mirror of
https://github.com/docker/docker-bench-security.git
synced 2025-01-18 16:22:33 +01:00
527 lines
20 KiB
Bash
527 lines
20 KiB
Bash
#!/bin/sh
|
|
|
|
check_1() {
|
|
logit ""
|
|
local id="1"
|
|
local desc="Host Configuration"
|
|
checkHeader="$id - $desc"
|
|
info "$checkHeader"
|
|
startsectionjson "$id" "$desc"
|
|
}
|
|
|
|
check_1_1() {
|
|
local id="1.1"
|
|
local desc="General Configuration"
|
|
local check="$id - $desc"
|
|
info "$check"
|
|
}
|
|
|
|
# 1.1.1
|
|
check_1_1_1() {
|
|
local id="1.1.1"
|
|
local desc="Ensure the container host has been Hardened (Not Scored)"
|
|
local check="$id - $desc"
|
|
starttestjson "$id" "$desc"
|
|
|
|
totalChecks=$((totalChecks + 1))
|
|
note "$check"
|
|
resulttestjson "INFO"
|
|
currentScore=$((currentScore + 0))
|
|
}
|
|
|
|
# 1.1.2
|
|
check_1_1_2() {
|
|
local id="1.1.2"
|
|
local desc="Ensure that the version of Docker is up to date (Not Scored)"
|
|
local check="$id - $desc"
|
|
starttestjson "$id" "$desc"
|
|
|
|
totalChecks=$((totalChecks + 1))
|
|
docker_version=$(docker version | grep -i -A2 '^server' | grep ' Version:' \
|
|
| awk '{print $NF; exit}' | tr -d '[:alpha:]-,')
|
|
docker_current_version="$(date +%y.%m.0 -d @$(( $(date +%s) - 2592000)))"
|
|
do_version_check "$docker_current_version" "$docker_version"
|
|
if [ $? -eq 11 ]; then
|
|
info "$check"
|
|
info " * Using $docker_version, verify is it up to date as deemed necessary"
|
|
info " * Your operating system vendor may provide support and security maintenance for Docker"
|
|
resulttestjson "INFO" "Using $docker_version"
|
|
currentScore=$((currentScore + 0))
|
|
else
|
|
pass "$check"
|
|
info " * Using $docker_version which is current"
|
|
info " * Check with your operating system vendor for support and security maintenance for Docker"
|
|
resulttestjson "PASS" "Using $docker_version"
|
|
currentScore=$((currentScore + 0))
|
|
fi
|
|
}
|
|
|
|
check_1_2() {
|
|
local id="1.2"
|
|
local desc="Linux Hosts Specific Configuration"
|
|
local check="$id - $desc"
|
|
info "$check"
|
|
}
|
|
|
|
# 1.2.1
|
|
check_1_2_1() {
|
|
local id="1.2.1"
|
|
local desc="Ensure a separate partition for containers has been created (Scored)"
|
|
local remediation="For new installations, you should create a separate partition for the \'/var/lib/docker\' mount point. For systems that have already been installed, you should use the Logical Volume Manager (LVM) within Linux to create a new partition."
|
|
local check="$id - $desc"
|
|
starttestjson "$id" "$desc"
|
|
|
|
totalChecks=$((totalChecks + 1))
|
|
docker_root_dir=$(docker info -f '{{ .DockerRootDir }}')
|
|
if docker info | grep -q userns ; then
|
|
docker_root_dir=$(readlink -f "$docker_root_dir/..")
