Merge pull request #285 from konstruktoid/checkexamples

Checkexamples

README.md

@@ -50,11 +50,11 @@ version 1.13.0 or later.
 ```sh
   -h           optional  Print this help message
   -l FILE      optional  Log output in FILE
-  -c CHECK     optional  Run specific check
+  -c CHECK     optional  Run specific check or group of checks
 ```
 
-By default the Docker Bench for Security script will run all available tests and
-produce logs in the current directory named `docker-bench-security.sh.log.json`
+By default the Docker Bench for Security script will run all available CIS tests
+and produce logs in the current directory named `docker-bench-security.sh.log.json`
 and `docker-bench-security.sh.log`.
 The CIS based checks are named `check_<section>_<number>`, e.g. `check_2_6`
 and community contributed checks are named `check_c_<number>`.
@@ -62,6 +62,10 @@ A complete list of checks are present in [functions_lib.sh](functions_lib.sh).
 
 `sh docker-bench-security.sh -l /tmp/docker-bench-security.sh.log -c check_2_2`
 
+Note that when submitting checks, provide information why it is a
+reasonable test to add and please include some kind of official documentation
+verifying that information.
+
 ## Building Docker Bench for Security
 
 If you wish to build and run this container yourself, you can follow the

docker-bench-security.sh

@@ -112,7 +112,12 @@ main () {
   if [ -z "$check" ]; then
     cis
   else
-    "$check"
+    if command -v "$check" 2>/dev/null 1>&2; then
+      "$check"
+    else
+      echo "Check \"$check\" doesn't seem to exist."
+      exit 1
+    fi
   fi
 
   printf "\n"

tests/99_community_checks.sh

@@ -8,7 +8,7 @@ check_c() {
 check_c_1() {
   check_c_1="C.1  - This is a example check"
   totalChecks=$((totalChecks + 1))
-  if docker info --format='{{ .Architecture }}' | grep 'x86_64'; then
+  if docker info --format='{{ .Architecture }}' | grep 'x86_64' 2>/dev/null 1>&2; then
     pass "$check_c_1"
     logjson "c.1" "PASS"
   else