mirror of
https://github.com/docker/docker-bench-security.git
synced 2025-01-19 00:32:34 +01:00
Merge pull request #23 from jfrazelle/make-executable
Make the main script an executable for if I want to run it on my host
This commit is contained in:
commit
eed841c201
4 changed files with 17 additions and 14 deletions
|
@ -1,4 +1,4 @@
|
||||||
FROM gliderlabs/alpine:3.1
|
FROM alpine:3.1
|
||||||
|
|
||||||
RUN apk --update add docker
|
RUN apk --update add docker
|
||||||
|
|
||||||
|
|
0
docker-bench-security.sh
Normal file → Executable file
0
docker-bench-security.sh
Normal file → Executable file
|
@ -201,9 +201,11 @@ else
|
||||||
|
|
||||||
fail=0
|
fail=0
|
||||||
for c in $containers; do
|
for c in $containers; do
|
||||||
port=$(docker port "$c" | awk '{print $1}' | cut -d '/' -f1)
|
ports=$(docker port "$c" | awk '{print $1}' | cut -d '/' -f1)
|
||||||
|
|
||||||
if [ ! -z "$port" ] && [ "$port" -lt 1025 ]; then
|
# iterate through port range (line delimited)
|
||||||
|
for port in $ports; do
|
||||||
|
if [ ! -z "$port" ] && [ "0$port" -lt 1025 ]; then
|
||||||
# If it's the first container, fail the test
|
# If it's the first container, fail the test
|
||||||
if [ $fail -eq 0 ]; then
|
if [ $fail -eq 0 ]; then
|
||||||
warn "$check_5_8"
|
warn "$check_5_8"
|
||||||
|
@ -214,6 +216,7 @@ else
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
done
|
||||||
# We went through all the containers and found no privileged ports
|
# We went through all the containers and found no privileged ports
|
||||||
if [ $fail -eq 0 ]; then
|
if [ $fail -eq 0 ]; then
|
||||||
pass "$check_5_8"
|
pass "$check_5_8"
|
||||||
|
|
|
@ -40,8 +40,8 @@ images=$(docker images -q | wc -l | awk '{print $1}')
|
||||||
active_images=0
|
active_images=0
|
||||||
|
|
||||||
for c in $(docker inspect -f "{{.Image}}" $(docker ps -qa)); do
|
for c in $(docker inspect -f "{{.Image}}" $(docker ps -qa)); do
|
||||||
if [[ $(docker images --no-trunc -a | grep $c) ]]; then
|
if docker images --no-trunc -a | grep $c > /dev/null ; then
|
||||||
((active_images++))
|
active_images=$(( active_images += 1 ))
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
|
@ -53,7 +53,7 @@ else
|
||||||
info " * There are currently: $images images"
|
info " * There are currently: $images images"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ "$active_images" -lt "$((images / 2))" ]]; then
|
if [ "$active_images" -lt "$((images / 2))" ]; then
|
||||||
warn " * Only $active_images out of $images are in use"
|
warn " * Only $active_images out of $images are in use"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue