GuillaumeHemmen/docker-bench-security
1
0
Fork 0
mirror of https://github.com/docker/docker-bench-security.git synced 2025-01-19 00:32:34 +01:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #279 from kbabiochSUSE/feat/ss

Browse source 
Replace netstat by ss
This commit is contained in:
Thomas Sjögren 2018-01-12 10:59:23 +01:00 committed by GitHub
commit ddf821f22c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 6 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
distros/Dockerfile.centos
View file

@ -4,7 +4,7 @@ FROM centos
MAINTAINER smccarty@redhat.com MAINTAINER smccarty@redhat.com
RUN yum install -y docker net-tools audit procps-ng; yum clean all RUN yum install -y docker iproute audit procps-ng; yum clean all
RUN mkdir /docker-bench-security RUN mkdir /docker-bench-security

2
distros/Dockerfile.debian
View file

@ -8,7 +8,7 @@ RUN \
apt-get update && \ apt-get update && \
apt-get -y upgrade && \ apt-get -y upgrade && \
apt-get -y install auditd ca-certificates docker.io \ apt-get -y install auditd ca-certificates docker.io \
gawk net-tools procps --no-install-recommends && \ gawk iproute2 procps --no-install-recommends && \
apt-get -y clean && \ apt-get -y clean && \
apt-get -y autoremove && \ apt-get -y autoremove && \
rm -rf /var/lib/apt/lists/* \ rm -rf /var/lib/apt/lists/* \

2
distros/Dockerfile.openSUSE
View file

@ -4,7 +4,7 @@ FROM opensuse
MAINTAINER security@suse.com MAINTAINER security@suse.com
RUN zypper -n in docker net-tools audit RUN zypper -n in docker iproute2 audit
RUN mkdir /docker-bench-security RUN mkdir /docker-bench-security

2
distros/Dockerfile.rhel
View file

@ -7,7 +7,7 @@ MAINTAINER smccarty@redhat.com
RUN yum install -y yum-utils; yum clean all RUN yum install -y yum-utils; yum clean all
RUN yum-config-manager --disable "*" &>/dev/null RUN yum-config-manager --disable "*" &>/dev/null
RUN yum-config-manager --enable rhel-7-server-rpms --enable rhel-7-server-extras-rpms RUN yum-config-manager --enable rhel-7-server-rpms --enable rhel-7-server-extras-rpms
RUN yum install -y docker net-tools audit procps-ng; yum clean all RUN yum install -y docker iproute audit procps-ng; yum clean all
RUN mkdir /docker-bench-security RUN mkdir /docker-bench-security

2
docker-bench-security.sh
View file

@ -19,7 +19,7 @@ myname=$(basename "${this_path}") ## file name of this script.
export PATH=/bin:/sbin:/usr/bin:/usr/local/bin:/usr/sbin/ export PATH=/bin:/sbin:/usr/bin:/usr/local/bin:/usr/sbin/
# Check for required program(s) # Check for required program(s)
req_progs='awk docker grep netstat stat' req_progs='awk docker grep ss stat'
for p in $req_progs; do for p in $req_progs; do
command -v "$p" >/dev/null 2>&1 || { printf "%s command not found.\n" "$p"; exit 1; } command -v "$p" >/dev/null 2>&1 || { printf "%s command not found.\n" "$p"; exit 1; }
done done

2
tests/7_docker_swarm_configuration.sh
View file

@ -32,7 +32,7 @@ fi
# 7.3 # 7.3
check_7_3="7.3 - Ensure swarm services are binded to a specific host interface" check_7_3="7.3 - Ensure swarm services are binded to a specific host interface"
if docker info 2>/dev/null | grep -e "Swarm:*\sactive\s*" >/dev/null 2>&1; then if docker info 2>/dev/null | grep -e "Swarm:*\sactive\s*" >/dev/null 2>&1; then
netstat -lnt | grep -e '\[::]:2377 ' -e ':::2377' -e '*:2377 ' -e ' 0\.0\.0\.0:2377 ' >/dev/null 2>&1 ss -lnt | grep -e '\[::]:2377 ' -e ':::2377' -e '*:2377 ' -e ' 0\.0\.0\.0:2377 ' >/dev/null 2>&1
if [ $? -eq 1 ]; then if [ $? -eq 1 ]; then
pass "$check_7_3" pass "$check_7_3"
logjson "7.3" "PASS" logjson "7.3" "PASS"