Permalink
Browse files

add note tag on informal checks

Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
  • Loading branch information...
konstruktoid committed Mar 23, 2017
1 parent 3ba6138 commit a97bdfbe0d4e1cd7a2e841344d6802a9f41fd85b
View
@@ -21,6 +21,10 @@ warn () {
printf "%b\n" "${bldred}[WARN]${txtrst} $1" | tee -a "$logger"
}
note () {
printf "%b\n" "${bldylw}[NOTE]${txtrst} $1" | tee -a "$logger"
}
yell () {
printf "%b\n" "${bldylw}$1${txtrst}\n"
}
@@ -14,7 +14,7 @@ fi
# 1.2
check_1_2="1.2 - Harden the container host"
info "$check_1_2"
note "$check_1_2"
# 1.3
check_1_3="1.3 - Keep Docker up to date"
@@ -285,4 +285,4 @@ fi
# 2.24
check_2_24="2.24 - Rotate swarm manager auto-lock key periodically"
info "$check_2_24"
note "$check_2_24"
@@ -42,15 +42,15 @@ images=$(docker images -q)
# 4.2
check_4_2="4.2 - Use trusted base images for containers"
info "$check_4_2"
note "$check_4_2"
# 4.3
check_4_3="4.3 - Do not install unnecessary packages in the container"
info "$check_4_3"
note "$check_4_3"
# 4.4
check_4_4="4.4 - Scan and rebuild the images to include security patches"
info "$check_4_4"
note "$check_4_4"
# 4.5
check_4_5="4.5 - Enable Content trust for Docker"
@@ -100,7 +100,7 @@ fi
# 4.8
check_4_8="4.8 - Remove setuid and setgid permissions in the images"
info "$check_4_8"
note "$check_4_8"
# 4.9
check_4_9="4.9 - Use COPY instead of ADD in Dockerfile"
@@ -124,8 +124,8 @@ fi
# 4.10
check_4_10="4.10 - Do not store secrets in Dockerfiles"
info "$check_4_10"
note "$check_4_10"
# 4.11
check_4_11="4.11 - Install verified packages only"
info "$check_4_11"
note "$check_4_11"
@@ -213,7 +213,7 @@ else
# 5.8
check_5_8="5.8 - Open only needed ports on container"
info "$check_5_8"
note "$check_5_8"
# 5.9
check_5_9="5.9 - Do not share the host's network namespace"
@@ -521,11 +521,11 @@ else
# 5.22
check_5_22="5.22 - Do not docker exec commands with privileged option"
info "$check_5_22"
note "$check_5_22"
# 5.23
check_5_23="5.23 - Do not docker exec commands with user option"
info "$check_5_23"
note "$check_5_23"
# 5.24
check_5_24="5.24 - Confirm cgroup usage"

0 comments on commit a97bdfb

Please sign in to comment.