GuillaumeHemmen/docker-bench-security
1
0
Fork 0
mirror of https://github.com/docker/docker-bench-security.git synced 2025-01-19 00:32:34 +01:00
Code Issues Projects Releases Packages Wiki Activity
docker-bench-security/tests/99_community_checks.sh
Razvan Stoica 7144b947de Tests update
2021-03-16 10:05:49 +02:00

77 lines
2 KiB
Bash
Raw Blame History

#!/bin/sh
check_c() {
logit ""
local id="99"
local desc="Community contributed checks"
checkHeader="$id - $desc"
info "$checkHeader"
startsectionjson "$id" "$desc"
}
check_c_1() {
local id="C.1"
local desc="This is a example check for a Scored check"
local check="$id - $desc"
starttestjson "$id" "$desc"
if docker info --format='{{ .Architecture }}' | grep 'x86_64' 2>/dev/null 1>&2; then
pass -s "$check"
logcheckresult "PASS"
elif docker info --format='{{ .Architecture }}' | grep 'aarch64' 2>/dev/null 1>&2; then
info -c "$check"
logcheckresult "INFO"
else
warn -s "$check"
logcheckresult "WARN"
fi
}
check_c_1_1() {
local id="C.1.1"
local desc="This is a example check for a Not Scored check"
local check="$id - $desc"
starttestjson "$id" "$desc"
if docker info --format='{{ .Architecture }}' | grep 'x86_64' 2>/dev/null 1>&2; then
pass -c "$check"
logcheckresult "PASS"
elif docker info --format='{{ .Architecture }}' | grep 'aarch64' 2>/dev/null 1>&2; then
info -c "$check"
logcheckresult "INFO"
else
warn -c "$check"
logcheckresult "WARN"
fi
}
check_c_2() {
docker_version=$(docker version | grep -i -A2 '^server' | grep ' Version:' \
| awk '{print $NF; exit}' | tr -d '[:alpha:]-,.' | cut -c 1-4)
local id="C.2"
local desc="Ensure operations on legacy registry (v1) are Disabled"
local check="$id - $desc"
starttestjson "$id" "$desc"
if [ "$docker_version" -lt 1712 ]; then
if get_docker_configuration_file_args 'disable-legacy-registry' | grep 'true' >/dev/null 2>&1; then
pass -s "$check"
logcheckresult "PASS"
elif get_docker_effective_command_line_args '--disable-legacy-registry' | grep "disable-legacy-registry" >/dev/null 2>&1; then
pass -s "$check"
logcheckresult "PASS"
else
warn -s "$check"
logcheckresult "WARN"
fi
else
local desc="$desc (Deprecated)"
local check="$id - $desc"
info -c "$check"
logcheckresult "INFO"
fi
}
check_c_end() {
endsectionjson
}
Reference in a new issue View git blame Copy permalink