mirror of
https://github.com/docker/docker-bench-security.git
synced 2025-01-18 16:22:33 +01:00
align tests to CIS Benchmark 1.5.0
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
This commit is contained in:
parent
5a8d6434e6
commit
cbd07bb051
1 changed files with 27 additions and 27 deletions
|
@ -518,6 +518,31 @@ check_3_19() {
|
||||||
|
|
||||||
check_3_20() {
|
check_3_20() {
|
||||||
local id="3.20"
|
local id="3.20"
|
||||||
|
local desc="Ensure that the /etc/default/docker file permissions are set to 644 or more restrictively (Automated)"
|
||||||
|
local remediation="You should run the following command: chmod 644 /etc/default/docker. This sets the file permissions for this file to 644."
|
||||||
|
local remediationImpact="None."
|
||||||
|
local check="$id - $desc"
|
||||||
|
starttestjson "$id" "$desc"
|
||||||
|
|
||||||
|
file="/etc/default/docker"
|
||||||
|
if [ -f "$file" ]; then
|
||||||
|
if [ "$(stat -c %a $file)" -le 644 ]; then
|
||||||
|
pass -s "$check"
|
||||||
|
logcheckresult "PASS"
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
warn -s "$check"
|
||||||
|
warn " * Wrong permissions for $file"
|
||||||
|
logcheckresult "WARN" "Wrong permissions for $file"
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
info -c "$check"
|
||||||
|
info " * File not found"
|
||||||
|
logcheckresult "INFO" "File not found"
|
||||||
|
}
|
||||||
|
|
||||||
|
check_3_21() {
|
||||||
|
local id="3.21"
|
||||||
local desc="Ensure that the /etc/sysconfig/docker file permissions are set to 644 or more restrictively (Automated)"
|
local desc="Ensure that the /etc/sysconfig/docker file permissions are set to 644 or more restrictively (Automated)"
|
||||||
local remediation="You should run the following command: chmod 644 /etc/sysconfig/docker. This sets the file permissions for this file to 644."
|
local remediation="You should run the following command: chmod 644 /etc/sysconfig/docker. This sets the file permissions for this file to 644."
|
||||||
local remediationImpact="None."
|
local remediationImpact="None."
|
||||||
|
@ -541,8 +566,8 @@ check_3_20() {
|
||||||
logcheckresult "INFO" "File not found"
|
logcheckresult "INFO" "File not found"
|
||||||
}
|
}
|
||||||
|
|
||||||
check_3_21() {
|
check_3_22() {
|
||||||
local id="3.21"
|
local id="3.22"
|
||||||
local desc="Ensure that the /etc/sysconfig/docker file ownership is set to root:root (Automated)"
|
local desc="Ensure that the /etc/sysconfig/docker file ownership is set to root:root (Automated)"
|
||||||
local remediation="You should run the following command: chown root:root /etc/sysconfig/docker. This sets the ownership and group ownership for the file to root."
|
local remediation="You should run the following command: chown root:root /etc/sysconfig/docker. This sets the ownership and group ownership for the file to root."
|
||||||
local remediationImpact="None."
|
local remediationImpact="None."
|
||||||
|
@ -566,31 +591,6 @@ check_3_21() {
|
||||||
logcheckresult "INFO" "File not found"
|
logcheckresult "INFO" "File not found"
|
||||||
}
|
}
|
||||||
|
|
||||||
check_3_22() {
|
|
||||||
local id="3.22"
|
|
||||||
local desc="Ensure that the /etc/default/docker file permissions are set to 644 or more restrictively (Automated)"
|
|
||||||
local remediation="You should run the following command: chmod 644 /etc/default/docker. This sets the file permissions for this file to 644."
|
|
||||||
local remediationImpact="None."
|
|
||||||
local check="$id - $desc"
|
|
||||||
starttestjson "$id" "$desc"
|
|
||||||
|
|
||||||
file="/etc/default/docker"
|
|
||||||
if [ -f "$file" ]; then
|
|
||||||
if [ "$(stat -c %a $file)" -le 644 ]; then
|
|
||||||
pass -s "$check"
|
|
||||||
logcheckresult "PASS"
|
|
||||||
return
|
|
||||||
fi
|
|
||||||
warn -s "$check"
|
|
||||||
warn " * Wrong permissions for $file"
|
|
||||||
logcheckresult "WARN" "Wrong permissions for $file"
|
|
||||||
return
|
|
||||||
fi
|
|
||||||
info -c "$check"
|
|
||||||
info " * File not found"
|
|
||||||
logcheckresult "INFO" "File not found"
|
|
||||||
}
|
|
||||||
|
|
||||||
check_3_23() {
|
check_3_23() {
|
||||||
local id="3.23"
|
local id="3.23"
|
||||||
local desc="Ensure that the Containerd socket file ownership is set to root:root (Automated)"
|
local desc="Ensure that the Containerd socket file ownership is set to root:root (Automated)"
|
||||||
|
|
Loading…
Reference in a new issue