Bug fixing and improving source code readability

This commit is contained in:
Razvan Stoica 2021-03-29 15:22:14 +03:00
parent 86985f854f
commit d0443cc817
12 changed files with 1028 additions and 783 deletions

View file

@ -20,13 +20,15 @@ check_2_1() {
if get_docker_effective_command_line_args '--icc' | grep false >/dev/null 2>&1; then
pass -s "$check"
logcheckresult "PASS"
elif get_docker_configuration_file_args 'icc' | grep "false" >/dev/null 2>&1; then
return
fi
if get_docker_configuration_file_args 'icc' | grep "false" >/dev/null 2>&1; then
pass -s "$check"
logcheckresult "PASS"
else
warn -s "$check"
logcheckresult "WARN"
return
fi
warn -s "$check"
logcheckresult "WARN"
}
check_2_2() {
@ -41,25 +43,29 @@ check_2_2() {
if get_docker_configuration_file_args 'log-level' | grep info >/dev/null 2>&1; then
pass -s "$check"
logcheckresult "PASS"
elif [ -z "$(get_docker_configuration_file_args 'log-level')" ]; then
return
fi
if [ -z "$(get_docker_configuration_file_args 'log-level')" ]; then
pass -s "$check"
logcheckresult "PASS"
else
warn -s "$check"
logcheckresult "WARN"
return
fi
elif get_docker_effective_command_line_args '-l'; then
warn -s "$check"
logcheckresult "WARN"
return
fi
if get_docker_effective_command_line_args '-l'; then
if get_docker_effective_command_line_args '-l' | grep "info" >/dev/null 2>&1; then
pass -s "$check"
logcheckresult "PASS"
else
warn -s "$check"
logcheckresult "WARN"
return
fi
else
pass -s "$check"
logcheckresult "PASS"
warn -s "$check"
logcheckresult "WARN"
return
fi
pass -s "$check"
logcheckresult "PASS"
}
check_2_3() {
@ -73,13 +79,15 @@ check_2_3() {
if get_docker_effective_command_line_args '--iptables' | grep "false" >/dev/null 2>&1; then
warn -s "$check"
logcheckresult "WARN"
elif get_docker_configuration_file_args 'iptables' | grep "false" >/dev/null 2>&1; then
return
fi
if get_docker_configuration_file_args 'iptables' | grep "false" >/dev/null 2>&1; then
warn -s "$check"
logcheckresult "WARN"
else
pass -s "$check"
logcheckresult "PASS"
return
fi
pass -s "$check"
logcheckresult "PASS"
}
check_2_4() {
@ -93,18 +101,20 @@ check_2_4() {
if get_docker_effective_command_line_args '--insecure-registry' | grep "insecure-registry" >/dev/null 2>&1; then
warn -s "$check"
logcheckresult "WARN"
elif ! [ -z "$(get_docker_configuration_file_args 'insecure-registries')" ]; then
return
fi
if ! [ -z "$(get_docker_configuration_file_args 'insecure-registries')" ]; then
if get_docker_configuration_file_args 'insecure-registries' | grep '\[]' >/dev/null 2>&1; then
pass -s "$check"
logcheckresult "PASS"
else
warn -s "$check"
logcheckresult "WARN"
return
fi
else
pass -s "$check"
logcheckresult "PASS"
warn -s "$check"
logcheckresult "WARN"
return
fi
pass -s "$check"
logcheckresult "PASS"
}
check_2_5() {
@ -118,10 +128,10 @@ check_2_5() {
if docker info 2>/dev/null | grep -e "^\sStorage Driver:\s*aufs\s*$" >/dev/null 2>&1; then
warn -s "$check"
logcheckresult "WARN"
else
pass -s "$check"
logcheckresult "PASS"
return
fi
pass -s "$check"
logcheckresult "PASS"
}
check_2_6() {
@ -138,21 +148,23 @@ check_2_6() {
[ $(get_docker_cumulative_command_line_args '--tlsverify' | grep 'tlsverify') >/dev/null 2>&1 ]; then
pass -s "$check"
logcheckresult "PASS"
elif [ $(get_docker_configuration_file_args '"tls":' | grep 'true') ] || \
return
fi
if [ $(get_docker_configuration_file_args '"tls":' | grep 'true') ] || \
[ $(get_docker_cumulative_command_line_args '--tls' | grep 'tls$') >/dev/null 2>&1 ]; then
warn -s "$check"
warn " * Docker daemon currently listening on TCP with TLS, but no verification"
logcheckresult "WARN" "Docker daemon currently listening on TCP with TLS, but no verification"
else
warn -s "$check"
warn " * Docker daemon currently listening on TCP without TLS"
logcheckresult "WARN" "Docker daemon currently listening on TCP without TLS"
return
fi
else
info -c "$check"
info " * Docker daemon not listening on TCP"
logcheckresult "INFO" "Docker daemon not listening on TCP"
warn -s "$check"
warn " * Docker daemon currently listening on TCP without TLS"
logcheckresult "WARN" "Docker daemon currently listening on TCP without TLS"
return
fi
info -c "$check"
info " * Docker daemon not listening on TCP"
logcheckresult "INFO" "Docker daemon not listening on TCP"
}
check_2_7() {
@ -166,14 +178,16 @@ check_2_7() {
if get_docker_configuration_file_args 'default-ulimit' | grep -v '{}' >/dev/null 2>&1; then
pass -c "$check"
logcheckresult "PASS"
elif get_docker_effective_command_line_args '--default-ulimit' | grep "default-ulimit" >/dev/null 2>&1; then
return
fi
if get_docker_effective_command_line_args '--default-ulimit' | grep "default-ulimit" >/dev/null 2>&1; then
pass -c "$check"
logcheckresult "PASS"
else
info -c "$check"
info " * Default ulimit doesn't appear to be set"
logcheckresult "INFO" "Default ulimit doesn't appear to be set"
return
fi
info -c "$check"
info " * Default ulimit doesn't appear to be set"
logcheckresult "INFO" "Default ulimit doesn't appear to be set"
}
check_2_8() {
@ -187,13 +201,15 @@ check_2_8() {
if get_docker_configuration_file_args 'userns-remap' | grep -v '""'; then
pass -s "$check"
logcheckresult "PASS"
elif get_docker_effective_command_line_args '--userns-remap' | grep "userns-remap" >/dev/null 2>&1; then
return
fi
if get_docker_effective_command_line_args '--userns-remap' | grep "userns-remap" >/dev/null 2>&1; then
pass -s "$check"
logcheckresult "PASS"
else
warn -s "$check"
logcheckresult "WARN"
return
fi
warn -s "$check"
logcheckresult "WARN"
}
check_2_9() {
@ -208,14 +224,16 @@ check_2_9() {
warn -s "$check"
info " * Confirm cgroup usage"
logcheckresult "WARN" "Confirm cgroup usage"
elif get_docker_effective_command_line_args '--cgroup-parent' | grep "cgroup-parent" >/dev/null 2>&1; then
return
fi
if get_docker_effective_command_line_args '--cgroup-parent' | grep "cgroup-parent" >/dev/null 2>&1; then
warn -s "$check"
info " * Confirm cgroup usage"
logcheckresult "WARN" "Confirm cgroup usage"
else
pass -s "$check"
logcheckresult "PASS"
return
fi
pass -s "$check"
logcheckresult "PASS"
}
check_2_10() {
@ -229,13 +247,15 @@ check_2_10() {
if get_docker_configuration_file_args 'storage-opts' | grep "dm.basesize" >/dev/null 2>&1; then
warn -s "$check"
logcheckresult "WARN"
elif get_docker_effective_command_line_args '--storage-opt' | grep "dm.basesize" >/dev/null 2>&1; then
return
fi
if get_docker_effective_command_line_args '--storage-opt' | grep "dm.basesize" >/dev/null 2>&1; then
warn -s "$check"
logcheckresult "WARN"
else
pass -s "$check"
logcheckresult "PASS"
return
fi
pass -s "$check"
logcheckresult "PASS"
}
check_2_11() {
@ -249,13 +269,15 @@ check_2_11() {
if get_docker_configuration_file_args 'authorization-plugins' | grep -v '\[]'; then
pass -s "$check"
logcheckresult "PASS"
