GuillaumeHemmen/docker-bench-security
1
0
Fork 0
mirror of https://github.com/docker/docker-bench-security.git synced 2025-01-18 16:22:33 +01:00
Code Issues Projects Releases Packages Wiki Activity

wording and set printremediation="0"

Browse source 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
This commit is contained in:
Thomas Sjögren 2021-05-25 20:44:18 +02:00
parent addefc6ee4
commit cff5d7f32c
1 changed files with 8 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
docker-bench-security.sh
View file

@ -1,4 +1,4 @@
#!/bin/sh #!/bin/bash
# -------------------------------------------------------------------------------------------- # --------------------------------------------------------------------------------------------
# Docker Bench for Security # Docker Bench for Security
# #
@ -36,7 +36,7 @@ usage () {
cat <<EOF cat <<EOF
Docker Bench for Security - Docker, Inc. (c) 2015-$(date +"%Y") Docker Bench for Security - Docker, Inc. (c) 2015-$(date +"%Y")
Checks for dozens of common best-practices around deploying Docker containers in production. Checks for dozens of common best-practices around deploying Docker containers in production.
Inspired by the CIS Docker Benchmark v1.2.0. Based on the CIS Docker Benchmark 1.3.1.
Usage: ${myname}.sh [OPTIONS] Usage: ${myname}.sh [OPTIONS]
@ -58,7 +58,7 @@ Options:
-i INCLUDE optional Comma delimited list of patterns within a container or image name to check -i INCLUDE optional Comma delimited list of patterns within a container or image name to check
-x EXCLUDE optional Comma delimited list of patterns within a container or image name to exclude from check -x EXCLUDE optional Comma delimited list of patterns within a container or image name to exclude from check
-n LIMIT optional In JSON output, when reporting lists of items (containers, images, etc.), limit the number of reported items to LIMIT. Default 0 (no limit). -n LIMIT optional In JSON output, when reporting lists of items (containers, images, etc.), limit the number of reported items to LIMIT. Default 0 (no limit).
-p PRINT optional Disable the printing of remediation measures. Default: print remediation measures. -p PRINT optional Print remediation measures. Default: Don't print remediation measures.
Complete list of checks: <https://github.com/docker/docker-bench-security/blob/master/tests/> Complete list of checks: <https://github.com/docker/docker-bench-security/blob/master/tests/>
Full documentation: <https://github.com/docker/docker-bench-security> Full documentation: <https://github.com/docker/docker-bench-security>
@ -70,9 +70,10 @@ EOF
if [ ! -d log ]; then if [ ! -d log ]; then
mkdir log mkdir log
fi fi
logger="log/${myname}.log" logger="log/${myname}.log"
limit=0 limit=0
printremediation="1" printremediation="0"
globalRemediation="" globalRemediation=""
# Get the flags # Get the flags
@ -90,7 +91,7 @@ do
i) include="$OPTARG" ;; i) include="$OPTARG" ;;
x) exclude="$OPTARG" ;; x) exclude="$OPTARG" ;;
n) limit="$OPTARG" ;; n) limit="$OPTARG" ;;
p) printremediation="0" ;; p) printremediation="1" ;;
*) usage; exit 1 ;; *) usage; exit 1 ;;
esac esac
done done
@ -101,8 +102,7 @@ done
yell_info yell_info
# Warn if not root # Warn if not root
ID=$(id -u) if [ "$(id -u)" != "0" ]; then
if [ "x$ID" != "x0" ]; then
warn "$(yell 'Some tests might require root to run')\n" warn "$(yell 'Some tests might require root to run')\n"
sleep 3 sleep 3
fi fi
@ -118,7 +118,7 @@ beginjson "$version" "$(date +%s)"
# Load all the tests from tests/ and run them # Load all the tests from tests/ and run them
main () { main () {
logit "\n${bldylw}Section A - Check results${txtrsr}" logit "\n${bldylw}Section A - Check results${txtrst}"
# Get configuration location # Get configuration location
get_docker_configuration_file get_docker_configuration_file