Permalink
Browse files

add -e option to exclude checks

Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
  • Loading branch information...
konstruktoid committed May 10, 2018
1 parent d03f699 commit f78145214a6195efaf64f91b94d58f13964e26a9
Showing with 12 additions and 5 deletions.
  1. +2 −1 README.md
  2. +10 −4 docker-bench-security.sh
@@ -51,7 +51,8 @@ version 1.13.0 or later.
-h optional Print this help message
-l FILE optional Log output in FILE
-c CHECK optional Comma delimited list of specific check(s)
-x EXCLUDE optional Comma delimited list of patterns within a container to exclude from check
-e CHECK optional Comma delimited list of specific check(s) to exclude
-x EXCLUDE optional Comma delimited list of patterns within a container name to exclude from check
```
By default the Docker Bench for Security script will run all available CIS tests
@@ -38,19 +38,21 @@ usage () {
-h optional Print this help message
-l FILE optional Log output in FILE
-c CHECK optional Comma delimited list of specific check(s)
-e CHECK optional Comma delimited list of specific check(s) to exclude
-x EXCLUDE optional Comma delimited list of patterns within a container name to exclude from check
EOF
}
# Get the flags
# If you add an option here, please
# remember to update usage() above.
while getopts hl:c:x: args
while getopts hl:c:e:x: args
do
case $args in
h) usage; exit 0 ;;
l) logger="$OPTARG" ;;
c) check="$OPTARG" ;;
e) checkexclude="$OPTARG" ;;
x) exclude="$OPTARG" ;;
*) usage; exit 1 ;;
esac
@@ -121,11 +123,15 @@ main () {
. ./"$test"
done
if [ -z "$check" ]; then
if [ -z "$check" ] && [ ! "$checkexclude" ] ; then
cis
elif [ -z "$check" ] && [ "$checkexclude" ]; then
checkexcluded="$(echo $checkexclude | sed 's/,/|/g')"
for c in $(grep 'check_[0-9]_' functions_lib.sh | grep -vE "$checkexcluded"); do
"$c"
done
else
for i in $(echo "$check" | sed "s/,/ /g")
do
for i in $(echo "$check" | sed "s/,/ /g"); do
if command -v "$i" 2>/dev/null 1>&2; then
"$i"
else

0 comments on commit f781452

Please sign in to comment.