Fix the bug that a container may not have ps command

docker-bench-security.sh

@@ -24,7 +24,7 @@ readonly myname
 export PATH="$PATH:/bin:/sbin:/usr/bin:/usr/local/bin:/usr/sbin/"
 
 # Check for required program(s)
-req_programs 'awk docker grep stat tee tail wc xargs truncate sed'
+req_programs 'awk docker grep stat tee tail wc xargs truncate sed pgrep'
 
 # Ensure we can connect to docker daemon
 if ! docker ps -q >/dev/null 2>&1; then

tests/5_container_runtime.sh

@@ -254,7 +254,7 @@ check_5_6() {
   printcheck=0
   for c in $containers; do
 
-    processes=$(docker exec "$c" ps -el 2>/dev/null | grep -c sshd | awk '{print $1}')
+    processes=$(docker inspect "$c" --format '{{ .State.Pid }}' 2>/dev/null | xargs pgrep -a -P 2>/dev/null | grep -c sshd | awk '{print $1}')
     if [ "$processes" -ge 1 ]; then
       # If it's the first container, fail the test
       if [ $fail -eq 0 ]; then