GuillaumeHemmen/docker-bench-security
1
0
Fork 0
mirror of https://github.com/docker/docker-bench-security.git synced 2025-01-18 16:22:33 +01:00
Code Issues Projects Releases Packages Wiki Activity

Replace multiple -eq with -le

Browse source 
Replace multiple -eq with -le for file permission checks. Except for line 228 which uses slightly different logic so is -ge.

Signed-off-by: Niall T 19202716+jammasterj89@users.noreply.github.com
This commit is contained in:
jammasterj89 2021-01-15 11:20:59 +00:00 committed by GitHub
parent 47e4cc173c
commit f8c9b0fd5b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
tests/3_docker_daemon_configuration_files.sh
View file

@ -103,7 +103,7 @@ check_3_4() {
totalChecks=$((totalChecks + 1)) totalChecks=$((totalChecks + 1))
file="$(get_service_file docker.socket)" file="$(get_service_file docker.socket)"
if [ -f "$file" ]; then if [ -f "$file" ]; then
if [ "$(stat -c %a $file)" -eq 644 ] || [ "$(stat -c %a $file)" -eq 600 ]; then if [ "$(stat -c %a $file)" -le 644 ]; then
pass "$check_3_4" pass "$check_3_4"
resulttestjson "PASS" resulttestjson "PASS"
currentScore=$((currentScore + 1)) currentScore=$((currentScore + 1))
@ -159,7 +159,7 @@ check_3_6() {
totalChecks=$((totalChecks + 1)) totalChecks=$((totalChecks + 1))
directory="/etc/docker" directory="/etc/docker"
if [ -d "$directory" ]; then if [ -d "$directory" ]; then
if [ "$(stat -c %a $directory)" -eq 755 ] || [ "$(stat -c %a $directory)" -eq 700 ]; then if [ "$(stat -c %a $directory)" -le 755 ]; then
pass "$check_3_6" pass "$check_3_6"
resulttestjson "PASS" resulttestjson "PASS"
currentScore=$((currentScore + 1)) currentScore=$((currentScore + 1))
@ -225,7 +225,7 @@ check_3_8() {
fail=0 fail=0
perms=$(find "$directory" -type f -name '*.crt') perms=$(find "$directory" -type f -name '*.crt')
for p in $perms; do for p in $perms; do
if [ "$(stat -c %a $p)" -ne 444 ] && [ "$(stat -c %a $p)" -ne 400 ]; then if [ "$(stat -c %a $p)" -gt 444 ]; then
fail=1 fail=1
fi fi
done done
@ -293,7 +293,7 @@ check_3_10() {
tlscacert=$(get_docker_effective_command_line_args '--tlscacert' | sed -n 's/.*tlscacert=\([^s]\)/\1/p' | sed 's/--/ --/g' | cut -d " " -f 1) tlscacert=$(get_docker_effective_command_line_args '--tlscacert' | sed -n 's/.*tlscacert=\([^s]\)/\1/p' | sed 's/--/ --/g' | cut -d " " -f 1)
fi fi
if [ -f "$tlscacert" ]; then if [ -f "$tlscacert" ]; then
if [ "$(stat -c %a $tlscacert)" -eq 444 ] || [ "$(stat -c %a $tlscacert)" -eq 400 ]; then if [ "$(stat -c %a $tlscacert)" -le 444 ]; then
pass "$check_3_10" pass "$check_3_10"
resulttestjson "PASS" resulttestjson "PASS"
currentScore=$((currentScore + 1)) currentScore=$((currentScore + 1))
@ -357,7 +357,7 @@ check_3_12() {
tlscert=$(get_docker_effective_command_line_args '--tlscert' | sed -n 's/.*tlscert=\([^s]\)/\1/p' | sed 's/--/ --/g' | cut -d " " -f 1) tlscert=$(get_docker_effective_command_line_args '--tlscert' | sed -n 's/.*tlscert=\([^s]\)/\1/p' | sed 's/--/ --/g' | cut -d " " -f 1)
fi fi
if [ -f "$tlscert" ]; then if [ -f "$tlscert" ]; then
if [ "$(stat -c %a $tlscert)" -eq 444 ] || [ "$(stat -c %a $tlscert)" -eq 400 ]; then if [ "$(stat -c %a $tlscert)" -le 444 ]; then
pass "$check_3_12" pass "$check_3_12"
resulttestjson "PASS" resulttestjson "PASS"
currentScore=$((currentScore + 1)) currentScore=$((currentScore + 1))
@ -477,7 +477,7 @@ check_3_16() {
totalChecks=$((totalChecks + 1)) totalChecks=$((totalChecks + 1))
file="/var/run/docker.sock" file="/var/run/docker.sock"
if [ -S "$file" ]; then if [ -S "$file" ]; then
if [ "$(stat -c %a $file)" -eq 660 ] || [ "$(stat -c %a $file)" -eq 600 ]; then if [ "$(stat -c %a $file)" -le 660 ]; then
pass "$check_3_16" pass "$check_3_16"
resulttestjson "PASS" resulttestjson "PASS"
currentScore=$((currentScore + 1)) currentScore=$((currentScore + 1))
@ -533,7 +533,7 @@ check_3_18() {
totalChecks=$((totalChecks + 1)) totalChecks=$((totalChecks + 1))
file="/etc/docker/daemon.json" file="/etc/docker/daemon.json"
if [ -f "$file" ]; then if [ -f "$file" ]; then
if [ "$(stat -c %a $file)" -eq 644 ] || [ "$(stat -c %a $file)" -eq 640 ] || [ "$(stat -c %a $file)" -eq 600 ]; then if [ "$(stat -c %a $file)" -le 644 ]; then
pass "$check_3_18" pass "$check_3_18"
resulttestjson "PASS" resulttestjson "PASS"
currentScore=$((currentScore + 1)) currentScore=$((currentScore + 1))
@ -617,7 +617,7 @@ check_3_21() {
totalChecks=$((totalChecks + 1)) totalChecks=$((totalChecks + 1))
file="/etc/sysconfig/docker" file="/etc/sysconfig/docker"
if [ -f "$file" ]; then if [ -f "$file" ]; then
if [ "$(stat -c %a $file)" -eq 644 ] || [ "$(stat -c %a $file)" -eq 600 ]; then if [ "$(stat -c %a $file)" -le 644 ]; then
pass "$check_3_21" pass "$check_3_21"
resulttestjson "PASS" resulttestjson "PASS"
currentScore=$((currentScore + 1)) currentScore=$((currentScore + 1))
@ -645,7 +645,7 @@ check_3_22() {
totalChecks=$((totalChecks + 1)) totalChecks=$((totalChecks + 1))
file="/etc/default/docker" file="/etc/default/docker"
if [ -f "$file" ]; then if [ -f "$file" ]; then
if [ "$(stat -c %a $file)" -eq 644 ] || [ "$(stat -c %a $file)" -eq 600 ]; then if [ "$(stat -c %a $file)" -le 644 ]; then
pass "$check_3_22" pass "$check_3_22"
resulttestjson "PASS" resulttestjson "PASS"
currentScore=$((currentScore + 1)) currentScore=$((currentScore + 1))