|
|
fi
|
|
|
|
if mountpoint -q -- "$docker_root_dir" >/dev/null 2>&1; then
|
|
pass "$check"
|
|
resulttestjson "PASS"
|
|
currentScore=$((currentScore + 1))
|
|
else
|
|
warn "$check"
|
|
saveRemediation --id "${id}" --rem "${remediation}" --imp "${remediationImpact}"
|
|
resulttestjson "WARN"
|
|
currentScore=$((currentScore - 1))
|
|
fi
|
|
}
|
|
|
|
# 1.2.2
|
|
check_1_2_2() {
|
|
local id="1.2.2"
|
|
local desc="Ensure only trusted users are allowed to control Docker daemon (Scored)"
|
|
local check="$id - $desc"
|
|
starttestjson "$id" "$desc"
|
|
|
|
totalChecks=$((totalChecks + 1))
|
|
if command -v getent >/dev/null 2>&1; then
|
|
docker_users=$(getent group docker)
|
|
else
|
|
docker_users=$(grep 'docker' /etc/group)
|
|
fi
|
|
info "$check"
|
|
for u in $docker_users; do
|
|
info " * $u"
|
|
done
|
|
resulttestjson "INFO" "users" "$docker_users"
|
|
currentScore=$((currentScore + 0))
|
|
}
|
|
|
|
# 1.2.3
|
|
check_1_2_3() {
|
|
local id="1.2.3"
|
|
local desc="Ensure auditing is configured for the Docker daemon (Scored)"
|
|
local remediation="Install and configure auditd using command \'sudo apt-get install auditd\'. Add \'-w /usr/bin/dockerd -k docker\' to the \'/etc/audit/rules.d/audit.rules\' file. Then restart the audit daemon using command \'service auditd restart\'."
|
|
local remediationImpact="Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions."
|
|
local check="$id - $desc"
|
|
starttestjson "$id" "$desc"
|
|
|
|
totalChecks=$((totalChecks + 1))
|
|
file="/usr/bin/dockerd"
|
|
if command -v auditctl >/dev/null 2>&1; then
|
|
if auditctl -l | grep "$file" >/dev/null 2>&1; then
|
|
pass "$check"
|
|
resulttestjson "PASS"
|
|
currentScore=$((currentScore + 1))
|
|
else
|
|
warn "$check"
|
|
saveRemediation --id "${id}" --rem "${remediation}" --imp "${remediationImpact}"
|
|
resulttestjson "WARN"
|
|
currentScore=$((currentScore - 1))
|
|
fi
|
|
elif grep -s "$file" "$auditrules" | grep "^[^#;]" 2>/dev/null 1>&2; then
|
|
pass "$check"
|
|
resulttestjson "PASS"
|
|
currentScore=$((currentScore + 1))
|
|
else
|
|
warn "$check"
|
|
saveRemediation --id "${id}" --rem "${remediation}" --imp "${remediationImpact}"
|
|
resulttestjson "WARN"
|
|
currentScore=$((currentScore - 1))
|
|
fi
|
|
}
|
|
|
|
# 1.2.4
|
|
check_1_2_4() {
|
|
local id="1.2.4"
|
|
local desc="Ensure auditing is configured for Docker files and directories - /var/lib/docker (Scored)"
|
|
local remediation="Install and configure auditd using command \'sudo apt-get install auditd\'. Add \'-w /var/lib/docker -k docker\' to the \'/etc/audit/rules.d/audit.rules\' file. Then restart the audit daemon using command \'service auditd restart\'."
|
|
local remediationImpact="Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions."
|
|
local check="$id - $desc"
|
|
starttestjson "$id" "$desc"
|
|
|
|
totalChecks=$((totalChecks + 1))
|
|
directory="/var/lib/docker"
|
|
if [ -d "$directory" ]; then
|
|
if command -v auditctl >/dev/null 2>&1; then
|
|
if auditctl -l | grep $directory >/dev/null 2>&1; then
|
|
pass "$check"
|
|
resulttestjson "PASS"
|
|
currentScore=$((currentScore + 1))
|
|
else
|
|
warn "$check"
|
|
saveRemediation --id "${id}" --rem "${remediation}" --imp "${remediationImpact}"
|
|
resulttestjson "WARN"
|
|
currentScore=$((currentScore - 1))
|
|
fi
|
|
elif grep -s "$directory" "$auditrules" | grep "^[^#;]" 2>/dev/null 1>&2; then
|
|
pass "$check"
|
|
resulttestjson "PASS"
|
|
currentScore=$((currentScore + 1))
|
|
else
|
|
warn "$check"
|
|
saveRemediation --id "${id}" --rem "${remediation}" --imp "${remediationImpact}"
|
|
resulttestjson "WARN"
|
|
currentScore=$((currentScore - 1))
|
|
fi
|
|
else
|
|
info "$check"
|
|
info " * Directory not found"
|
|
saveRemediation --id "${id}" --rem "${remediation}" --imp "${remediationImpact}"
|
|
resulttestjson "INFO" "Directory not found"
|
|
currentScore=$((currentScore + 0))
|
|
fi
|
|
}
|
|
|
|
# 1.2.5
|
|
check_1_2_5() {
|
|
local id="1.2.5"
|
|
local desc="Ensure auditing is configured for Docker files and directories - /etc/docker (Scored)"
|
|
local remediation="Install and configure auditd using command \'sudo apt-get install auditd\'. Add \'-w /etc/docker -k docker\' to the \'/etc/audit/rules.d/audit.rules\' file. Then restart the audit daemon using command \'service auditd restart\'."
