GuillaumeHemmen/docker-bench-security
1
0
Fork 0
mirror of https://github.com/docker/docker-bench-security.git synced 2024-11-01 08:31:44 +01:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #513 from konstruktoid/150

Browse source 
align tests to CIS Docker Benchmark 1.5.0
This commit is contained in:
Thomas Sjögren 2023-03-06 13:01:33 +01:00 committed by GitHub
commit ce38d3dd3c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 27 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

54
tests/3_docker_daemon_configuration_files.sh
View file

@ -518,6 +518,31 @@ check_3_19() {
check_3_20() {
local id="3.20"
local desc="Ensure that the /etc/default/docker file permissions are set to 644 or more restrictively (Automated)"
local remediation="You should run the following command: chmod 644 /etc/default/docker. This sets the file permissions for this file to 644."
local remediationImpact="None."
local check="$id - $desc"
starttestjson "$id" "$desc"
file="/etc/default/docker"
if [ -f "$file" ]; then
if [ "$(stat -c %a $file)" -le 644 ]; then
pass -s "$check"
logcheckresult "PASS"
return
fi
warn -s "$check"
warn " * Wrong permissions for $file"
logcheckresult "WARN" "Wrong permissions for $file"
return
fi
info -c "$check"
info " * File not found"
logcheckresult "INFO" "File not found"
}
check_3_21() {
local id="3.21"
local desc="Ensure that the /etc/sysconfig/docker file permissions are set to 644 or more restrictively (Automated)"
local remediation="You should run the following command: chmod 644 /etc/sysconfig/docker. This sets the file permissions for this file to 644."
local remediationImpact="None."
@ -541,8 +566,8 @@ check_3_20() {
logcheckresult "INFO" "File not found"
}
check_3_21() {
local id="3.21"
check_3_22() {
local id="3.22"
local desc="Ensure that the /etc/sysconfig/docker file ownership is set to root:root (Automated)"
local remediation="You should run the following command: chown root:root /etc/sysconfig/docker. This sets the ownership and group ownership for the file to root."
local remediationImpact="None."
@ -566,31 +591,6 @@ check_3_21() {
logcheckresult "INFO" "File not found"
}
check_3_22() {
local id="3.22"
local desc="Ensure that the /etc/default/docker file permissions are set to 644 or more restrictively (Automated)"
local remediation="You should run the following command: chmod 644 /etc/default/docker. This sets the file permissions for this file to 644."
local remediationImpact="None."
local check="$id - $desc"
starttestjson "$id" "$desc"
file="/etc/default/docker"
if [ -f "$file" ]; then
if [ "$(stat -c %a $file)" -le 644 ]; then
pass -s "$check"
logcheckresult "PASS"
return
fi
warn -s "$check"
warn " * Wrong permissions for $file"
logcheckresult "WARN" "Wrong permissions for $file"
return
fi
info -c "$check"
info " * File not found"
logcheckresult "INFO" "File not found"
}
check_3_23() {
local id="3.23"
local desc="Ensure that the Containerd socket file ownership is set to root:root (Automated)"