GuillaumeHemmen/docker-bench-security
1
0
Fork 0
mirror of https://github.com/docker/docker-bench-security.git synced 2024-11-01 08:31:44 +01:00
Code Issues Projects Releases Packages Wiki Activity
docker-bench-security/helper_lib.sh
Thomas Sjögren 4e414f51ef check /etc/systemd/system/ before systemctl, /usr/lib/systemd/ fallback 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
2015-12-14 20:27:10 +01:00

99 lines
3 KiB
Bash
Raw Blame History

#!/bin/sh
# Returns the absolute path of a given string
abspath () { case "$1" in /*)printf "%s\n" "$1";; *)printf "%s\n" "$PWD/$1";; esac; }
# Compares versions of software of the format X.Y.Z
do_version_check() {
[ "$1" = "$2" ] && return 10
ver1front=$(printf "%s" "$1" | cut -d "." -f -1)
ver1back=$(printf "%s" "$1" | cut -d "." -f 2-)
ver2front=$(printf "%s" "$2" | cut -d "." -f -1)
ver2back=$(printf "%s" "$2" | cut -d "." -f 2-)
if [ "$ver1front" != "$1" ] || [ "$ver2front" != "$2" ]; then
[ "$ver1front" -gt "$ver2front" ] && return 11
[ "$ver1front" -lt "$ver2front" ] && return 9
[ "$ver1front" = "$1" ] || [ -z "$ver1back" ] && ver1back=0
[ "$ver2front" = "$2" ] || [ -z "$ver2back" ] && ver2back=0
do_version_check "$ver1back" "$ver2back"
return $?
else
[ "$1" -gt "$2" ] && return 11 || return 9
fi
}
# Compares two strings and returns 0 if the second is a substring of the first
contains() {
string="$1"
substring="$2"
if [ "${string#*$substring}" != "$string" ]
then
return 0 # $substring is in $string
else
return 1 # $substring is not in $string
fi
}
# Extracts all commandline args from the oldest running processes named like the first parameter
get_command_line_args() {
PROC="$1"
for PID in $(pgrep -x -o "$PROC")
do
tr "\0" " " < /proc/"$PID"/cmdline
done
}
# Extract the cumulative command line arguments for the docker daemon
#
# If specified multiple times, all matches are returned.
# Accounts for long and short variants, call with short option.
# Does not account for option defaults or implicit options.
get_docker_cumulative_command_line_args() {
OPTION="$1"
get_command_line_args docker |
# normalize known long options to their short versions
sed \
-e 's/\-\-debug/-D/g' \
-e 's/\-\-host/-H/g' \
-e 's/\-\-log-level/-l/g' \
-e 's/\-\-version/-v/g' \
|
# normalize parameters separated by space(s) to -O=VALUE
sed \
-e 's/\-\([DHlv]\)[= ]\([^- ][^ ]\)/-\1=\2/g' \
|
# get the last interesting option
tr ' ' "\n" |
grep "^${OPTION}" |
# normalize quoting of values
sed \
-e 's/"//g' \
-e "s/'//g"
}
# Extract the effective command line arguments for the docker daemon
#
# Accounts for multiple specifications, takes the last option.
# Accounts for long and short variants, call with short option
# Does not account for option default or implicit options.
get_docker_effective_command_line_args() {
OPTION="$1"
get_docker_cumulative_command_line_args $OPTION | tail -n1
}
get_systemd_service_file(){
SERVICE="$1"
if [ -f "/etc/systemd/system/$SERVICE" ]; then
echo "/etc/systemd/system/$SERVICE"
elif systemctl show -p FragmentPath "$SERVICE" 2> /dev/null 1>&2; then
systemctl show -p FragmentPath "$SERVICE" | sed 's/.*=//'
else
echo "/usr/lib/systemd/system/$SERVICE"
fi
}
Reference in a new issue View git blame Copy permalink