|
|
local remediationImpact="Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions."
|
|
local check="$id - $desc"
|
|
starttestjson "$id" "$desc"
|
|
|
|
totalChecks=$((totalChecks + 1))
|
|
directory="/etc/docker"
|
|
if [ -d "$directory" ]; then
|
|
if command -v auditctl >/dev/null 2>&1; then
|
|
if auditctl -l | grep $directory >/dev/null 2>&1; then
|
|
pass "$check"
|
|
resulttestjson "PASS"
|
|
currentScore=$((currentScore + 1))
|
|
else
|
|
warn "$check"
|
|
saveRemediation --id "${id}" --rem "${remediation}" --imp "${remediationImpact}"
|
|
resulttestjson "WARN"
|
|
currentScore=$((currentScore - 1))
|
|
fi
|
|
elif grep -s "$directory" "$auditrules" | grep "^[^#;]" 2>/dev/null 1>&2; then
|
|
pass "$check"
|
|
resulttestjson "PASS"
|
|
currentScore=$((currentScore + 1))
|
|
else
|
|
warn "$check"
|
|
saveRemediation --id "${id}" --rem "${remediation}" --imp "${remediationImpact}"
|
|
resulttestjson "WARN"
|
|
currentScore=$((currentScore - 1))
|
|
fi
|
|
else
|
|
info "$check"
|
|
info " * Directory not found"
|
|
saveRemediation --id "${id}" --rem "${remediation}" --imp "${remediationImpact}"
|
|
resulttestjson "INFO" "Directory not found"
|
|
currentScore=$((currentScore + 0))
|
|
fi
|
|
}
|
|
|
|
# 1.2.6
|
|
check_1_2_6() {
|
|
local id="1.2.6"
|
|
local desc="Ensure auditing is configured for Docker files and directories - docker.service (Scored)"
|
|
local remediation="Install and configure auditd using command \'sudo apt-get install auditd\'. Add \'-w $(systemctl show -p FragmentPath docker.service | sed 's/.*=//') -k docker\' to the \'/etc/audit/rules.d/audit.rules\' file. Then restart the audit daemon using command \'service auditd restart\'."
|
|
local remediationImpact="Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions."
|
|
local check="$id - $desc"
|
|
starttestjson "$id" "$desc"
|
|
|
|
totalChecks=$((totalChecks + 1))
|
|
file="$(get_service_file docker.service)"
|
|
if [ -f "$file" ]; then
|
|
if command -v auditctl >/dev/null 2>&1; then
|
|
if auditctl -l | grep "$file" >/dev/null 2>&1; then
|
|
pass "$check"
|
|
resulttestjson "PASS"
|
|
currentScore=$((currentScore + 1))
|
|
else
|
|
warn "$check"
|
|
saveRemediation --id "${id}" --rem "${remediation}" --imp "${remediationImpact}"
|
|
resulttestjson "WARN"
|
|
currentScore=$((currentScore - 1))
|
|
fi
|
|
elif grep -s "$file" "$auditrules" | grep "^[^#;]" 2>/dev/null 1>&2; then
|
|
pass "$check"
|
|
resulttestjson "PASS"
|
|
currentScore=$((currentScore + 1))
|
|
else
|
|
warn "$check"
|
|
saveRemediation --id "${id}" --rem "${remediation}" --imp "${remediationImpact}"
|
|
resulttestjson "WARN"
|
|
currentScore=$((currentScore - 1))
|
|
fi
|
|
else
|
|
info "$check"
|
|
info " * File not found"
|
|
saveRemediation --id "${id}" --rem "${remediation}" --imp "${remediationImpact}"
|
|
resulttestjson "INFO" "File not found"
|
|
currentScore=$((currentScore + 0))
|
|
fi
|
|
}
|
|
|
|
# 1.2.7
|
|
check_1_2_7() {
|
|
local id="1.2.7"
|
|
local desc="Ensure auditing is configured for Docker files and directories - docker.socket (Scored)"
|
|
local remediation="Install and configure auditd using command \'sudo apt-get install auditd\'. Add \'-w $(systemctl show -p FragmentPath docker.socket | sed 's/.*=//') -k docker\' to the \'/etc/audit/rules.d/audit.rules\' file. Then restart the audit daemon using command \'service auditd restart\'."
|
|
local remediationImpact="Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions."
|
|
local check="$id - $desc"
|
|
starttestjson "$id" "$desc"
|
|
|
|
totalChecks=$((totalChecks + 1))
|
|
file="$(get_service_file docker.socket)"
|
|
if [ -e "$file" ]; then
|
|
if command -v auditctl >/dev/null 2>&1; then
|
|
if auditctl -l | grep "$file" >/dev/null 2>&1; then
|
|
pass "$check"
|
|
resulttestjson "PASS"
|
|
currentScore=$((currentScore + 1))
|
|
else
|
|
warn "$check"
|
|
saveRemediation --id "${id}" --rem "${remediation}" --imp "${remediationImpact}"
|
|
resulttestjson "WARN"
|
|
currentScore=$((currentScore - 1))
|
|
fi
|
|
elif grep -s "$file" "$auditrules" | grep "^[^#;]" 2>/dev/null 1>&2; then
|
|
pass "$check"
|
|
resulttestjson "PASS"
|
|
currentScore=$((currentScore + 1))
|
|
else
|
|
warn "$check"
|
|
saveRemediation --id "${id}" --rem "${remediation}" --imp "${remediationImpact}"
|
|
resulttestjson "WARN"
|
|
currentScore=$((currentScore - 1))
|
|
fi
|
|
else
|
|
info "$check"
|
|
info " * File not found"
|
|
saveRemediation --id "${id}" --rem "${remediation}" --imp "${remediationImpact}"
|
|
resulttestjson "INFO" "File not found"
|
|
currentScore=$((currentScore + 0))
|
|
fi
|
|
}
|
|
|
|
# 1.2.8
|
|
check_1_2_8() {
|
|
local id="1.2.8"
|
|
local desc="Ensure auditing is configured for Docker files and directories - /etc/default/docker (Scored)"
|
|
local remediation="Install and configure auditd using command \'sudo apt-get install auditd\'. Add \'-w /etc/default/docker -k docker\' to the \'/etc/audit/rules.d/audit.rules\' file. Then restart the audit daemon using command \'service auditd restart\'."
|
|
local remediationImpact="Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions."
|
|
local check="$id - $desc"
|
|
starttestjson "$id" "$desc"
|
|
|
|
totalChecks=$((totalChecks + 1))
|
|
file="/etc/default/docker"
|
|
if [ -f "$file" ]; then
|
|
if command -v auditctl >/dev/null 2>&1; then
|
|
if auditctl -l | grep $file >/dev/null 2>&1; then
|
|
pass "$check"
|
|
resulttestjson "PASS"
|
|
currentScore=$((currentScore + 1))
|
|
else
|
|
warn "$check"
|
|
saveRemediation --id "${id}" --rem "${remediation}" --imp "${remediationImpact}"
|
|
resulttestjson "WARN"
|
|
currentScore=$((currentScore - 1))
|
|
fi
|
|
elif grep -s "$file" "$auditrules" | grep "^[^#;]" 2>/dev/null 1>&2; then
|
|
pass "$check"
|
|
resulttestjson "PASS"
|
|
currentScore=$((currentScore + 1))
|
|
else
|
|
warn "$check"
|
|
saveRemediation --id "${id}" --rem "${remediation}" --imp "${remediationImpact}"
|
|
resulttestjson "WARN"
|
|
currentScore=$((currentScore - 1))
|
|
fi
|
|
else
|
|
info "$check"
|
|
info " * File not found"
|
|
saveRemediation --id "${id}" --rem "${remediation}" --imp "${remediationImpact}"
|
|
resulttestjson "INFO" "File not found"
|
|
currentScore=$((currentScore + 0))
|
|
fi
|
|
}
|
|
|
|
# 1.2.9
|
|
check_1_2_9() {
|
|
local id="1.2.9"
|
|
local desc="Ensure auditing is configured for Docker files and directories - /etc/sysconfig/docker (Scored)"
|
|
local remediation="Install and configure auditd using command \'sudo apt-get install auditd\'. Add \'-w /etc/sysconfig/docker -k docker\' to the \'/etc/audit/rules.d/audit.rules\' file. Then restart the audit daemon using command \'service auditd restart\'."
|
|
local remediationImpact="Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions."
|
|
local check="$id - $desc"
|
|
starttestjson "$id" "$desc"
|
|
|
|
totalChecks=$((totalChecks + 1))
|
|
file="/etc/sysconfig/docker"
|
|
if [ -f "$file" ]; then
|
|
if command -v auditctl >/dev/null 2>&1; then
|
|
if auditctl -l | grep $file >/dev/null 2>&1; then
|
|
pass "$check"
|
|
resulttestjson "PASS"
|
|
currentScore=$((currentScore + 1))
|
|
else
|
|
warn "$check"
|
|
saveRemediation --id "${id}" --rem "${remediation}" --imp "${remediationImpact}"
|
|
resulttestjson "WARN"
|
|
currentScore=$((currentScore - 1))
|
|
fi
|
|
elif grep -s "$file" "$auditrules" | grep "^[^#;]" 2>/dev/null 1>&2; then
|
|
pass "$check"
|
|
resulttestjson "PASS"
|
|
currentScore=$((currentScore + 1))
|
|
else
|
|
warn "$check"
|
|
saveRemediation --id "${id}" --rem "${remediation}" --imp "${remediationImpact}"
|
|
resulttestjson "WARN"
|
|
currentScore=$((currentScore - 1))
|
|
fi
|
|
else
|
|
info "$check"
|
|
info " * File not found"
|
|
saveRemediation --id "${id}" --rem "${remediation}" --imp "${remediationImpact}"
|
|
resulttestjson "INFO" "File not found"
|
|
currentScore=$((currentScore + 0))
|
|
fi
|
|
}
|
|
|
|
# 1.2.10
|
|
check_1_2_10() {
|
|
local id="1.2.10"
|
|
local desc="Ensure auditing is configured for Docker files and directories - /etc/docker/daemon.json (Scored)"
|
|
local remediation="Install and configure auditd using command \'sudo apt-get install auditd\'. Add \'-w /etc/docker/daemon.json -k docker\' to the \'/etc/audit/rules.d/audit.rules\' file. Then restart the audit daemon using command \'service auditd restart\'."
|
|
local remediationImpact="Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions."
|
|
local check="$id - $desc"
|
|
starttestjson "$id" "$desc"
|
|
|
|
totalChecks=$((totalChecks + 1))
|
|
file="/etc/docker/daemon.json"
|
|
if [ -f "$file" ]; then
|
|
if command -v auditctl >/dev/null 2>&1; then
|
|
if auditctl -l | grep $file >/dev/null 2>&1; then
|
|
pass "$check"
|
|
resulttestjson "PASS"
|
|
currentScore=$((currentScore + 1))
|
|
else
|
|
warn "$check"
|
|
saveRemediation --id "${id}" --rem "${remediation}" --imp "${remediationImpact}"
|
|
resulttestjson "WARN"
|
|
currentScore=$((currentScore - 1))
|
|
fi
|
|
elif grep -s "$file" "$auditrules" | grep "^[^#;]" 2>/dev/null 1>&2; then
|
|
pass "$check"
|
|
resulttestjson "PASS"
|
|
currentScore=$((currentScore + 1))
|
|
else
|
|
warn "$check"
|
|
saveRemediation --id "${id}" --rem "${remediation}" --imp "${remediationImpact}"
|
|
resulttestjson "WARN"
|
|
currentScore=$((currentScore - 1))
|
|
fi
|
|
else
|
|
info "$check"
|
|
info " * File not found"
|
|
saveRemediation --id "${id}" --rem "${remediation}" --imp "${remediationImpact}"
|
|
resulttestjson "INFO" "File not found"
|
|
currentScore=$((currentScore + 0))
|
|
fi
|
|
}
|
|
|
|
# 1.2.11
|
|
check_1_2_11() {
|
|
local id="1.2.11"
|
|
local desc="Ensure auditing is configured for Docker files and directories - /usr/bin/containerd (Scored)"
|
|
local remediation="Install and configure auditd using command \'sudo apt-get install auditd\'. Add \'-w /usr/bin/containerd -k docker\' to the \'/etc/audit/rules.d/audit.rules\' file. Then restart the audit daemon using command \'service auditd restart\'."
|
|
local remediationImpact="Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions."
|
|
local check="$id - $desc"
|
|
starttestjson "$id" "$desc"
|
|
|
|
totalChecks=$((totalChecks + 1))
|
|
file="/usr/bin/containerd"
|
|
if [ -f "$file" ]; then
|
|
if command -v auditctl >/dev/null 2>&1; then
|
|
if auditctl -l | grep $file >/dev/null 2>&1; then
|
|
pass "$check"
|
|
resulttestjson "PASS"
|
|
currentScore=$((currentScore + 1))
|
|
else
|
|
warn "$check"
|
|
saveRemediation --id "${id}" --rem "${remediation}" --imp "${remediationImpact}"
|
|
resulttestjson "WARN"
|
|
currentScore=$((currentScore - 1))
|
|
fi
|
|
elif grep -s "$file" "$auditrules" | grep "^[^#;]" 2>/dev/null 1>&2; then
|
|
pass "$check"
|
|
resulttestjson "PASS"
|
|
currentScore=$((currentScore + 1))
|
|
else
|
|
warn "$check"
|
|
saveRemediation --id "${id}" --rem "${remediation}" --imp "${remediationImpact}"
|
|
resulttestjson "WARN"
|
|
currentScore=$((currentScore - 1))
|
|
fi
|
|
else
|
|
info "$check"
|
|
info " * File not found"
|
|
saveRemediation --id "${id}" --rem "${remediation}" --imp "${remediationImpact}"
|
|
resulttestjson "INFO" "File not found"
|
|
currentScore=$((currentScore + 0))
|
|
fi
|
|
}
|
|
|
|
# 1.2.12
|
|
check_1_2_12() {
|
|
local id="1.2.12"
|
|
local desc="Ensure auditing is configured for Docker files and directories - /usr/sbin/runc (Scored)"
|
|
local remediation="Install and configure auditd using command \'sudo apt-get install auditd\'. Add \'-w /usr/sbin/runc -k docker\' to the \'/etc/audit/rules.d/audit.rules\' file. Then restart the audit daemon using command \'service auditd restart\'."
|
|
local remediationImpact="Audit can generate large log files. So you need to make sure that they are rotated and archived periodically. Create a separate partition for audit logs to avoid filling up other critical partitions."
|
|
local check="$id - $desc"
|
|
starttestjson "$id" "$desc"
|
|
|
|
totalChecks=$((totalChecks + 1))
|
|
file="/usr/sbin/runc"
|
|
if [ -f "$file" ]; then
|
|
if command -v auditctl >/dev/null 2>&1; then
|
|
if auditctl -l | grep $file >/dev/null 2>&1; then
|
|
pass "$check"
|
|
resulttestjson "PASS"
|
|
currentScore=$((currentScore + 1))
|
|
else
|
|
warn "$check"
|
|
saveRemediation --id "${id}" --rem "${remediation}" --imp "${remediationImpact}"
|
|
resulttestjson "WARN"
|
|
currentScore=$((currentScore - 1))
|
|
fi
|
|
elif grep -s "$file" "$auditrules" | grep "^[^#;]" 2>/dev/null 1>&2; then
|
|
pass "$check"
|
|
resulttestjson "PASS"
|
|
currentScore=$((currentScore + 1))
|
|
else
|
|
warn "$check"
|
|
saveRemediation --id "${id}" --rem "${remediation}" --imp "${remediationImpact}"
|
|
resulttestjson "WARN"
|
|
currentScore=$((currentScore - 1))
|
|
fi
|
|
else
|
|
info "$check"
|
|
info " * File not found"
|
|
saveRemediation --id "${id}" --rem "${remediation}" --imp "${remediationImpact}"
|
|
resulttestjson "INFO" "File not found"
|
|
currentScore=$((currentScore + 0))
|
|
fi
|
|
}
|
|
|
|
check_1_end() {
|
|
endsectionjson
|
|
}
|