From e1e902b3ed727b07d242e140742b0cc1e85b6bff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Sj=C3=B6gren?= Date: Fri, 7 Jul 2017 11:19:02 +0200 Subject: [PATCH] update checks MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Thomas Sjögren --- tests/6_docker_security_operations.sh | 24 ++++++------------------ 1 file changed, 6 insertions(+), 18 deletions(-) diff --git a/tests/6_docker_security_operations.sh b/tests/6_docker_security_operations.sh index de1c930..d56c87d 100644 --- a/tests/6_docker_security_operations.sh +++ b/tests/6_docker_security_operations.sh @@ -4,19 +4,7 @@ logit "\n" info "6 - Docker Security Operations" # 6.1 -check_6_1="6.1 - Perform regular security audits of your host system and containers" -info "$check_6_1" - -# 6.2 -check_6_2="6.2 - Monitor Docker containers usage, performance and metering" -info "$check_6_2" - -# 6.3 -check_6_3="6.3 - Backup container data" -info "$check_6_3" - -# 6.4 -check_6_4="6.4 - Avoid image sprawl" +check_6_1="6.1 - Avoid image sprawl" images=$(docker images -q | sort -u | wc -l | awk '{print $1}') active_images=0 @@ -26,22 +14,22 @@ for c in $(docker inspect -f "{{.Image}}" $(docker ps -qa)); do fi done - info "$check_6_4" + info "$check_6_1" info " * There are currently: $images images" if [ "$active_images" -lt "$((images / 2))" ]; then info " * Only $active_images out of $images are in use" fi -# 6.5 -check_6_5="6.5 - Avoid container sprawl" +# 6.2 +check_6_2="6.2 - Avoid container sprawl" total_containers=$(docker info 2>/dev/null | grep "Containers" | awk '{print $2}') running_containers=$(docker ps -q | wc -l | awk '{print $1}') diff="$((total_containers - running_containers))" if [ "$diff" -gt 25 ]; then - info "$check_6_5" + info "$check_6_2" info " * There are currently a total of $total_containers containers, with only $running_containers of them currently running" else - info "$check_6_5" + info "$check_6_2" info " * There are currently a total of $total_containers containers, with $running_containers of them currently running" fi