GuillaumeHemmen/docker-bench-security
1
0
Fork 0
mirror of https://github.com/docker/docker-bench-security.git synced 2025-01-18 16:22:33 +01:00
Code Issues Projects Releases Packages Wiki Activity
docker-bench-security/tests/8_docker_enterprise_configuration.sh
Thomas Sjögren 0cac0e339d catch community editions 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
2019-08-29 10:29:38 +02:00

181 lines
3.8 KiB
Bash
Raw Blame History

#!/bin/sh
check_8() {
logit "\n"
id_8="8"
desc_8="Docker Enterprise Configuration"
check_8="$id_8 - $desc_8"
info "$check_8"
startsectionjson "$id_8" "$desc_8"
}
check_product_license() {
if docker version | grep -Eqi '^Server.*Community$|Version.*-ce$'; then
info " * Community Engine license, skipping section 8"
enterprise_license=0
else
enterprise_license=1
fi
}
check_8_1() {
if [ "$enterprise_license" -ne 1 ]; then
return
fi
id_8_1="8.1"
desc_8_1="Universal Control Plane Configuration"
check_8_1="$id_8_1 - $desc_8_1"
info "$check_8_1"
}
# 8.1.1
check_8_1_1() {
if [ "$enterprise_license" -ne 1 ]; then
return
fi
id_8_1_1="8.1.1"
desc_8_1_1="Configure the LDAP authentication service"
check_8_1_1="$id_8_1_1 - $desc_8_1_1"
starttestjson "$id_8_1_1" "$desc_8_1_1"
totalChecks=$((totalChecks + 1))
note "$check_8_1_1"
resulttestjson "INFO"
currentScore=$((currentScore + 0))
}
# 8.1.2
check_8_1_2() {
if [ "$enterprise_license" -ne 1 ]; then
return
fi
id_8_1_2="8.1.2"
desc_8_1_2="Use external certificates"
check_8_1_2="$id_8_1_2 - $desc_8_1_2"
starttestjson "$id_8_1_2" "$desc_8_1_2"
totalChecks=$((totalChecks + 1))
note "$check_8_1_2"
resulttestjson "INFO"
currentScore=$((currentScore + 0))
}
# 8.1.3
check_8_1_3() {
if [ "$enterprise_license" -ne 1 ]; then
return
fi
id_8_1_3="8.1.3"
desc_8_1_3="Enforce the use of client certificate bundles for unprivileged users"
check_8_1_3="$id_8_1_3 - $desc_8_1_3"
starttestjson "$id_8_1_3" "$desc_8_1_3"
totalChecks=$((totalChecks + 1))
note "$check_8_1_3"
resulttestjson "INFO"
currentScore=$((currentScore + 0))
}
# 8.1.4
check_8_1_4() {
if [ "$enterprise_license" -ne 1 ]; then
return
fi
id_8_1_4="8.1.4"
desc_8_1_4="Configure applicable cluster role-based access control policies"
check_8_1_4="$id_8_1_4 - $desc_8_1_4"
starttestjson "$id_8_1_4" "$desc_8_1_4"
totalChecks=$((totalChecks + 1))
note "$check_8_1_4"
resulttestjson "INFO"
currentScore=$((currentScore + 0))
}
# 8.1.5
check_8_1_5() {
if [ "$enterprise_license" -ne 1 ]; then
return
fi
id_8_1_5="8.1.5"
desc_8_1_5="Enable signed image enforcement"
check_8_1_5="$id_8_1_5 - $desc_8_1_5"
starttestjson "$id_8_1_5" "$desc_8_1_5"
totalChecks=$((totalChecks + 1))
note "$check_8_1_5"
resulttestjson "INFO"
currentScore=$((currentScore + 0))
}
# 8.1.6
check_8_1_6() {
if [ "$enterprise_license" -ne 1 ]; then
return
fi
id_8_1_6="8.1.6"
desc_8_1_6="Set the Per-User Session Limit to a value of '3' or lower"
check_8_1_6="$id_8_1_6 - $desc_8_1_6"
starttestjson "$id_8_1_6" "$desc_8_1_6"
totalChecks=$((totalChecks + 1))
note "$check_8_1_6"
resulttestjson "INFO"
currentScore=$((currentScore + 0))
}
# 8.1.7
check_8_1_7() {
if [ "$enterprise_license" -ne 1 ]; then
return
fi
id_8_1_7="8.1.7"
desc_8_1_7="Set the 'Lifetime Minutes' and 'Renewal Threshold Minutes' values to '15' or lower and '0' respectively"
check_8_1_7="$id_8_1_7 - $desc_8_1_7"
starttestjson "$id_8_1_7" "$desc_8_1_7"
totalChecks=$((totalChecks + 1))
note "$check_8_1_7"
resulttestjson "INFO"
currentScore=$((currentScore + 0))
}
check_8_2() {
if [ "$enterprise_license" -ne 1 ]; then
return
fi
logit "\n"
id_8_2="8.2"
desc_8_2="Docker Trusted Registry Configuration"
check_8_2="$id_8_2 - $desc_8_2"
info "$check_8_2"
}
check_8_2_1() {
if [ "$enterprise_license" -ne 1 ]; then
return
fi
id_8_2_1="8.2.1"
desc_8_2_1="Enable image vulnerability scanning"
check_8_2_1="$id_8_2_1 - $desc_8_2_1"
starttestjson "$id_8_2_1" "$desc_8_2_1"
totalChecks=$((totalChecks + 1))
note "$check_8_2_1"
resulttestjson "INFO"
currentScore=$((currentScore + 0))
}
check_8_end() {
endsectionjson
}
Reference in a new issue View git blame Copy permalink