GuillaumeHemmen/docker-bench-security
1
0
Fork 0
mirror of https://github.com/docker/docker-bench-security.git synced 2025-01-31 14:22:33 +01:00
Code Issues Projects Releases Packages Wiki Activity

update check names

Browse source 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
This commit is contained in:
Thomas Sjögren 2017-07-07 10:56:18 +02:00
parent 03974c0854
commit efa3b4522f
1 changed files with 12 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
tests/4_container_images.sh
View file

@ -1,10 +1,10 @@
#!/bin/sh #!/bin/sh
logit "\n" logit "\n"
info "4 - Container Images and Build Files" info "4 - Container Images and Build File"
# 4.1 # 4.1
check_4_1="4.1 - Create a user for the container" check_4_1="4.1 - Ensure a user for the container has been created"
# If container_users is empty, there are no running containers # If container_users is empty, there are no running containers
if [ -z "$containers" ]; then if [ -z "$containers" ]; then
@ -41,19 +41,19 @@ set +f; unset IFS
images=$(docker images -q) images=$(docker images -q)
# 4.2 # 4.2
check_4_2="4.2 - Use trusted base images for containers" check_4_2="4.2 - Ensure that containers use trusted base images"
note "$check_4_2" note "$check_4_2"
# 4.3 # 4.3
check_4_3="4.3 - Do not install unnecessary packages in the container" check_4_3="4.3 - Ensure unnecessary packages are not installed in the container"
note "$check_4_3" note "$check_4_3"
# 4.4 # 4.4
check_4_4="4.4 - Scan and rebuild the images to include security patches" check_4_4="4.4 - Ensure images are scanned and rebuilt to include security patches"
note "$check_4_4" note "$check_4_4"
# 4.5 # 4.5
check_4_5="4.5 - Enable Content trust for Docker" check_4_5="4.5 - Ensure Content trust for Docker is Enabled"
if [ "x$DOCKER_CONTENT_TRUST" = "x1" ]; then if [ "x$DOCKER_CONTENT_TRUST" = "x1" ]; then
pass "$check_4_5" pass "$check_4_5"
else else
@ -61,7 +61,7 @@ else
fi fi
# 4.6 # 4.6
check_4_6="4.6 - Add HEALTHCHECK instruction to the container image" check_4_6="4.6 - Ensure HEALTHCHECK instructions have been added to the container image"
fail=0 fail=0
for img in $images; do for img in $images; do
if docker inspect --format='{{.Config.Healthcheck}}' "$img" 2>/dev/null | grep -e "<nil>" >/dev/null 2>&1; then if docker inspect --format='{{.Config.Healthcheck}}' "$img" 2>/dev/null | grep -e "<nil>" >/dev/null 2>&1; then
@ -80,7 +80,7 @@ if [ $fail -eq 0 ]; then
fi fi
# 4.7 # 4.7
check_4_7="4.7 - Do not use update instructions alone in the Dockerfile" check_4_7="4.7 - Ensure update instructions are not use alone in the Dockerfile"
fail=0 fail=0
for img in $images; do for img in $images; do
if docker history "$img" 2>/dev/null | grep -e "update" >/dev/null 2>&1; then if docker history "$img" 2>/dev/null | grep -e "update" >/dev/null 2>&1; then
@ -99,11 +99,11 @@ if [ $fail -eq 0 ]; then
fi fi
# 4.8 # 4.8
check_4_8="4.8 - Remove setuid and setgid permissions in the images" check_4_8="4.8 - Ensure setuid and setgid permissions are removed in the images"
note "$check_4_8" note "$check_4_8"
# 4.9 # 4.9
check_4_9="4.9 - Use COPY instead of ADD in Dockerfile" check_4_9="4.9 - Ensure COPY is used instead of ADD in Dockerfile"
fail=0 fail=0
for img in $images; do for img in $images; do
docker history "$img" 2> /dev/null | grep 'ADD' >/dev/null 2>&1 docker history "$img" 2> /dev/null | grep 'ADD' >/dev/null 2>&1
@ -123,9 +123,9 @@ if [ $fail -eq 0 ]; then
fi fi
# 4.10 # 4.10
check_4_10="4.10 - Do not store secrets in Dockerfiles" check_4_10="4.10 - Ensure secrets are not stored in Dockerfiles"
note "$check_4_10" note "$check_4_10"
# 4.11 # 4.11
check_4_11="4.11 - Install verified packages only" check_4_11="4.11 - Ensure verified packages are only Installed"
note "$check_4_11" note "$check_4_11"