elif get_docker_effective_command_line_args '--authorization-plugin' | grep "authorization-plugin" >/dev/null 2>&1; then
return
fi
if get_docker_effective_command_line_args '--authorization-plugin' | grep "authorization-plugin" >/dev/null 2>&1; then
pass -s "$check"
logcheckresult "PASS"
else
warn -s "$check"
logcheckresult "WARN"
return
fi
warn -s "$check"
logcheckresult "WARN"
}
check_2_12() {
@ -269,10 +291,10 @@ check_2_12() {
if docker info --format '{{ .LoggingDriver }}' | grep 'json-file' >/dev/null 2>&1; then
warn -s "$check"
logcheckresult "WARN"
else
pass -s "$check"
logcheckresult "PASS"
return
fi
pass -s "$check"
logcheckresult "PASS"
}
check_2_13() {
@ -286,18 +308,20 @@ check_2_13() {
if docker info 2>/dev/null | grep -e "Live Restore Enabled:\s*true\s*" >/dev/null 2>&1; then
pass -s "$check"
logcheckresult "PASS"
else
if docker info 2>/dev/null | grep -e "Swarm:*\sactive\s*" >/dev/null 2>&1; then
pass -s "$check (Incompatible with swarm mode)"
logcheckresult "PASS"
elif get_docker_effective_command_line_args '--live-restore' | grep "live-restore" >/dev/null 2>&1; then
pass -s "$check"
logcheckresult "PASS"
else
warn -s "$check"
logcheckresult "WARN"
fi
return
fi
if docker info 2>/dev/null | grep -e "Swarm:*\sactive\s*" >/dev/null 2>&1; then
pass -s "$check (Incompatible with swarm mode)"
logcheckresult "PASS"
return
fi
if get_docker_effective_command_line_args '--live-restore' | grep "live-restore" >/dev/null 2>&1; then
pass -s "$check"
logcheckresult "PASS"
return
fi
warn -s "$check"
logcheckresult "WARN"
}
check_2_14() {
@ -311,13 +335,15 @@ check_2_14() {
if get_docker_configuration_file_args 'userland-proxy' | grep false >/dev/null 2>&1; then
pass -s "$check"
logcheckresult "PASS"
elif get_docker_effective_command_line_args '--userland-proxy=false' 2>/dev/null | grep "userland-proxy=false" >/dev/null 2>&1; then
return
fi
if get_docker_effective_command_line_args '--userland-proxy=false' 2>/dev/null | grep "userland-proxy=false" >/dev/null 2>&1; then
pass -s "$check"
logcheckresult "PASS"
else
warn -s "$check"
logcheckresult "WARN"
return
fi
warn -s "$check"
logcheckresult "WARN"
}
check_2_15() {
@ -331,10 +357,10 @@ check_2_15() {
if docker info --format '{{ .SecurityOptions }}' | grep 'name=seccomp,profile=default' 2>/dev/null 1>&2; then
pass -c "$check"
logcheckresult "PASS"
else
info -c "$check"
logcheckresult "INFO"
return
fi
info -c "$check"
logcheckresult "INFO"
}
check_2_16() {
@ -352,16 +378,16 @@ check_2_16() {
if docker version -f '{{.Server.Experimental}}' | grep false 2>/dev/null 1>&2; then
pass -s "$check"
logcheckresult "PASS"
else
warn -s "$check"
logcheckresult "WARN"
return
fi
else
local desc="$desc (Deprecated)"
local check="$id - $desc"
info -c "$desc"
logcheckresult "INFO"
warn -s "$check"
logcheckresult "WARN"
return
fi
local desc="$desc (Deprecated)"
local check="$id - $desc"
info -c "$desc"
logcheckresult "INFO"
}
check_2_17() {
@ -375,13 +401,15 @@ check_2_17() {
if get_docker_effective_command_line_args '--no-new-privileges' | grep "no-new-privileges" >/dev/null 2>&1; then
pass -s "$check"
logcheckresult "PASS"
elif get_docker_configuration_file_args 'no-new-privileges' | grep true >/dev/null 2>&1; then
return
fi
if get_docker_configuration_file_args 'no-new-privileges' | grep true >/dev/null 2>&1; then
pass -s "$check"
logcheckresult "PASS"
else
warn -s "$check"
logcheckresult "WARN"
return
fi
warn -s "$check"
logcheckresult "WARN"
}
check_2_end() {