From 9cccfa6902f00599515fa77782f4d9a6a5ebe797 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Sj=C3=B6gren?= Date: Mon, 1 Jun 2015 22:20:03 +0200 Subject: [PATCH 1/6] get the correct number of images MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Thomas Sjögren --- tests/6_docker_security_operations.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/6_docker_security_operations.sh b/tests/6_docker_security_operations.sh index d1191b5..7cc1320 100644 --- a/tests/6_docker_security_operations.sh +++ b/tests/6_docker_security_operations.sh @@ -36,7 +36,7 @@ set +f; unset IFS # 6.6 check_6_6="6.6 - Avoid image sprawl" -images=$(docker images | wc -l | awk '{print $1}') +images=$(docker images -q | wc -l | awk '{print $1}') if [ "$images" -gt 100 ]; then warn "$check_6_6" warn " * There are currently: $images images" From 8ff1dc25ee33d8ec63d74236935564b68016886c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Sj=C3=B6gren?= Date: Mon, 1 Jun 2015 22:36:55 +0200 Subject: [PATCH 2/6] docker_version variable MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Thomas Sjögren --- tests/1_host_configuration.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/1_host_configuration.sh b/tests/1_host_configuration.sh index 42ca105..6e2b66d 100644 --- a/tests/1_host_configuration.sh +++ b/tests/1_host_configuration.sh @@ -39,8 +39,8 @@ fi # 1.6 check_1_6="1.6 - Keep Docker up to date" +docker_version=$(docker version | grep 'Server version' | awk '{print $3}') do_version_check 1.6.2 $docker_version -docker version | grep 'Server version' | awk '{print $3}' if [ $? -eq 11 ]; then warn "$check_1_6" else From e29a8862547ffac302c24e07f84a090b79931e70 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Sj=C3=B6gren?= Date: Mon, 1 Jun 2015 22:37:28 +0200 Subject: [PATCH 3/6] warn if only -lt half of the images are in use MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Thomas Sjögren --- tests/6_docker_security_operations.sh | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tests/6_docker_security_operations.sh b/tests/6_docker_security_operations.sh index 7cc1320..f5b1f01 100644 --- a/tests/6_docker_security_operations.sh +++ b/tests/6_docker_security_operations.sh @@ -37,6 +37,14 @@ set +f; unset IFS # 6.6 check_6_6="6.6 - Avoid image sprawl" images=$(docker images -q | wc -l | awk '{print $1}') +active_images=0 + +for c in $(docker inspect -f "{{.Image}}" $(docker ps -qa)); do + if [[ $(docker images --no-trunc -a | grep $c) ]]; then + ((active_images++)) + fi +done + if [ "$images" -gt 100 ]; then warn "$check_6_6" warn " * There are currently: $images images" @@ -45,6 +53,10 @@ else info " * There are currently: $images images" fi +if [[ "$active_images" -lt "$((images / 2))" ]]; then + warn " * Only $active_images out of $images are in use" +fi + # 6.7 check_6_7="6.7 - Avoid container sprawl" total_containers=$(docker info 2>/dev/null | grep "Containers" | awk '{print $2}') From 787f4325b2b7bd3d90d9690498dc34881008cc53 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Sj=C3=B6gren?= Date: Mon, 1 Jun 2015 22:44:37 +0200 Subject: [PATCH 4/6] update 5.7 exec_check to new style MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Thomas Sjögren --- tests/5_container_runtime.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/5_container_runtime.sh b/tests/5_container_runtime.sh index a9ff634..156cba3 100644 --- a/tests/5_container_runtime.sh +++ b/tests/5_container_runtime.sh @@ -172,10 +172,10 @@ else fail=0 for c in $containers; do - docker exec "$c" ps -el 2>/dev/null + exec_check=$(docker exec "$c" ps -el 2>/dev/null) if [ $? -eq 255 ]; then warn "$check_5_7" - warn " * Docker exec failed: $c" + warn " * Docker exec fails: $c" fail=1 fi From 2e92ed5a01d2d626a2b14fb0303d696bdaf5ecc1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Sj=C3=B6gren?= Date: Mon, 1 Jun 2015 22:46:58 +0200 Subject: [PATCH 5/6] exec_check had extra space MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Thomas Sjögren --- tests/5_container_runtime.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/5_container_runtime.sh b/tests/5_container_runtime.sh index 156cba3..11e14df 100644 --- a/tests/5_container_runtime.sh +++ b/tests/5_container_runtime.sh @@ -64,7 +64,7 @@ else exec_check=$(docker exec "$c" ps -el 2>/dev/null) if [ $? -eq 255 ]; then warn "$check_5_3" - warn " * Docker exec fails: $c" + warn " * Docker exec fails: $c" fail=1 fi @@ -175,7 +175,7 @@ else exec_check=$(docker exec "$c" ps -el 2>/dev/null) if [ $? -eq 255 ]; then warn "$check_5_7" - warn " * Docker exec fails: $c" + warn " * Docker exec fails: $c" fail=1 fi From b6a4bd7504510c8c777d298da979ba5e85105074 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Sj=C3=B6gren?= Date: Mon, 1 Jun 2015 22:51:47 +0200 Subject: [PATCH 6/6] dont echo the grep result MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Thomas Sjögren --- tests/2_docker_daemon_configuration.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/2_docker_daemon_configuration.sh b/tests/2_docker_daemon_configuration.sh index cde2345..8561f52 100644 --- a/tests/2_docker_daemon_configuration.sh +++ b/tests/2_docker_daemon_configuration.sh @@ -60,7 +60,7 @@ fi # 2.7 check_2_7="2.7 - Do not use the aufs storage driver" -docker info 2>/dev/null| grep -e "^Storage Driver:\s*aufs\s*$" +docker info 2>/dev/null | grep -e "^Storage Driver:\s*aufs\s*$" >/dev/null 2>&1 if [ $? -eq 0 ]; then warn "$check_2_7" else