tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-07-26 23:34:25 +02:00
Code Issues Packages Projects Releases Wiki Activity

Support for Docker container detection

Browse Source
This commit is contained in:
Michael Boelen 2016-10-16 15:13:04 +02:00
parent c0e63699e5
commit d0eae6480d
3 changed files with 35 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
include/consts
View File

@ -77,6 +77,7 @@ unset LANG
CONTROL_URL_APPEND="" CONTROL_URL_APPEND=""
CONTROL_URL_PREPEND="" CONTROL_URL_PREPEND=""
CONTROL_URL_PROTOCOL="" CONTROL_URL_PROTOCOL=""
CONTAINER_TYPE=""
CREATE_REPORT_FILE=1 CREATE_REPORT_FILE=1
CSUMBINARY="" CSUMBINARY=""
CUSTOM_URL_APPEND="" CUSTOM_URL_APPEND=""

26
include/functions
View File

@ -50,6 +50,7 @@
# GetHostID Retrieve an unique ID for this host # GetHostID Retrieve an unique ID for this host
# InsertSection Insert a section block # InsertSection Insert a section block
# InsertPluginSection Insert a section block for plugins # InsertPluginSection Insert a section block for plugins
# IsContainer Determine if program runs in a container
# IsDebug Check if --debug is used # IsDebug Check if --debug is used
# IsDeveloperMode Check if --developer is used # IsDeveloperMode Check if --developer is used
# IsDeveloperVersion Check if program is a developer release # IsDeveloperVersion Check if program is a developer release
@ -1075,6 +1076,31 @@
} }
################################################################################
# Name : IsContainer()
# Description : Determine if we are running in a container
# Returns : Exit code (0 = true, 1 = false)
# CONTAINER_TYPE
################################################################################
IsContainer() {
FOUND=0
if [ /proc/1/cgroups ]; then
FIND=$(cat /proc/1/cgroups | grep -i docker)
if [ $? -eq 0 ]; then
LogText "Result: found Docker in cgroups, so we are running in Docker container"
CONTAINER_TYPE="Docker"; FOUND=1
EXITCODE=0
fi
fi
if [ ${FOUND} -eq 0 ]; then
CONTAINER_TYPE=""
EXITCODE=1
fi
return ${EXITCODE}
}
################################################################################ ################################################################################
# Name : IsDebug() # Name : IsDebug()
# Description : Check if --debug option is used to show more details # Description : Check if --debug option is used to show more details

8
lynis
View File

@ -750,6 +750,14 @@ ${NORMAL}
# #
# Use hardware detection capabilities # Use hardware detection capabilities
IsVirtualMachine IsVirtualMachine
if IsContainer; then
LogText "Result: ${PROGRAM_NAME} is running in container (${CONTAINER_TYPE})"
Report "container=1"
Report "container_type=${CONTAINER_TYPE}"
else
LogText "Result: ${PROGRAM_NAME} is not running in container"
Report "container=0"
fi
IsNotebook IsNotebook
# #
################################################################################# #################################################################################