class ContainerFileSystemShadow

Public Instance Methods

check(dockercheck) click to toggle source
# File lib/dockscan/modules/audit/container-filesystem-shadow.rb, line 7
def check(dockercheck)
        sp=Dockscan::Scan::Plugin.new
        si=Dockscan::Scan::Issue.new
        si.title="Container have passwordless users in shadow"
        si.description="Container have vulnerable entries in /etc/shadow.\nIt allows attacker to login or switch to user without password."
        si.solution="It is recommended to set password for user or to lock user account."
        si.severity=6 # High
        si.risk = { "cvss" => 7.5 } 
        sp.vuln=si    
        sp.output=""
        if scandata.key?("GetContainers") and not scandata["GetContainers"].obj.empty?
                sp.state="run"
                scandata["GetContainers"].obj.each do |container|
                        content=''
                        container.copy('/etc/shadow') { |chunk| content=content+chunk }
                        shcontent=''
                        Gem::Package::TarReader.new(StringIO.new(content)) { |t| shcontent=t.first.read }
                        # shcontent.split("\n").each do |line|
                        shcontent.lines.map(&:chomp).each do |line|
                                shfield=line.split(":")
                                if shfield[1].to_s=='' then
                                        sp.state="vulnerable"
                                        sp.output << idcontainer(container) << " does not have password set for user: #{shfield[0]}\n"
                                end
                        end
                end
        end
        return sp
end
info() click to toggle source
# File lib/dockscan/modules/audit/container-filesystem-shadow.rb, line 3
def info
        return 'This plugin checks /etc/shadow for problems'
end