GuillaumeHemmen/docker-bench-security
1
0
Fork 0
mirror of https://github.com/docker/docker-bench-security.git synced 2024-11-01 00:21:45 +01:00
Code Issues Projects Releases Packages Wiki Activity

align tests to CIS Benchmark 1.5.0

Browse source 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
This commit is contained in:
Thomas Sjögren 2023-03-06 12:59:56 +01:00
parent 5a8d6434e6
commit cbd07bb051
No known key found for this signature in database
1 changed files with 27 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

54
tests/3_docker_daemon_configuration_files.sh
View file

@ -518,6 +518,31 @@ check_3_19() {
check_3_20() {
local id="3.20"
local desc="Ensure that the /etc/default/docker file permissions are set to 644 or more restrictively (Automated)"
local remediation="You should run the following command: chmod 644 /etc/default/docker. This sets the file permissions for this file to 644."
local remediationImpact="None."
local check="$id - $desc"
starttestjson "$id" "$desc"
file="/etc/default/docker"
if [ -f "$file" ]; then
if [ "$(stat -c %a $file)" -le 644 ]; then
pass -s "$check"
logcheckresult "PASS"
return
fi
warn -s "$check"
warn " * Wrong permissions for $file"
logcheckresult "WARN" "Wrong permissions for $file"
return
fi
info -c "$check"
info " * File not found"
logcheckresult "INFO" "File not found"
}
check_3_21() {
local id="3.21"
local desc="Ensure that the /etc/sysconfig/docker file permissions are set to 644 or more restrictively (Automated)"
local remediation="You should run the following command: chmod 644 /etc/sysconfig/docker. This sets the file permissions for this file to 644."
local remediationImpact="None."
@ -541,8 +566,8 @@ check_3_20() {
logcheckresult "INFO" "File not found"
}
check_3_21() {
local id="3.21"
check_3_22() {
local id="3.22"
local desc="Ensure that the /etc/sysconfig/docker file ownership is set to root:root (Automated)"
local remediation="You should run the following command: chown root:root /etc/sysconfig/docker. This sets the ownership and group ownership for the file to root."
local remediationImpact="None."
@ -566,31 +591,6 @@ check_3_21() {
logcheckresult "INFO" "File not found"
}
check_3_22() {
local id="3.22"
local desc="Ensure that the /etc/default/docker file permissions are set to 644 or more restrictively (Automated)"
local remediation="You should run the following command: chmod 644 /etc/default/docker. This sets the file permissions for this file to 644."
local remediationImpact="None."
local check="$id - $desc"
starttestjson "$id" "$desc"
file="/etc/default/docker"
if [ -f "$file" ]; then
if [ "$(stat -c %a $file)" -le 644 ]; then
pass -s "$check"
logcheckresult "PASS"
return
fi
warn -s "$check"
warn " * Wrong permissions for $file"
logcheckresult "WARN" "Wrong permissions for $file"
return
fi
info -c "$check"
info " * File not found"
logcheckresult "INFO" "File not found"
}
check_3_23() {
local id="3.23"
local desc="Ensure that the Containerd socket file ownership is set to root:root (Automated)"