mirror of
https://github.com/docker/docker-bench-security.git
synced 2024-11-01 08:31:44 +01:00
fix(sh): check default ubuntu locations of docker.service and docker.socket files
Signed-off-by: Ilya Dus <ilyadoos@gmail.com>
This commit is contained in:
Ilya Dus
parent
0307da4c61
commit
d42fedc370
3 changed files with 9 additions and 7 deletions
|
|
@ -103,11 +103,13 @@ get_docker_configuration_file_args() {
|
|||
grep "$OPTION" "$CONFIG_FILE" | sed 's/.*://g' | tr -d '" ',
|
||||
}
|
||||
|
||||
get_systemd_service_file() {
|
||||
get_service_file() {
|
||||
SERVICE="$1"
|
||||
|
||||
if [ -f "/etc/systemd/system/$SERVICE" ]; then
|
||||
echo "/etc/systemd/system/$SERVICE"
|
||||
elif [ -f "/lib/systemd/system/$SERVICE" ]; then
|
||||
echo "/lib/systemd/system/$SERVICE"
|
||||
elif systemctl show -p FragmentPath "$SERVICE" 2> /dev/null 1>&2; then
|
||||
systemctl show -p FragmentPath "$SERVICE" | sed 's/.*=//'
|
||||
else
|
||||
|
|
|
|||
|
|
@ -214,7 +214,7 @@ check_1_2_6() {
|
|||
starttestjson "$id_1_2_6" "$desc_1_2_6"
|
||||
|
||||
totalChecks=$((totalChecks + 1))
|
||||
file="$(get_systemd_service_file docker.service)"
|
||||
file="$(get_service_file docker.service)"
|
||||
if [ -f "$file" ]; then
|
||||
if command -v auditctl >/dev/null 2>&1; then
|
||||
if auditctl -l | grep "$file" >/dev/null 2>&1; then
|
||||
|
|
@ -251,7 +251,7 @@ check_1_2_7() {
|
|||
starttestjson "$id_1_2_7" "$desc_1_2_7"
|
||||
|
||||
totalChecks=$((totalChecks + 1))
|
||||
file="$(get_systemd_service_file docker.socket)"
|
||||
file="$(get_service_file docker.socket)"
|
||||
if [ -e "$file" ]; then
|
||||
if command -v auditctl >/dev/null 2>&1; then
|
||||
if auditctl -l | grep "$file" >/dev/null 2>&1; then
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ check_3_1() {
|
|||
starttestjson "$id_3_1" "$desc_3_1"
|
||||
|
||||
totalChecks=$((totalChecks + 1))
|
||||
file="$(get_systemd_service_file docker.service)"
|
||||
file="$(get_service_file docker.service)"
|
||||
if [ -f "$file" ]; then
|
||||
if [ "$(stat -c %u%g $file)" -eq 00 ]; then
|
||||
pass "$check_3_1"
|
||||
|
|
@ -45,7 +45,7 @@ check_3_2() {
|
|||
starttestjson "$id_3_2" "$desc_3_2"
|
||||
|
||||
totalChecks=$((totalChecks + 1))
|
||||
file="$(get_systemd_service_file docker.service)"
|
||||
file="$(get_service_file docker.service)"
|
||||
if [ -f "$file" ]; then
|
||||
if [ "$(stat -c %a $file)" -eq 644 ] || [ "$(stat -c %a $file)" -eq 600 ]; then
|
||||
pass "$check_3_2"
|
||||
|
|
@ -73,7 +73,7 @@ check_3_3() {
|
|||
starttestjson "$id_3_3" "$desc_3_3"
|
||||
|
||||
totalChecks=$((totalChecks + 1))
|
||||
file="$(get_systemd_service_file docker.socket)"
|
||||
file="$(get_service_file docker.socket)"
|
||||
if [ -f "$file" ]; then
|
||||
if [ "$(stat -c %u%g $file)" -eq 00 ]; then
|
||||
pass "$check_3_3"
|
||||
|
|
@ -101,7 +101,7 @@ check_3_4() {
|
|||
starttestjson "$id_3_4" "$desc_3_4"
|
||||
|
||||
totalChecks=$((totalChecks + 1))
|
||||
file="$(get_systemd_service_file docker.socket)"
|
||||
file="$(get_service_file docker.socket)"
|
||||
if [ -f "$file" ]; then
|
||||
if [ "$(stat -c %a $file)" -eq 644 ] || [ "$(stat -c %a $file)" -eq 600 ]; then
|
||||
pass "$check_3_4"
|
||||
|
|
|
|||
Loading…
Reference in a new issue