File size: 1,100 Bytes
3a5cf48 | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 | #!/usr/bin/python
#coding: utf-8
import os, re, public
_title = '是否启用Docker日志审计检查'
_version = 1.0 # 版本
_ps = "是否启用Docker日志审计检查" # 描述
_level = 0 # 风险级别: 1.提示(低) 2.警告(中) 3.危险(高)
_date = '2023-03-13' # 最后更新时间
_ignore = os.path.exists("data/warning/ignore/sw_audit_docker.pl")
_tips = [
"在【/etc/audit/rules.d/audit.rules】文件中添加-w /usr/bin/docker -k docker",
"重启auditd进程systemctl restart auditd"
]
_help = ''
def check_run():
'''
@name 开始检测
@return tuple (status<bool>,msg<string>)
'''
audit_path = '/etc/audit/audit.rules'
if not os.path.exists(audit_path):
return False, '有风险,未安装auditd审计工具'
# auditctl -l命令列出当前auditd规则,匹配是否有对docker做审计记录
result = public.ExecShell('auditctl -l')[0].strip()
rep = '/usr/bin/docker'
if re.search(rep, result):
return True, '无风险'
else:
return False, '有风险,未开启docker审计日志'
|