Class: ContainerFileSystemShadow

Inherits:
Dockscan::Modules::AuditModule show all
Defined in:
lib/dockscan/modules/audit/container-filesystem-shadow.rb

Instance Attribute Summary

Attributes inherited from Dockscan::Modules::AuditModule

#scandata

Instance Method Summary collapse

Methods inherited from Dockscan::Modules::AuditModule

#idcontainer

Methods inherited from Dockscan::Modules::GenericModule

inherited, modules

Instance Method Details

#check(dockercheck) ⇒ Object 



7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
 
# File 'lib/dockscan/modules/audit/container-filesystem-shadow.rb', line 7

def check(dockercheck)
  sp=Dockscan::Scan::Plugin.new
  si=Dockscan::Scan::Issue.new
  si.title="Container have passwordless users in shadow"
  si.description="Container have vulnerable entries in /etc/shadow.\nIt allows attacker to login or switch to user without password."
  si.solution="It is recommended to set password for user or to lock user account."
  si.severity=6 # High
  si.risk = { "cvss" => 7.5 } 
  sp.vuln=si 
  sp.output=""
  if scandata.key?("GetContainers") and not scandata["GetContainers"].obj.empty?
    sp.state="run"
    scandata["GetContainers"].obj.each do |container|
      content=''
      container.copy('/etc/shadow') { |chunk| content=content+chunk }
      shcontent=''
      Gem::Package::TarReader.new(StringIO.new(content)) { |t| shcontent=t.first.read }
      # shcontent.split("\n").each do |line|
      shcontent.lines.map(&:chomp).each do |line|
        shfield=line.split(":")
        if shfield[1].to_s=='' then
          sp.state="vulnerable"
          sp.output << idcontainer(container) << " does not have password set for user: #{shfield[0]}\n"
        end
      end
    end
  end
  return sp
end

#infoObject 



3
4
5
 
# File 'lib/dockscan/modules/audit/container-filesystem-shadow.rb', line 3

def info
  return 'This plugin checks /etc/shadow for problems'
end