Merge pull request #285 from konstruktoid/checkexamples

Checkexamples
This commit is contained in:
Thomas Sjögren 2018-01-18 11:31:24 +01:00 committed by GitHub
commit e169d99736
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 14 additions and 5 deletions

View file

@ -50,11 +50,11 @@ version 1.13.0 or later.
```sh
-h optional Print this help message
-l FILE optional Log output in FILE
-c CHECK optional Run specific check
-c CHECK optional Run specific check or group of checks
```
By default the Docker Bench for Security script will run all available tests and
produce logs in the current directory named `docker-bench-security.sh.log.json`
By default the Docker Bench for Security script will run all available CIS tests
and produce logs in the current directory named `docker-bench-security.sh.log.json`
and `docker-bench-security.sh.log`.
The CIS based checks are named `check_<section>_<number>`, e.g. `check_2_6`
and community contributed checks are named `check_c_<number>`.
@ -62,6 +62,10 @@ A complete list of checks are present in [functions_lib.sh](functions_lib.sh).
`sh docker-bench-security.sh -l /tmp/docker-bench-security.sh.log -c check_2_2`
Note that when submitting checks, provide information why it is a
reasonable test to add and please include some kind of official documentation
verifying that information.
## Building Docker Bench for Security
If you wish to build and run this container yourself, you can follow the

View file

@ -112,7 +112,12 @@ main () {
if [ -z "$check" ]; then
cis
else
"$check"
if command -v "$check" 2>/dev/null 1>&2; then
"$check"
else
echo "Check \"$check\" doesn't seem to exist."
exit 1
fi
fi
printf "\n"

View file

@ -8,7 +8,7 @@ check_c() {
check_c_1() {
check_c_1="C.1 - This is a example check"
totalChecks=$((totalChecks + 1))
if docker info --format='{{ .Architecture }}' | grep 'x86_64'; then
if docker info --format='{{ .Architecture }}' | grep 'x86_64' 2>/dev/null 1>&2; then
pass "$check_c_1"
logjson "c.1" "PASS"
else