson "$id_7_6" "$desc_7_6"
|
||||||
|
|
||||||
|
|
@ -166,7 +166,7 @@ check_7_6() {
|
||||||
# 7.7
|
# 7.7
|
||||||
check_7_7() {
|
check_7_7() {
|
||||||
id_7_7="7.7"
|
id_7_7="7.7"
|
||||||
desc_7_7="Ensure swarm manager auto-lock key is rotated periodically"
|
desc_7_7="Ensure that the swarm manager auto-lock key is rotated periodically"
|
||||||
check_7_7="$id_7_7 - $desc_7_7"
|
check_7_7="$id_7_7 - $desc_7_7"
|
||||||
starttestjson "$id_7_7" "$desc_7_7"
|
starttestjson "$id_7_7" "$desc_7_7"
|
||||||
|
|
||||||
|
|
@ -185,7 +185,7 @@ check_7_7() {
|
||||||
# 7.8
|
# 7.8
|
||||||
check_7_8() {
|
check_7_8() {
|
||||||
id_7_8="7.8"
|
id_7_8="7.8"
|
||||||
desc_7_8="Ensure node certificates are rotated as appropriate"
|
desc_7_8="Ensure that node certificates are rotated as appropriate"
|
||||||
check_7_8="$id_7_8 - $desc_7_8"
|
check_7_8="$id_7_8 - $desc_7_8"
|
||||||
starttestjson "$id_7_8" "$desc_7_8"
|
starttestjson "$id_7_8" "$desc_7_8"
|
||||||
|
|
||||||
|
|
@ -210,7 +210,7 @@ check_7_8() {
|
||||||
# 7.9
|
# 7.9
|
||||||
check_7_9() {
|
check_7_9() {
|
||||||
id_7_9="7.9"
|
id_7_9="7.9"
|
||||||
desc_7_9="Ensure CA certificates are rotated as appropriate"
|
desc_7_9="Ensure that CA certificates are rotated as appropriate"
|
||||||
check_7_9="$id_7_9 - $desc_7_9"
|
check_7_9="$id_7_9 - $desc_7_9"
|
||||||
starttestjson "$id_7_9" "$desc_7_9"
|
starttestjson "$id_7_9" "$desc_7_9"
|
||||||
|
|
||||||
|
|
@ -229,7 +229,7 @@ check_7_9() {
|
||||||
# 7.10
|
# 7.10
|
||||||
check_7_10() {
|
check_7_10() {
|
||||||
id_7_10="7.10"
|
id_7_10="7.10"
|
||||||
desc_7_10="Ensure management plane traffic has been separated from data plane traffic"
|
desc_7_10="Ensure that management plane traffic is separated from data plane traffic"
|
||||||
check_7_10="$id_7_10 - $desc_7_10"
|
check_7_10="$id_7_10 - $desc_7_10"
|
||||||
starttestjson "$id_7_10" "$desc_7_10"
|
starttestjson "$id_7_10" "$desc_7_10"
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue